By Grant Cameron, Chief Executive, Trafalgar International Ltd
A 2015 study from market analyst Juniper Research predicted that the global cost of data breaches in 2019 would reach $2.1 trillion. Latest studies predict the global cybercrime cost to triple to $6 trillion by 2021.
Travelers Business Risk Index noted that 75% of large businesses, 60% of mid-sized firms and 45% of SME’s viewed cyber risk as a major threat. Yet far too many businesses still cling to fallacies about cyber crime. These are four common misconceptions:
Myth 1: Cyber crime only happens to large companies.
CFO Magazine reported that phishing campaigns target small businesses 43% of the time. During the two-year period through February 2016, approximately 22 percent of small and mid-sized businesses surveyed by CFO Magazine reported that they were victims of a cyber attack on their computer networks.
If numbers alone aren’t convincing, consider two real-life cases involving small companies. In a single week, a small construction firm lost almost THB 19 million to a Trojan horse cyber attack. In another case, an indoor go-kart racing business with about 20 employees discovered its bank accounts were emptied in a phishing scam.
Media tends only to report on major breaches, usually involving household names such as Yahoo, Sony and Marriot. You don’t hear about the Baht 50 million or Baht 100 million breaches at small manufacturers. But they are happening, oftentimes that is because the cyber protection at smaller companies isn’t as sophisticated, and hackers see them as an easy target.
Myth 2: My type of business isn’t a target.
Every business is a target. Whether you operate a bank, a retail establishment, manufacturing facility, hospital, hotel or professional service firm, everyone is at risk.
Cyber attacks aren’t always the result of nation states seeking company secrets or hackers aiming for details on millions of credit card accounts. Thieves may target your company to access your bank account, gain trade secrets, steal intellectual property, gain competitive advantage in your market, or simply ruin your reputation.
No industry is immune to the risks. Symantec’s list of the top five sectors breached by the number of cyber attacks was:
- Services
- Finance, Insurance and Real Estate
- Retail Trade
- Public Administration
- Wholesale Trade
Myth 3: Cyber crime does not occur that frequently.
Every 3 seconds— someone’s personal identity is stolen. In 2015, a total of 429 million identities were reported exposed. Also in 2015, Symantec discovered 430 Million new unique pieces of malware. These numbers are increasing exponentially each year.
In terms of internet usage, Thailand is one of the fastest growing regions in the world. However, a lack of education on the pitfalls, prevention and protocols as well as out-date technologies has lead to an increased risk of malware infection.
According to International insurer Allianz Global Thailand is among the top 25 targets of malware attacks, with Bangkok a favourite target of hackers in the region.
Myth 4: Self-insurance is a viable option.
The average total cost of a data breach for the 350 companies who participated in a US study (Poneman Institute’s Cost of Data Breaches) was Baht 120 million, which was up 23 percent from a previous study. The same report noted that the average cost of a malicious or criminal data breach incident in the United States was roughly Baht 7,000 per compromised record.
The costs of a data breach or cyber attack are so high because costs involved are not only for damages to the firm, but include fees associated with data breach investigation, notification of the breach, public relations reparation, credit monitoring, legal services, regulatory fines and settlements or judgments.
It can be seen that the high cost of a cyber attack makes self-insurance a potentially dangerous option.
Conclusion. How can your company protect itself from cyber crime?
- Work with your information technology department to create a cybersecurity system to prevent attacks.
- Develop cybersecurity training programmes for your company’s employees.
- Invest in a cyber liability insurance policy to help mitigate losses should an attack occur.
While Thailand does not yet offer as many varied and comprehensive insurance covers that can be found in US and Europe, some enterprising Insurers have brought to the local market several packages that begin to address businesses exposures to the cyber risk.
Insurance coverages locally available provide for both First Party (malicious destruction of data, denial of service attack, accidental damage of data, cyber extortion threats, virus, malware, and spyware) and Third Party (breach of privacy, misuse of personal data, defamation or slander, transmission of malicious content) claim scenarios.
Contact a professional insurance broker to learn more of your potential exposures and the Insurance covers available to you.