Article by Brian Vail, QC
September 19, 2018, 2:21 PM EDT — Losses and costs relating to cyber liability incidents have escalated exponentially given that the world has become much more computer-dependent and technology is rapidly advancing. The losses suffered by organizations for cyber incidents that interrupt their operations as well as liability to third parties (customers, patients or others) have become commonplace. The question facing organizations today is not if they will suffer a cyberattack but when.
The world began rapidly changing with the Internet age. People and organizations are becoming increasingly involved and dependent on computers and electronic data and data transmission. An increasing number of companies operate e-businesses and many organizations are moving toward a paperless workplace. An entire economy has grown up whereby individual consumers access various online services, disclosing their personal information in the process. That information may be shared across connected multiple platforms.
The Allianz Risk Barometer for 2018 indicates that the number of cyber incidents is increasing at an “almost breathtaking pace.” It ranks cyber risk to be the second most serious business risk for 2018, after business interruption. The number of incidents of cybercrime is growing at an alarming rate.
This includes the introduction of malware to an organization’s computer systems to disrupt computer- controlled operations and corrupt data. The use of ransomware, whereby an organization’s data is encrypted subject to it providing a ransom (monetary or otherwise) to the hacker, has become big business. AON notes that “driven by widespread use of mobile technologies, cloud computing, corporate bring-your-own-device policies, big data analytics and 3D printing, cyber has emerged as one of the fastest growing risks for governments and companies across the globe” and is “in some instances more pervasive than traditional exposures.”[
In the United Kingdom alone, in 2016 46 per cent of all businesses reported at least one cybersecurity breach, including 66 per cent of medium-sized businesses and 68 per cent of large businesses.
Many small and mid-sized businesses have a false sense of security that they are not big enough or do not possess information that would attract the interest to cyber criminals. However the insurance industry suggests that 50 per cent of businesses report having been the victim of attack and 60 per cent of those struck are small and medium-sized businesses.
In Canada the average organizational cost of a data breach in 2016 was $6.03 million, up from $5.32 million in 2015, with an average cost of $278 per stolen record. Average notification costs rose from $120,000 in 2015 to $180,000 in 2016. The average costs of lost business rose from $1.99 million in 2015 to $2.24 million in 2016. These losses were caused 54 per cent by criminal/malicious attacks, 21 per cent by system glitches and 25 per cent by human error.
Thus, cyber claims are having and will continue to have a growing negative impact on the global economy. All organizations should be adopting strategies to protect themselves and minimize losses and planning to respond to such claims. Businesses should be reviewing their computer systems, training and monitoring staff and developing an incident response plan to prevent cyber incidents. They should also be reviewing and updating their insurance coverage to address the risks involved. Both prevention and response are not simply an IT problem. They require a team approach involving multiple departments and vendors (IT, management, human resources, public relations, an insurance broker and legal counsel).
It is a mistake for smaller or medium size business to ignore this issue as much as for large organizations as a cyber incident may seriously impact or even bankrupt an unprepared organization.
They are becoming the most sought-after target by cyber criminals.
Originally published in The Lawyer’s Daily
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.