Insurers race to catch up with evolving cyber risks

Cyber risk

The government estimates that the current economic cost of cyber crime to UK businesses is £21bn a year. Intellectual property theft from UK businesses costs the economy about £9.2bn a year.

Developments in web and communications technology have been rapid, and companies have had no choice but to sink or swim. Businesses have swarmed to the internet, creating an array of problems with online transactions and data security.

Hacking has hit the headlines over the past two years, with many high-profile government agencies and companies targeted. In addition, a rapid rise in ‘hacktivism’ from collectives such as Anonymous and LulzSec have opened a new awareness of what constitutes sensitive data, with hacks becoming increasingly politically and ethically motivated.

The growth in cyber liability cover and related technological insurance has been quite slow. In general, it has been the established insurers that have been able to devote more resources to developing technology teams, or larger multinational firms with experience of the USA’s stringent data regulation laws.

As new data regulation proposals from the EU have been announced, companies will have to ensure that they are conducting business in a compliant manner. This provides new opportunities for those with the knowledge to help build and grow stable, legally sound businesses.

Cyber trends

2004

June

Insurer systems breached
A Deloitte survey of global insurers and banks revealed that 83% of respondents’ systems had been breached during the previous year.

November

Ace makes a move
Ace introduced business interruption cover to protect against the financial impact of malicious or accidental damage to computer systems.

December

Times change for music
Music downloads overtook sales of CDs and vinyl for the first time during the final week of 2004, signalling the beginning of the end of the music industry’s traditional operating model.

2005

February

YouTube first airing
Free, online video sharing platform YouTube opened, exploding overnight the old broadcasting distribution channels.

March

Bank theft foiled
Hackers using keystroke-tracking software tried unsuccessfully to transfer £220m out
of Sumitomo Mitsui Bank in one of Britain’s largest attempted bank thefts.

2006

February

Data protection penalty
Nationwide Bank was fined £980,000 by the FSA for having inadequate security procedures in place after a laptop holding data on 11 million customers was stolen from an employee’s home.

November

Websites multiply
The total number of websites on the internet hit 100 million - a more than 100% increase in less than three years.

2007

January

iPhone arrives
Steve Jobs of Apple unveiled the first iPhone, ushering in a new era of mobile web communications.

May

Telegraph website attacked
Newspaper website telegraph.co.uk was offline for more than 24 hours when hackers flooded its servers with more internet traffic than they could handle.

2008

February

Willis enters market
Willis brought out a new business interruption policy covering losses arising from malicious or accidental data loss.

December

Browser wars
Google stepped on Microsoft’s toes by releasing its Google Chrome browser to compete with Microsoft’s Internet Explorer.

2009

January

Combined cyber risks
HSB Engineering Insurance introduced a wide-ranging product covering viruses, hacking and denial of service attacks as standard.

June

Twitter grows up
Social networking site Twitter came of age when it was used in protest during a traditional media lockdown following the election of Mahmoud Ahmedinejad in Iran.

2010

April

HTML 5 released
Restructured web coding language HTML 5 was introduced, making it easier to present video and audio content online.

December

Lloyd’s speaks out
Lloyd’s chairman Lord Levene called for better global communication and high-level governmental collaboration to combat cyber crime.

2011

April

Sony out of service
Hackers took Sony’s PlayStation network offline for five days, stealing addresses, passwords and purchase histories of more than 100 million users. Sony’s insurers, Zurich and Zurich American, refused to indemnify the company.

June

Regulatory cost cover
XL Insurance introduced a new cyber liability product, including cover for the cost of mandatory data breach notifications and regulatory fines and penalties.

November

Mobile connectivity soars
Facebook reported that 350 million of its 800 million users were regularly accessing the social network through their mobile phones.

2012

January

Loss of content cover
Underwriting agency i-Digital Insurance teamed up with Lloyd’s insurer Jubilee to offer the first insurance cover for irretrievable loss of downloaded content on computers, phones and other devices.

March

Medical records stolen
James Jeffery, a hacker from group Anonymous, stole 10,000 personal records of women registered with the British Pregnancy Advisory Service, the UK’s largest abortion provider.

May

MoD hacked
Hackers caused the UK’s Serious Organised Crime Agency website to be shut down after breaching top-security Ministry of Defence systems.

2013

January

Steep fines mooted
Companies found to be in breach of new European legislation on handling personal data could incur a fine of up to 2% of global turnover. (For more on updates to the Data Protection Act, see page 63.)

Hackers in space
Computer hackers claim they will put satellites into orbit in 2013 as part of an effort to evade censorship. The plans were unveiled at the Chaos Communication Congress in Berlin 2012.

December

Cable upgrade
By next year, the world’s internet structure is projected to be running entirely on cables with a minimum capacity of 5 gigabytes per second. Currently, continent-linking cables are running at less than 20% of their capacity.

2014

What’s next?

Web future
The internet is moving towards heightened identity validation, as Facebook’s recent crackdown on pseudonym accounts shows. The shift will make web users more accountable and easier to identify.

Cyber war
US congress has warned that China is aggressively developing its cyber war arsenal, with inter-state cyber attacks shaping up to be the most organised and sophisticated of all.