2011-06-23

By staff reporter

In a survey undertaken by Miller which asked which type of cyber crime was the most expensive, risk managers ranked loss or theft of customer data at the top of their list, and extortion at the bottom.

However, according to data provided by the Office of Cyber Security intellectual property theft costs UK plc a staggering £9 billion, closely followed by industrial espionage at £7.6bn. This is in stark comparison to the cost of lost customer data which was valued at only £1bn.

They were also asked who poses the greatest threat to an organisation, and respondents listed “organised crime” at the top of their list followed by “current employees”. However, they were much less concerned about their current service providers posing a risk – ranking it second from bottom in six possible choices. This might mean that while businesses are focussing closely on their own IT security, they are not paying sufficient attention to other service providers who may be critical to the actual performance of their business in terms of providing networks, computer driven logistics or web-driven sales.

Kiran Nayee, from Miller, commenting on the results of the survey said “the cost to UK business each year from cyber crime now totals more than £21bn – a significant cost when economic times are challenging. The reports we have read estimate that, in the last year, hostile cyber attacks on companies accounted for nearly one third of all UK data breaches – up from around 22% the year before. With legislation becoming more prescriptive, the liability costs of these incidents are becoming increasingly expensive in terms of detecting and fixing the security gaps as well as the expense incurred in informing potentially millions of customers whose data was compromised, and monitoring their credit ratings going forward. The insurance industry has responded by creating a thriving market for third party liability cover for this risk.

“However, many businesses are now increasingly dependent on data and networks to deliver their sales – whether that is through logistics or perhaps web-driven sales. If an attack results in the networks failing – with the subsequent of income – then this is a different risk profile entirely, one that is a first party business interruption type risk albeit without any physical damage having been done. We have worked with a number of specialist underwriters to create capacity for this as a named peril on a trade disruption policy.”

Home     More News


Other stories you may find of interest:

PwC: Cyber security industry 'in freefall'
Despite the growing threat of cyber attack, business and government is continue to ignore the risks, allowing attackers to exploit a myriad opportunities, PwC warns.

ISACA: Geolocation risks misunderstood
A new ISACA report cautions that regulating the use of geolocation data is still in its infancy, and that users should be aware of the information they are sharing.

Cyber risk second only to misappropriation in FS sector
Cybercrime has risen up the ranks over the last year to become the second most commonly reported economic crime affecting companies in the financial services sector after asset misappropriation, according to a PwC survey of global economic crime. The survey also showed a 50% increase in senior management fraud in financial services organisations in the last two years, suggesting that overall senior management attitude to fighting fraud is worsening, and presents an increasing challenge for non-executive board members.