Published on: 17 June 2015 by Romil Motwani
Sony, The White House, The IRS, NASA, JPMorgan, VISA and Yahoo! This may just seem like a random list of corporations and organizations but in fact, these are just a few of the institutions who have been affected by cyber-attacks since 2013.
A cyber-attack targets computer information systems and networks to steal, alter or destroy data by hacking their system. Ever since the first worm was discovered in the late 80’s, cyber-attacks have become an increasing issue in the technology world. Invasions can take on many forms, whether through Distributed Denial of Service (DDoS), Trojans, Worms or Viruses, and it is important to understand the risks of not protecting yourself from such attacks.
CCW Global, Asia’s leading bespoke insurance broker will now investigate cyber-attacks and protection solutions so that you are better protected from the ramifications of a cyber-attack.
Before we delve into the topic of cyber-insurance, let’s explore some of the recent major cyber-attacks.
Cyber-attack capabilities have evolved from just being able to disable computers and system to gaining the ability to steal information from computers, including credit card information, addresses and other sensitive data.
In November 2014, Sony Pictures was the victim of an attack on its personal data storage, with information regarding Sony employees including salaries, e-mails and Social Security numbers along with unreleased films leaked by hackers. This was apparently in retaliation to Sony Pictures’ controversial 2014 film The Interview starring Seth Rogen and James Franco. This resulted in four lawsuits against Sony Pictures as well as lost revenue from the unreleased films, which may lead to losses amounting to millions. In addition to this, Sony had already spent millions on maintaining a firewall network but this was made obsolete by the hackers, which only added to the losses for Sony.
More recently, the White House suffered a security breach by Russian hackers and private information was leaked regarding President Obama’s schedule, which is considered to be highly sensitive. According to White House officials, Russian hackers had been in the State Department system for several months prior to the White House attack which poses a huge security risk for the United States due to the massive amount of sensitive data the State Department has in its system.
The State Department spends millions of dollars of taxpayer money every year on its cyber defense systems and would need to spend millions more to upgrade the system to protect against any future attacks. This uses valuable funds that could be appropriated by the government towards infrastructure improvements or investment opportunities and the State Department is now on the end of a huge backlash by U.S. citizens for not sufficiently protecting its systems.
Another such incident occurred just several weeks ago with the U.S. Internal Revenue Service (IRS). The IRS recently admitted that between February of 2015 and May 2015 there were 100,000 taxpayers’ files compromised in a hack of the IRS’ system. The hackers were able to access the taxpayers’ full tax return forms which has led to these hackers stealing tax returns from the IRS and massive identity theft concerns for owners of the accessed accounts. This poses a huge issue for the IRS, as not only have they lost out on tax revenue from 100,000 taxpayers, but there is the potential for a hack on an even greater scale than this which could cost the U.S. millions, if not billions of dollars and have huge impacts on the economy due to a reduced and insecure revenue stream.
All the organizations listed above have been at the hands of merciless cyber-attacks, and have suffered huge losses as a result. However, if these companies had cyber-insurance they would be able to mitigate the losses from such attacks.
Cyber-insurance addresses the risk of cyber-attacks to any companies’ systems and is said to fill in the gaps of traditional insurance coverage. Cyber-insurance can protect against any loss to third parties as well as individual losses and expenses incurred during the aftermath of the attack. As previously highlighted, cyber-attacks can prove to be extremely expensive and cyber-insurance provides financial protection against such attacks.
If Sony had purchased cyber-insurance, they would be able to pay damages to any employee who had their information leaked and receive compensation for lost profits from the early release of their films, saving them millions of dollars.
If The White House had done the same, they would have gotten reimbursement for any expenses incurred in the aftermath – likely in the form of PR expenses when the government hires an outside NGO to support the administration’s public image following the event. Supposing that the IRS had also purchased cyber protection, they would have received compensation for the stolen taxpayer money from the insurance provider, ensuring that the government’s revenue stream was unaffected and could be invested in making improvements to overall network security. Clearly, the benefits of a cyber-insurance plan are endless in these situations and have the ability to mitigate the financial losses of such an attack.
Unfortunately, no matter how well an IT network is protected, it is only inevitable that it will eventually be compromised. In the words of Iain Lobban, the director of UK intelligence agency GCHQ “There are now three certainties in life, there’s death, there’s taxes and there’s a foreign intelligence service on your system.”
Current attack prevention techniques such as firewalls are quickly becoming outdated due to the increasing sophistication of attacks and innovation is needed in the field of cyber-defense in order to better secure sensitive information. A company like Protectwise is one such innovation leader, but more creativity is needed in order to bolster cyber defense. As the defensive tools evolve to catch digital criminals, so does the criminal’s ability to skirt those defenses – a multi leveled security and risk management architecture which includes both active defense mechanisms and risk management after a penetration event is the only true solution to mitigating cyber risks in the current age.
It is clear then that cyber-insurance is a necessity for providing extensive support and financial assistance in the wake of such attacks, as governments, corporations and individuals alike have seen an increasing number of raids on their private information and lack of protection could cripple the economy with money, social security numbers and credit card information easily stolen over in the internet.
In the Asia-Pacific region, and in Hong Kong specifically, Cyber-attacks are rife. The market for both cyber-defense and cyber-insurance are extremely immature with very few sophisticated cyber-defense providers and a lack of cyber-insurance providers causing huge security issues for the region. Compared to the United States and Europe, there is a lack of awareness on the issue of cyber-protection as although there have been attacks on many organizations and individuals across Asia, the United States is considered to be the region that is most at risk from a cyber-attack. This is because the US is considered to have an overall higher value of information compared to the rest of the world.
However, the vast amount of data in this region should not be neglected as it is still extremely valuable and needs to be adequately protected. The lack of cyber-defense companies and cyber-insurance providers has been capitalized on numerous times with attacks by hacktivist group Anonymous on several Hong Kong government websites during the Occupy Central movement and on The Straits Times in Singapore in response to web censorship regulations in the country. Additionally, the 2010 elections in Burma were severely impacted by DDoS attacks on the country’s servers showing that cyber-strikes are becoming a serious threat in the region. Cyber-attacks have the ability to affect many industries in different manners and these threats provide many reasons why companies and individuals alike should invest in both cyber-protection and cyber-insurance.
The pharmaceutical industry is an extremely lucrative area for hackers to launch attacks on, due to the value of information in companies in the industry. In late 2014, a leading pharmaceutical firm was the victim of a cyber-strike by two Chinese based hacker groups.
It was later discovered that the information stolen consisted of business data including information on bio cultures, products and other details relating to their research and development efforts. This information could easily be used by another pharmaceutical firm to duplicate the manufacture of new drugs without incurring expenses for the R&D of the product. Additionally, Chinese hacker groups have been detected in servers all across the Asia-Pacific region along with India and South Korea, increasing the risk of future cyber-attacks.
With such valuable information at risk, it would be prudent for pharmaceutical companies to invest in cyber-protection and cyber-insurance so that these firms can protect their information and mitigate their losses should their classified information be leaked.
The start-up industry is growing rapidly in the APAC region due to more people coming online with smartphones and computers, creating a booming tech market. Unfortunately, many new businesses are under the misconception that they are not the target of cyber-attacks due to their small size. However, many hackers employ the ‘long-tail’ approach where they target smaller businesses at a mass scale rather than target larger companies. This has resulted in numerous information security breaches for startups over the last year and their plight has recently come to light, drawing more hacker attention to startups.
Start-ups often hold valuable proprietary information that, when stolen through a cyber-attack, can render the entire business as worthless. This is because what was once private information that was key to the company’s operations has now been leaked to the market. With millions of dollars invested in start-ups every year, it is extremely important for start-ups to secure their digital information so that they are protected from potential cyber-attacks – receiving indemnity coverage against the cost of the attack could prove especially especially valuable for a young business, and its investors.
The consequences of cyber-strikes on financial institutions are quite clear due to the sensitive nature of financial data. There are wide-ranging cyber-threats that financial institutions face, and it is important for these organizations to understand these issues and mitigate their risk. Banks have suffered strikes ranging from DDoS attacks to disrupt normal business activity, to Trojans and malware to steal money from the clients of these institutions. As the information at such organizations are arguably the most sensitive among most industries, they are highly prized and should be guarded in order to protect their clients along with the reputation of the organization.
Along with protecting the organization from cyber-attacks, it is key for financial institutions to inform their clients about potential cyber-strikes so that the threat of a security breach is minimized.
Many cyber-strikes occur through fraudulent methods, such as impersonation of a banking official. One such case occurred very recently when a Hong Kong woman had over HK$500,000 taken out of her account after malware was installed on her computer. Another such incident involved a Chinese investor who was approached by a representative of a fraudulent hedge fund on an instant messaging service to invest in gold and foreign currencies.
The investor promptly lost HK$147 million after the representative received the investor’s investment account details .By making clients aware of such risks, the threat of cyber-attacks can be minimized. However, investing in cyber-insurance and cyber-protection is still extremely important for such organizations as the financial implications of a security breach can be massive and can significantly impact the businesses’ operations.
The reputational risks at stake for major financial institutions who have had cyber criminals access their networks cannot be underestimated. Additionally, the costs of forensic networking specialists needed to close potential exposure avenues will be high following a cyber-incursion. Cyber insurance products would allow Financial institutions monetary protection for both of these after-action needs, giving the company valuable time to assure customers that their money is safe.
Clearly cyber-attacks should not be neglected and purchasing cyber-insurance in the Asia-Pacific region can protect fledging businesses, governments and individuals alike from the plethora of risks that stem from computer and information systems.
CCW Global, an expert in cyber-insurance can help to insure you or your business in Hong Kong, China or the rest of the Asia-Pacific area from cyber-attacks. With our insurance professionals, we can provide you with the cyber protection plan you need at the lowest possible cost.
If you would like to receive a free quote on a cyber-insurance plan, please fill in the quotation form at the top of the page. One of our insurance experts will get back to you shortly to discuss your specific needs. You can learn more about our Business insurance quotes by clicking the link.
Should you have any questions regarding cyber-insurance and whether it is right for you, please contact us today!