Greater China region responds to jitters in the wake of the global cyber attack, but many firms are still underprepared.
As a direct result of WannaCry, AIG has seen an 87% increase in enquiries for cyber insurance coverage between April to May 2017 for Greater China.
The reaction of the region, which covers China, Hong Kong, Macau and Taiwan, was discussed at AIG’s cyber crime round table on the theme of ‘The hidden dangers of cyber crime’.
AIG and its partners in cyber forensics, KPMG, and legal expertise, Norton Rose Fulbright, noted a real need to underscore the reality of cyber exposure that executives and businesses in this region have yet to understand from a financial, legal and brand perspective.
According to the Hong Kong Computer Emergency Response Team Coordination Centre, the number of computer security incident reports has vastly increased in recent years, by more than 300% from 1,694 reports in 2013 to 6,058 reports in 2016.
Hong Kong Police statistics show that there is a significant increase in the amount of money at stake with the financial losses resulting from locally reported computer crime cases increasing from HK$45.1 million in 2009, to HK$2.3 billion in 2016.
Cyber insurance is a US$2 billion dollar market place globally with 30% of middle to large companies and 45% of Fortune 500 companies purchasing cyber insurance protection.
In 2016, AIG insured 22,000 commercial clients against cyber-related risks and 22 million individuals against identity theft globally. The global insurer claimed it has seen an average annual growth rate of 20-25% over the last three years worldwide.
“Despite increased awareness brought about by the recent global cyber attacks such as WannaCry and NotPetya, many companies in Asia still do not understand their cyber exposure because so much of what happens occurs out of the public eye,” said Jason Kelly, head of liabilities and financial lines for Greater China, Australasia and South Korea at AIG.
“There is a degree of complacency because executives across Asia don’t relate to the major cases of cyber attacks in the US or Europe as being the same kind of risks that threatens their Asian operations.
“They need to understand that there is a rapidly escalating exposure to first party costs that include cyber-related income loss, legal and forensic costs and expenses associated with the need to defend a company’s reputation with its customers, partners, suppliers and its broader stakeholder group during and after each cyber incident,” he said.
Kelly added that the recent WannaCry and NotPetya outbreaks remind us that it is very hard for large and small organisations alike to avoid cyber crime.
Norton Rose Fulbright’s spokesperson Anna Gamvros said the firm is often brought in on cases where executives are trying to figure out their exposure after an attack.
“This is unfortunate because the affected organisation may have already breached a number of regulations by not taking adequate steps to protect data.
“In this region, organisations are operating in a complex regulatory framework with varying regulatory requirements and deadlines in the event of a breach. In recent months Japan and Australia have introduced mandatory cyber reporting however, the laws in these and other countries can create a situation that leads to much confusion as well as costly regulatory investigations across multiple jurisdictions,” said Gamvros.
According to KPMG forensics expert Brian Wilson, Asian firms lag behind their peers in more mature markets in terms of thinking about their exposure to cyber risk and cyber security and many of the recent attacks can be attributed to a widespread lack of education and investment in cyber security.
“In the US, cyber security is a boardroom issue with robust control and measurement practices supported by technology and policies. Cyber is a central theme when considering organisational risk and at the top of the agenda as part of crisis planning.
“By contrast in Asia, cyber security is still just a buzzword; and little more than an afterthought in management planning at many Asian businesses. There is so much that can be done among Asian businesses to build awareness about cyber protection at all levels,” added Wilson.