No One Knows What to Do with Cyber Risk
There are increasing voices saying how scary cyber risk is. But, is it?
If so, what makes it scary?
The answer to the first question may depend on what perspective you take. HSBC, the largest bank in the UK, suffered from a cyber attack1 earlier ago. It caused a significant number of its retail customers not being able to access their online and mobile banking. This embarrassing system failure was not recovered until nearly the end of the day. Many large and small banks are now becoming more vulnerable to cyber risk, given the large customer and transaction database banks contain. The President and CEO of Depository Trust & Clearing Corporation (DTCC), Michael Boston, alerted earlier last month at the Designing for Cyber-Resilience Conference that even for a medium-size US bank, a loss of data due to cyber attack would cause catastrophic wave to the banking system. And of course, not to mention the related operation and human cost to recover the system, and the unmeasurable reputational cost. Research from Biener, Eling, and Wirfs in 2015 showed that more than 78% of the total cyber attacks happened in financial sector, and the average measurable cost was up to $34million2 This is a painful amount of money.
Thus for financial services industry, cyber risk is indeed terribly scary. How about other industries?
You may think that cyber attack on non-financial industries should be less serious, as the personal data they hold are technically less "precise". But instead, the average cost directed from cyber attack on the other industries was a double of that on financial industry, giving away more than $60million (as shown in the same empirical analysis). This is because non-financial industries do not have enough awareness to their potential cyber risk, thus allowing dangerous loophole for hackers, insider's attack, or system failure. More growing and conscentious corporates are looking ways to protect themselves from cyber risk: e.g. constantly upgrading their system, set up a chief Information Officer, and purchase cyber security insurance.
Cyber security insurance was seen as a rapidly developing trend to protect the company at its best. Figures showed that the cyber insurance premium has been growing at 10%-25% on average each year3 (Betterley, 2013). The underwriting of the insurance usually differs from company to company, depending on the size of firm, size of database, type of data, and online penetration4 (Marsh, 2012).
If you want to know more about how to protect your company from cyber risk, please contact us at protecloud@gmail.com. We are happy to help!
Reference:
1. HSBC cyber attack brings internet banking to its knees from Financial Times
2. Insurability of Cyber Risk: An Empirical Analysis from Biener, Eling, and Wirfs (2015)
3. Betterley, R. (2013), “Cyber/Privacy Insurance Market Survey 2013: Carriers Deepen Their Risk Management Services Benefits—Insureds Grow Increasingly Concerned with Coverage Limitations, http://betterley.com/samples/cpims13_nt.pdf, last accessed: February 10, 2016.
4. Marsh (2012), “Cyber Insurance,” http://www.iod.org.nz/Portals/0/Branches%20and%20events/Canterbury/Marsh%20Cyber %20Insurance.pdf, last accessed: February 10, 2016.
