Cyber Threats - NZ Businesses Unprepared and At Risk

Cyber Threats - New Zealand Businesses Unprepared and At Risk
Chartis launches Asia Pacific’s most comprehensive cyber insurance - CyberEdge
Chartis Insurance New Zealand Ltd, today warned that cyber threats now pose a significant risk to New Zealand businesses.

New Zealand is ranked 4th in the world for cyber attacks[1]. Last year they cost New Zealanders an estimated $625 million[2], with 50 percent of responding New Zealand companies experiencing high levels of cyber attack.[3]. 40 percent of employees receive no cyber security training and the majority of our businesses say they have no cyber attack response plan in place[4].

Chartis Vice President, Asia Pacific and Far East, Ian Pollard said New Zealand businesses are woefully unprepared for cyber risks.

“The financial cost of cyber attacks can be enormous and is growing as our reliance on digital media expands. This can result in lost productivity, legal intervention, lost intellectual property, and reputational damage coupled with the loss of customer confidence.

“More businesses need to know that if customers perceive that their personal details are under threat, they will switch to a competitor.”

Publicly listed companies have further cause for concern, with the average share price drop for notifying the market of a network security breach shown to be five percent.[5]

Global responses to Cyber threats

There has been a 2000 percent increase in cyber attacks over three years with more than 49 percent originating from the Asia Pacific region.[6]

Cyber crime was the 4th largest economic offence for companies worldwide in 2011. In the previous survey, just two years earlier, it was virtually non-existent.[7]
In addition to malicious cyber risks, companies can also fall victim to ‘non-malicious’ cyber events, including massive disruption or system failure, or human error and for which the financial and reputation damage can be just as significant.

Businesses in other countries are already responding to these threats and Chartis Insurance New Zealand’s CEO, Cris Knell is urging local business leaders to take action to meet the same level of preparedness as their counterparts in the United States and other developed OECD economies.

"As New Zealand businesses position themselves to compete and win on the international stage, it is vital that they attain competitive global standards in safeguarding their data and securing their customers’ confidence.

“It’s no coincidence that the World Economic Forum ranked cyber risk as the single largest threat to global infrastructure for 2012, ahead of financial collapse, natural disaster or traditional terrorism,” said Mr Knell.

Safeguarding against Cyber threats

The rise in cyber threats prompted Chartis to develop a new specialised insurance product called CyberEdge, which provides the first comprehensive coverage for cyber attacks and data loss in Asia Pacific. It covers cyber liabilities that most general insurance does not cover.

Launched today, CyberEdge is especially designed to address the consequences of losing corporate information or personal data as a result of either malicious or non-malicious attacks, as well as covering companies’ liability arising from data protection laws. CyberEdge also includes coverage for specialist PR assistance to minimise reputational damage and restore trust in the company following a breach.

“Insurance can give financial protection against cyber risks, helping organisations in New Zealand strengthen their defences against cyber threats.

“We’ve seen some high profile data and privacy leaks in New Zealand hit the headlines recently, some of which may result in compensation and financial damages for the data users. CyberEdge’s comprehensive coverage also provides victims with legal access and assistance with minimising reputational damage 24 hours a day, seven days a week,” said Mr Pollard.

Andy Prow, Managing Director, Aura Information Security comments that there is a pressing need for data protection.

“While companies are becoming more aware of the cyber risks facing them, it is somewhat alarming to note that more than 60 percent of NZ companies use less than five percent of their IT budget on security,” says Mr Prow.

Mr Prow further commented that managing cyber risk can no longer be the sole domain of Information Technology service providers.

“The consequences of cyber attacks are so far reaching that all levels of an organisation from the Chairman down, need to take action to protect against cyber threats.”

Cyber threats and the law
Mark Anderson, a cyber liability insurance law specialist at DAC Beachcroft, has observed that privacy and security legislation is being strengthened by Governments worldwide.
“It is inevitable that New Zealand’s 20-year-old Privacy Act will soon be repealed and re-enacted following a Law Commission review completed last year.
“Proposed changes to NZ’s privacy and cyber crime legislation include the mandatory disclosure to affected individuals of any personal information lost by businesses. There are already a number of jurisdictions, including the United States and Europe, that are forcing organisations to reveal when personal or sensitive information they held electronically has been stolen or lost. Anyone with electronic business or data in those regions face the peril of considerable compliance costs in investigations, reporting and responding to privacy regulators, in addition to the actual cost of the lost, damaged or compromised data. New Zealand businesses need to safeguard those costs with risk management plans and adequate insurance portfolios. ”
Monitoring Cyber threats
Matt Hammond, Senior Manager, Fraud Investigation and Dispute Services, Ernst & Young said Cyber threats range widely in scope and have far reaching consequences.
"Over the last few years, companies in every industry sector around the globe have seen their sensitive internal data lost, stolen or leaked to the outside world.

“A wide range of high-profile data loss incidents have cost organisations millions of dollars in direct and indirect costs and have resulted in tremendous damage to brands and reputation.

“Economic pressures on individuals and the monetisation of data on the black market have created an environment where people with access to information can convert data into cash," says Mr Hammond.

Mr Pollard concluded that technology trends such as social networking, the proliferation of mobile devices, and cloud computing, will cause the risks to data security to grow. These trends highlight an even greater need for organisations to vigorously protect data.

ENDS

Speaker and Company profiles

About Chartis

Chartis is a world leading property-casualty and general insurance organisation serving more than 70 million clients around the world. With one of the industry’s most extensive ranges of products and services, deep claims expertise and excellent financial strength, Chartis enables its commercial and personal insurance clients alike to manage virtually any risk with confidence.

Chartis is the marketing name for the worldwide property-casualty and general insurance operations of Chartis Inc. All products are written by insurance company subsidiaries or affiliates of Chartis Inc. In New Zealand, Insurance products and services are provided by Chartis Insurance New Zealand Limited, the first general insurer to obtain a full licence from the Reserve Bank of New Zealand under the Insurance (Prudential Supervision) Act 2010.

Ian Pollard, Vice President, Chartis Asia Pacific. Ian Pollard is a senior executive with Chartis and a member of the Asia Pacific senior leadership team. He has worked for Chartis for more than 12 years and during that time held a range of executive positions that took him from London, to Hong Kong, Singapore, New York, and Auckland.

Currently, Ian heads the Professional Liability Insurance business for the Asia Pacific and Far East regions, with responsibility for the financial sector – a role he has held since mid 2011. This position has given Ian insight into the range of cyber attacks commercial organizations are experiencing and the costs that result.

Ian joined Chartis in London as Professional Liability Underwriter in 2000. He served in Hong Kong in 2003; moved to Singapore in 2006; to New York in 2009; and then to Auckland, New Zealand in 2011 where he now resides with his New Zealand-born wife and young family.

Prior to joining Chartis, Ian worked for Marsh FINPRO in London. Ian is a graduate of Loughborough University, UK, where he earned an honours degree in Economics and Finance. Ian is also a Chartered Insurer, an Associate of the Chartered Insurance Institute.

About Ernst & Young’s Fraud and Investigation Dispute Services
Ernst & Young is a global leader in assurance, tax, transactions and advisory services. Worldwide, our 152,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve their potential.

Ernst & Young’s Fraud Investigation and Dispute Services professionals address the challenges and risks of doing business in today's environment. Through our extensive experience across multiple industries and global reach, we help you to develop strategies to pre-empt, manage and resolve risks of business conflict that can emerge. We also assist in investigating alleged misconduct, fraud and non-compliance with regulations and help you find ways to manage risk and measure the financial implications of disputes.

We investigate unusual financial activity, perform electronic evidence discovery, analyse data to highlight irregular trends and review financial reports — all with the sensitivity and urgency you require. We also provide expert witness testimony, as required, to explain our findings.

Matthew Hammond - Senior Manager, Fraud Investigation and Dispute Services. Matthew Hammond is a financial crime specialist with extensive local and international experience in civil & criminal investigations and prosecutions. Matthew leads Ernst & Young’s Fraud Investigation and Dispute Services (FIDS) in New Zealand.

Prior to joining Ernst & Young, Matthew was with the Wholesale Enforcement Division of the Financial Services Authority (UK) investigating insider dealing and market abuse. Previous experience also includes Anti Money Laundering, Proceeds of Crime and Counter-Terrorist Finance.
About DAC Beachcroft
DAC Beachcroft is a leading international legal business with more than 2,000 people across the UK, Europe, Asia Pacific and Latin America.

We provide a full service claims, transactional, commercial, risk and advisory capability, ranging from bespoke to systemised. We work with clients in a select range of industry sectors and are market leaders in health, insurance and real estate.

Mark Anderson, Senior Associate - Cyber Risks team. Mark Anderson has over 10 years’ experience acting in both civil and criminal cases in New Zealand. He advises New Zealand and International Insurers and businesses on general liability risks, professional liability, directors and officers risks, and marine and transport perils.

Mark is a passionate advocate of technology working for clients, but understands that a rigorous response to business threats in the cyber world is necessary. Mark is part of an international team advising domestic and international Insurers and Reinsurers with the development of cyber risk products including policy wordings and assisting in the legal response to losses.
About Aura Information Security

Aura Information Security is one of New Zealand's leading and fastest growing information security consulting companies offering penetration testing, security architecture and secure development training. Our customers include many of the largest New Zealand government agencies as well as local and international banks and corporates.

Aura are also the creators of RedEye, a system that scans websites and networks everyday hunting for security holes, and is PCI certified. Going one step further Aura have partnered with F5 globally to provide a service called RedShield which provides emergency protection for vulnerable websites and networks.

Andy Prow –Managing Director. As the founding owner Director of Aura Information Security Andy's primary role is as the chief ambassador of the Aura group, publically speaking at conferences such as TechEd and OWASP. Andy is an entrepreneur who strives for perfection. He is also passionate about technology who keeps on top of latest advances in the information security and software industries.

© Scoop Media