Lockton highlights impact of cyber threats on D&O, brand and supply chain risks

MPs call for war on technology crime

The Hong Kong Computer Emergency Response Team (HKCERT) has reported a massive surge in computer hacking and botnet reports in the first six months of 2013.

Bots are a type of malware that allow hackers to take control of many computers and turn them into a ‘botnet’ to spread viruses and spam and commit online crime. More than half of the 622 security incidents handled by HKCERT came from botnets and hacking in the first half of 2013.

There has also been a rise in denial-of-service (DoS) attacks and mobile and cloud security incidents.

Call for data policies

HKCERT senior consultant Leung Siu-Cheong called on businesses to establish policies that classify and protect sensitive data. These should also manage the use of mobile devices and the service level of their cloud service providers. “In short, they should be well prepared for large-scale attacks,” he said.

Development director of Lockton Asia global technology and privacy practice Angel Kuan said that cyber attacks were no longer just an IT department problem.

“There are three risks that businesses need to increasingly factor into their operations: director and executive liability risk, brand risk, and supply chain risk,” she said.

“The risks are understood at their most basic levels, but supply chain and brand risk are relatively new concepts to the insurance industry.”

Search for solutions

However, Kuan said insurance solutions did exist. “Businesses would be well advised to start a conversation with experts in this area to, at least, better understand what defences are available to protect from the commercial implications of a successful, and commercially visible, cyber attack,” she said.

Hong-Kong based Ali Chaudhry, who oversees JLT’s professional and executive risks area for Asia, said cyber security was a topic of great interest to the insurance industry.

“But it is not very good at understanding it and putting it into three bullet points, so that the risk manager can show the board why this is a problem and why they should spend money on it,” he said. “It’s hard to pin down and everyone’s struggling with it at the moment.”

Sophisticated approach

Chairman of the Pan-Asia Risk & Insurance Management Association Franck Baron said cyber risk required risk managers to highlight to their management “the high degree of sophistication and complexity that goes with the insurance game”.

The opportunities for the cyber world are immediate, without limitations, global and unprecedented. Those words could also be used to describe the risks associated with cyber’

“It’s not just about purchasing a piece of paper, an insurance policy. Cyber starts with analysing each and every insurance program you already have in place in your organisation, and seeing what bits and pieces of cyber exposure are already covered,” he said. “Then you can develop a proposal to try to centralise all this insurance coverage into one vehicle, like cyber-liability insurance.”

Opportunities and risks

According to Willis chief executive officer of Asia Adam Garrard, Hong Kong corporations are highly digital dependent, which means they have “enormous advantages and not insignificant risk”.

“I once read ‘The opportunities for the cyber world are immediate, without limitations, global and unprecedented. Those words could also be used to describe the risks associated with cyber’,” he said. “I think that neatly sums up the paradox.”

HKCERT has announced its intention to launch a new quarterly report next month with statistics of hacked computers in Hong Kong, using data collected from worldwide security researchers. A drill is planned for November to strengthen the readiness of critical internet infrastructure providers against cyber attacks.