Chartis warns brokers over cyber crime
The costs of cyber crime are “enormous and growing”, Chartis has warned brokers.
VP Financial Lines – Professional Liability Asia Pacific and Far East Ian Pollard says a study last year by Symantec put the net cost of cyber crime in Australia at $4.6 billion a year.
Chartis’ international experience shows the average security and privacy claim after a breach is $US5.2 million ($5 million), he told an audience at the launch of the company’s CyberEdge insurance product in Melbourne last week.
A recent study by security group Net Diligence found a slightly lower average cost per breach, of $US3.7 million ($3.56 million).
It shows that, on average internationally, 1.4 million records are lost each event and businesses incur a cost of $US4 ($3.85) per record.
Legal expenses formed the largest part of costs incurred, with the average cost of settlement $US2.1 million ($2 million) and the average cost of defence $US582,000 ($560,634).
The cost of crisis services, including forensics to find out what went wrong and customer notification, averaged almost $US1 million ($960,000) per event.
Mr Pollard notes 85% of Australians say they will stop dealing with an organisation if their data is breached, according to research by global IT company Unisys.
Internet security breaches damage businesses’ reputations, operations and finances, he says, and can lead to fines in countries with strict privacy legislation.
Wotton + Kearney Partner Cain Jackson told the launch tightened privacy laws are likely in Australia next year.
The Privacy Commissioner will take a more public role policing breaches and will have power to impose fines of up to $1.1 million, he says. The commissioner can then “almost undertake a name-and-shame regime”.
Cyber security expert Lawrence Ostle says the most common cyber attack is called an advanced persistent threat.
Such attackers are not like burglars who break in, steal everything and leave behind a mess, according to Mr Ostle, the Director, Global Security Solutions for CSC Cybersecurity.
Instead they are like private investigators who watch your habits, find out when you leave windows open and use this knowledge to enter and steal a few things. Hackers take this approach to IT systems over a long period, taking care not to be detected.
Mr Ostle says many companies do not realise their online security has been breached until some time afterwards. But he told the launch audience not to panic and instead to use patches and antivirus software, and encrypt information moving between devices.