In New Zealand in the past year, $257m was lost to cyber crime and impacted 856,000 New Zealanders.
Cyber attacks are an incredibly fast emerging risk to businesses worldwide and New Zealand is no exception, and for many businesses in this country it is not a case of if you are attacked, but when.
A ‘Cyber-threat’ is any type of potential undertaking by individuals or organizations that target computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts.
As dependency on IT infrastructure increases, the need for proactive Cyber Exposure Risk Management could not be any more poignant.
Risk Management industry professionals advise that although the underlying motivation behind these “Cyber Attacks” are more often than not, unknown, what we do know is the intent of these malicious actions generally revolves around; extortion, theft of monies or information, tamper & industrial espionage and system destruction.
“Taking preventive risk management measures should not be treated as a maybe, but a must.”
These Cyber-threats largely emanate from anonymous external sources (globally or locally) or could come from within an organisation itself e.g. disgruntled employee.
One of the more serious and ‘criminal’ cyber threats is what is termed ‘Ransomware’.
In one case recorded by The New Zealand National Cyber Security Centre (NCSC) a small business reported that they had received emails from outside of New Zealand threatening to disable their business unless funds were paid.
When no funds were paid the email senders – we call them threat actors – compromised the business’s servers, installed malware (ransomware), which encrypted their files, causing the owners to lose access to their systems.
Eventually the organisation was able to restore its network using historic back-ups, however they lost many recent records and were unable to conduct business for several days resulting in subsequent financial losses.
With these types of threats becoming more and more common, a business could easily sustain a loss between $10,000 and $100,000+.
For many firms it can mean that the only option is to go out of business. With a potential consequence being that firms fail to finish work that they are committed to, therefore leaving clients to suffer significant losses for which the affected firms are now liable.
“These threats are very real, and everybody is at risk. These criminals aren’t just going for big organisations, they are going for the smaller organisations whose IT systems are easier to breach.”
Land Professionals Mutual Society have been made aware, through their brokers Aon New Zealand, that cyber exposure is rapidly increasing in frequency and severity. Aon has already been involved in claims under a Cyber Liability policy, so these exposures are very real.
Who is exposed? Plain and simple, you have Cyber Exposure if you:
• Have a high degree of dependency on electronic processes or computers
• Online presence and/or point-of-sale machines
• Gather personal or corporate information
• Remotely work outside a central place of business
• Engage vendors, independent contractors or additional service providers
• Subject to NZ or international privacy legislation
• Have untrained/unaware employees, or even disgruntled employees
This policy provides indemnity for other liabilities, which can occur for a member, including the transmission of viruses to various other sites, defamation, infringement of intellectual property, breach of copyright, and confidentiality.
The policy also indemnifies business interruption caused by denial of access as well as cyber extortion costs (ransomware).
The Professional Indemnity policy does not contain any specific exclusion relative to a loss arising from civil liabilities when providing professional advice or services through use of the Internet or E-Commerce communication, thus as dedicated Cyber Liability is required to cover this risk.