If your company were hit with a cyber attack today, how much would it cost? The entire bill -- including costs from regulatory fines, potential lawsuits, damage to your organization's brand, and hardware/software repair, recovery and protection?
It's a question you can't ignore, as the costs of online attacks are skyrocketing. According to a 2011 study by the Ponemon Institute, the cost of cybercrime in the US could range from US$1.5 million to US$36.5 million annually. A 2009 study by IT security company McAfee also estimated the cost of cyber crime reaches US$1 trillion per year.
"Cyber attacks, often in the form of data breaches and network intrusions, can impact operations, frequently result in lost productivity, legal expenses, third party liabilities, exposed intellectual property, and damage to a firm's reputation," said Marc Breuil, Hong Kong president and CEO for US-based Chartis Insurance.
The ripple-effect in cyber attacks
"Hong Kong businesses are significantly unprepared for cyber risk," added Ian Pollard, Chartis vice president, Asia Pacific. "A corporate risk management framework needs to address exposure of data to attack, yet many risk managers in Hong Kong rarely evaluate cyber-risk."
In August 2011, Hong Kong Exchanges & Clearing, operator of the Hong Kong stock exchange, halted trading for eight companies -- including HSBC, Cathay Pacific, Dah Sing Bank, China Power, and HKEx --after its Web site suffered a malicious attack.
"We know from our research that cyber attacks can cause serious reputational damage," said Breuil. "A recent report suggested that over three-quarters of people would cease working with an organization in the event of a security breach, and the average share price drop in response to notifying the market of a network security breach is 5%."
Gigi Cheah, partner and Asia lead for Technology and Data Privacy, Norton Rose, said "There's an increasing awareness of the need to protect data, whether of individuals or companies, with corresponding strengthening of privacy and security legislation worldwide."
"The penalties imposed by these laws, for failure to adequately safeguard data, are also increasing," said Cheah. "Proposed changes to the EU data protection framework include a maximum penalty of 2% of an offending corporation's global annual turnover."
Coverage and claims
The increased business risk caused by cyber attacks is raising attention among many enterprises. Many insurers -- including Chubb, Zurich and Chartis -- are providing cyber insurance coverage for Hong Kong enterprises.
Last month Chartis launched CyberEdge, a cyber-insurance policy targeted at multinational enterprises in Australia, New Zealand, Singapore and Hong Kong with a minimum annual turnover of US$100,000.
To calculate premiums, Chartis conducts an individual risk assessment comprising: the relevant industry, company size, annual revenue, existing risk management practices, and the liability limits sought by the insured.
Sign up for Computerworld eNewsletters.