Cyber Risk Management includes the utilization of organizational strategies to preserve the integrity of information and corporate intangible assets.
As businesses continue to turn to virtual organizations, connected information systems, and outsourcing (offsite hosting/storage, contract employees, etc.) to drive business strategy, these new ways of doing business increases the vulnerabilities to corporate assets.
When a corporate network, connected to the outside world, becomes compromised, the resulting damage can be tremendous, in today’s networking world, damages and security breaches to one computer can potentially lead to meaningful financial losses throughout an entire networking community.
What will happen if your computer network goes down or is compromised? What will be the consequences? Have you considered the additional effects of losses to your network that could be incurred down the line? You are the only one whom can answer these questions in regards to your worst case scenarios.
The overall risk management efforts of a company must proactively address these vulnerabilities and scenarios. We at INSUREtrust ask these questions in order to assist you in developing and evaluating your responses to these difficult situations and help to create efficient solutions.
The Business Case for Cyber Liability Coverage
A company’s networks carry a unique loss potential. The potential exists for hackers/crackers, viruses and malicious code to cause damage throughout the entire virtual enterprise. As your company becomes increasingly dependent upon the Internet you face a new class of threats to your balance sheet and income statement. These loss potentials are unlikely to be covered by traditional insurance.
The most common threats are as follows:
Activities by a hacker to a third party whom alleges damages, including:
- Accesses your computer to send a virus.
- Accesses your computer system to release sensitive customer data.
- Launches an attack that shuts down your computer system.
- Accesses your network and launches an attack.
- Accesses your network and transfers money or credit card information you are holding.
Activities by a hacker to first party whom alleges damages, including:
- Deletes data or alters your data and you incur costs to reproduce the data and lost income.
- Sends a virus to your system and you suffer damages to data and lost income.
- Gains access to your network and causes an electronic transfer of your funds to his/her account.
- Extorts money by threatening to divulge sensitive data he/she collected over your network.
- Changes all of your passwords and locks you out of your network.
- Launches a Denial of Service (DOS) attack which makes it impossible to sell products over your website.
- If you have a website, a third party may allege that you have published their copyrighted material.
- If you are a financial institution or deal with patient records, you could have significant defense costs associated with an administrative action under GLB or HIPAA regulations.
- If you sell internet access services to a third party and they allege they were denied access.
- If you sell software to a third party that alleges damages as a result of software malfunction.
The Common Cyber Risks to your Business
A company’s networks carry a unique loss potential. The potential exists for hackers/crackers, viruses and malicious code to cause damage throughout the entire virtual enterprise. The damage to your own computer system can also have a dramatic impact on your corporate stakeholders. The company may experience direct damage (First Party) or liability claims (Third Party). In either case, the security breach in your system may cause untold damage to others linked to your system who depend on your stability.
If your system becomes the point of compromise, you have a fiduciary responsibility to protect your corporate stakeholders at all cost:
- Customers – If your company releases sensitive customer information, how can they be damaged? What will be the impact on your relationship going forward.
- Suppliers/Vendors – If a hacker uses your system to attack your supplier, how will they respond? Will they initiate a retaliation attack? How will the relationship survive?
- Executives/Board of Directors – What will be the cost of embarrassment and humiliation to your board of directors and corporate executives? How will they shoulder the responsibility for e-business interruption?
- Shareholders/Investors – if your e-business fails, how will your shareholders and investors respond? How could your e-business activities harm the trust between you and your financial backers?
- General Public – If users on your system send out malicious code, what will be the impact on the rest of the Internet? How could your e-business activities harm innocent users in your country and around the world?
It is no longer enough to think about cyber risk management after the fact. INSUREtrust serves to protect corporate stakeholders from cyber liabilities.
Type of Losses
Many times companies wonder, “What goes wrong when losses are incurred?” Although many of the losses seem to be theoretical, they are very real issues that have occurred to many companies. Only by understanding that losses do occur and how to prevent them, can your company develop a viable cyber risk management program. Some examples of losses include:
- Firewall providers – breach of security due to malfunction in the software.
- Software providers – Damages that are caused due to software malfunction.
- Website Owners – Misuse of copyrighted material.
- A virus is sent to your network causing third party damages.
- Network Owners – hacker actions that cause loss of funds and negatively affects both systems usage and reputation
- Custodians of Confidential Data – Civil action due to unauthorized release of data protected by privacy laws.
- A customer initiates a suit because a computer consultant is alleged to have provided faulty advice which leads to a failed installation. Hacker steals your funds.
- Hackers send a virus which causes lost income and/or damage to data.
- Hacker extorts money by threatening release of confidential data.
- Hacker launches a “Denial of Service” attack to prevent usage of your website and/or damage to your website data.
- Hacker or disgruntled employee changes all passwords locking you out of the network.
For further information on cyber risk management or how INSUREtrust can assist you in setting up a cyber management program for your company, please contact us.