The unseen risks of Internet use, and what to do about it
Alongside terrorism and climate change, cyber risk has been identified as one of the three main business risks today. As can be expected, this is a growing area of concern for many companies as more business is conducted electronically.
Business managers may not always have a comprehensive grasp of all the risks that communication by electronic means pose to their business. While the risks of infringing intellectual property, breaching the Fair Trading Act or publishing defamatory statements are not new, the use of computers creates further e-risks and liabilities. This exposure exists for all businesses who:
-
Hold key data on servers linked to Internet access
-
Conduct business over the Internet
-
Use the Internet for advertising and obtaining or distributing information to the public
-
Use the Internet as a research facility or an intranet structure to communicate to their staff
-
Use the Internet as a source of income
Traditional cyber risk exposures include criminals, hackers, spies and military activity. However, internal threats of cyber disruption can be just as great and can arise at any time from criminal mischief, clumsiness, desperation, accident, incompetence, ignorance or negligence. Here’s what could go wrong:
Breaching copyright – As a user of copyright works owned by others, a business is at risk of directly infringing on copyright. Digital technology has made reproduction very easy and material is easily accessible over the Internet. Much of this material is subject to copyright. Downloading or reproducing material without express or implied authorisation is an infringement of copyright.
Confidential information – The risk of confidential information being disclosed has increased as larger volumes of data can be disseminated more easily, widely and quickly.
Defamation – Anyone who publishes a defamatory statement (for example forwarding the statement or a link to it by email), or the person controlling the site on which a defamatory statement appears, may be liable for defamation. Defamatory statements can spread quickly and uncontrollably online.
Hacker attacks – A hacker attack can shut down a site entirely, resulting in revenue losses and the possible denial of services to customers and suppliers.
Hyperlinks – A hyperlink to another website on your Internet or intranet site may infringe copyright if the hyperlink itself contains a graphic or wording that is part of a third party’s copyright work.
Internet fraud – Dishonesty can result in a broad range of exposures, including credit card transactions, diversion of goods, investment manipulation, promotion of services that do not exist and incorrect use of digital signatures.
Viruses – A virus coming from a computer in your business could cause damage to another party’s hardware and software, and possible loss of revenue and increased costs.
Cyber extortion – Sites can be held to ransom for payment. This is a growing trend.
Cyber breaches in New Zealand that made the headlines
|
January 2011 Ex-Telecom staff were reportedly able to access Telecom’s databases after they had moved to rival Slingshot, obtaining the personal information and billing details of Telecom customers in an attempt to win customers over. |
April 2011 PlayStation Network was reportedly hacked, resulting in 77million users worldwide having their personal details, including passport numbers and credit card details, leaked. |
December 2011 Waikato DHB reportedly had hundreds of online job applications stolen by a hacker. |
March 2012 ACC reportedly accidently leaked the personal and claim information of 9000 claimants, which in turn was allegedly usedby the receiver in a bid for monetary gain. |
The solution - cyber insurance
Cyber policies are designed to cover the liability of companies arising from data protection laws, the management of personal data and the consequences of losing corporate information, as well extending to cover loss of earnings.
Cyber insurance should be considered by any company that handles data or private information, whether it be credit card numbers, medical records, birth dates, ID/passport numbers and other private personal information, employee profiles, sensitive demographic information about customers, information on budgets or marketing plans. This also extends to businesses that use online sites or systems to generate income. The impact from the loss of this information could include compensation costs, fines or business interruption if data enters the public domain.
To protect businesses against cyber risks, talk to your Crombie Lockwood broker.
* Material provided by Alan Race, Executive Broker Crombie Lockwood and aig.co.nz