How often has your data been hacked? Have you received a notice from your bank recently about suspicious transactions? Have youalready adapted to the “new reality” of data (in)security?
Although the topic of cyber security is much broader than the data breach example, the media focus is usually on data breaches, which occur at a much higher frequency than other cyber events. Because
data breaches also, so far, generate most of the cyber-related insurance claims, we limit the scope of this publication to those types of events.
Following several high-profile cyber security breaches over recent years, a growing number of corporations perceive cyber as a high risk. Swiss Re therefore expects the demand for cyber insurance to rise. These are the findings of a joint study Swiss Re and the IBM Institute for Business Value conducted this year.Learn more
On 15 August 2012, Saudi Aramco, the state-owned group that runs all of Saudi Arabia’s oil production, suffered a virus attack that damaged approximately 30,000 computers by malware infestation and destroyed 85% of the hardware on the company’s devices. The virus, called ‘Shamoon’, did not just target Saudi Aramco as an entity; it attacked the country's entire economy.Learn more
Edward Snowden is a well-known hacktivist. He disapproved of what was happening in the National Security Agency (NSA) so he leaked confidential information in protest. Elsewhere Sony Pictures Entertainment was subjected to a high-profile cyber-attack, presumably because it wanted to release a film about a national dictator who perhaps takes himself more seriously than Sony realised.Learn more
Cyber risks result more from human behaviour than technological faults. There are many ways in which a person can do the wrong thing - lack of training, poor communication, unclear role definition, deliberate misconduct… However, they all stem from two root causes: employee error or internal sabotage.Learn more
Tim Berners-Lee, the founder of the internet, is a great supporter of unrestricted access for everyone. He has said in the past that ISPs should supply “connectivity with no strings attached”. This is understandable, after all the “three As” are what make the internet so special: information available to all, any time and any place.Learn more
As the frequency of cyber-attacks grows, they are bound to cause higher losses. The Ponemon Institute based in the US, claims that the average price for a small business to clean up after a hacking incident is USD 690,000, rising to over USD 1,000,000 for mid-size companies. The growth of interconnectedness is set to increase this figure further.Learn more
Any company with a web presence can be a target for cyber-attack. At the same time, not all attacks are serious and some incidents can be covered in-house by, for example, having back-up servers. When deciding whether your company needs cyber cover, you need to check the risks against your existing insurance protection.Learn more
Cyber risk management is a costly, demanding exercise and it can be hard to know where to start. Maybe that’s why some companies prefer to take an ad-hoc approach. However, as cyber threats loom larger on the risk radar, it is becoming unwise not to invest more in their mitigation.Learn more
Security professionals often say: “Either you have been breached or you just do not know that you have been breached”. There is nothing clear-cut about long-tail cyber risks and hackers prefer it that way. They want to access networks, cause damage and then exit while covering their tracks.Learn more
Cyber criminals, hacktivists, hackers… Whatever name you may have for them, they are always out there devising new ways of gaining unauthorised access to as many systems as possible. Moreover, there is no fail-safe way of avoiding these attacks.Learn more