Category : Broker

  • Cyber Crime: The elephant in the room?

    23 September 2014 | Asset Insurance Brokers

    SOURCE: by Chris Sheedy and David West | Insurance & Risk Professional online

    Cyber crime encompasses almost any criminal activity that can be perpetrated via the internet and computers. Cyber crimes include cyber-stalking, industrial espionage and information theft, fraud, extortion, identity theft, phishing scams and cyber terrorism.

    What is cyber crime?

    Cyber crime encompasses almost any criminal activity that can be perpetrated via the internet and computers. Cyber crimes include cyber-stalking, industrial espionage and information theft, fraud, extortion, identity theft, phishing scams and cyber terrorism. Cyber criminals use malware and viruses, computer and network hacking, denial of service attacks and fraudulent online scams to perpetrate their crimes. They find it relatively easy to access computers and networks inadequately protected by virus software or passwords. They will also directly steal laptops, computers and mobile devices and take advantage of computers that are left unattended.

    Cyber crime costs Australian businesses $4.5 billion annually, yet it remains one of the least insured policy areas. Insurance & Risk Professional delves into a high-risk world that’s up until now being largely ignored by brokers and your clients.

    Earlier this year, Julia Gillard launched Australia’s first national cyber security strategy and announced the establishment of the Australian Cyber Security Centre.

    Australia, the PM said, is “an attractive target for a range of malicious cyber actors” thanks to threats from politically-motivated hackers, as well as criminal networks in nation states.

    It highlights a very serious – and potentially expensive – issue that all Australian businesses are facing right now.

    Yet many are doing very little about the potential damage that can be caused by cyber crime.

    In fact it’s been highlighted by several within the insurance industry as one of the few high-risk areas that is largely ignored by industries and brokers.

    Matthew Clarke, Australasian PI Manager, Financial Lines, Chartis, describes cyber crime as “the most talked about, least sold insurance policy in the market”.

    He said research from ‘Unisys Security Index – Australia, 2011’ revealed that 85% of Australians would stop dealing with an organisation if their data was breached.

    But the PR problems caused by a breach are really just the tip of the iceberg.

    According to a 2011 study commissioned by Symantec, the problem of cyber crime currently costs Australian businesses around $4.5 billion annually in cash and productivity losses. The average cost of a data breach in Australia, Clarke quotes from Symantec’s 2011 Cost of Data Breach Study, is $2.16 million.

    In November last year, computer hackers from a Romanian syndicate allegedly accessed the IT systems of 100 small Australian retail outlets and stole credit card details of over 500,000 customers.

    Losses from the single incident – the biggest theft of credit card data in Australia so far – added up to around $30 million. The probe to bring down the gang involved law enforcement officers from agencies in 13 countries. The Australian Federal Police now considers cyber crime one of its major areas of investigation.

    “The internet is an affordable and effective place for small businesses to sell and promote their goods and services,” says research analyst Alice Hutchings in a paper produced for the Australian Institute of Criminology. “However, the internet also provides opportunities for fraudulent behaviour and unauthorised access to business and client data. Attacks on the computer system of a business can have immediate and ongoing effects, such as targeting customers for identity crimes or infecting website visitors with malicious software. It is contended that small businesses in Australia have been slow to implement security technology and policies that may protect their information systems, making them vulnerable to current and future threats.”

    But it’s not just the organised crime gangs that create such a threat. Beazley’s cyber expert Paul Bantick, who leads the Technology, Media and Business Services team, says that last year six out of the world’s top ten insured cyber breaches came from staff “doing something silly, such as losing a laptop, misplacing a back-up tape, rogue employees etc”.

    Bantick mentions several case studies to illustrate the point. One involved a financial services firm that gave a data back-up tape to a delivery service to take to a secure location. The delivery person’s car was broken into and the tape stolen before it could be delivered. Another involved a hospital that, during a move to new premises, lost a filing cabinet containing confidential patient information. Finally, another breach involved a bank employee regularly stealing customer data and selling it onwards.

    “The result of a breach is enormous cost in terms of legal fees, forensics to find out what happened and the impact, notifications to all potential individuals and clients that could have been affected, the offering of a product such as Data Alert to minimise the damage to affected individuals, the need for call centres to handle queries and complaints and, of course, a PR company to manage media,” Bantick says. “The USA is four to five years ahead of Australia because in America legislation was introduced long ago around what must happen after a breach. The result has been an increase in Beazley’s cyber premiums from zero to approximately $100 million in four years. Australia is quickly realising it must go the same way as the PR damage and crisis management resulting from a breach is the same anywhere in the world and the service levels required are just as complex and vital. Delivering a breach response to insureds is more key than the insurance of liabilities in many cases .”

    However it occurs, cyber crime adds up to a very real and serious threat to Australian businesses. It’s one that relatively few brokers have the knowledge to brief their clients on. Those businesses, therefore, are operating without a level of protection that could well be essential in the current and future technological climate.

    Need To know

    Professor Allan Manning, Managing Director of LMI Group, says brokers must fully understand the business risks to ensure they’re providing the right advice and cover. “This goes for all the risks of the business, not just cyber crime,” he says.

    Brokers must also understand the measures that businesses have already put in place to minimise cyber risk. “Today’s cyber criminals are increasingly clever at gaining undetected access and maintaining an on-going, low-profile presence in a company’s IT environment,” he says.

    “Too many organisations are leaving themselves vulnerable to cyber crime based on a false sense of security, in view of the software they have in place which they believe is protecting them. For example, many organisations focus heavily on foiling hackers and blocking pornography while potential and actual cyber crimes may be going undetected and unaddressed. This has generated significant risk exposure, including exposure to financial losses, regulatory issues, data breach liabilities, damage to brand and loss of client and public confidence.”

    Some industries have far higher risk profiles than others. At the very top of the tree are businesses that collect confidential information on clients, such as those in the banking, finance and health fields. However, any business that sells products to clients or charges them for services, and does so by collecting credit card and bank details, is at risk. But some organisations are better prepared to face that risk than others.

    Kelly Butler, Account Manager, Professional Risks FINEX at Willis Group, agrees that a thorough understanding of the organisation’s current levels of protection is vital to setting a suitable premium. “Look at all of the company’s preventative measures as well as their pre-planned response strategies to a hack or breach,” Butler says. “If a thorough, organisation-wide breach response plan is in place then this is a good demonstration to the insurer that a lower premium is justified.”

    “Other good signs are high levels of data encryption, solid anti-virus programs, laptop and mobile security and monitoring, intrusion detection software, adequate and secure data back-up, utilisation of firewall technology and strong social media policies and management. Many well-publicised events have come from defamation and breach-of-IP issues via social media. Cyber policies can cover such issues.”

    The application for a quotation for cyber cover, in fact, can be a fantastic cyber-health check for any organisation, Butler says. “As it stands the level of information needed when completing the proposal form requires an in-depth look at current systems, policy and procedures and tends to involve a variety of people throughout the business. Managers have often told me that the application process has led to some major changes within the business by helping them identify some security or procedural deficiencies,” she says.

    The Future

    Australia has become recognized as a soft target for cyber criminals, says Clarke. Our organisations are easier to infiltrate because of a past lack of privacy legislation and the lack of preparedness that this brings. But the Prime Minister’s recent announcements point to a major shift in policy and legislation towards a far more secure future. As a result, brokers and insurance clients are becoming far more knowledgeable about, and interested in, the field of cyber cover.

    “Australia has dragged its heels, particularly in comparison with the USA,” Clarke says. “But there is now a drive in some broker groups to skill up in this space. Some brokers are now raising the topic with clients, and many clients are raising the topic with their brokers. The government’s concern is causing many of our clients to become interested in cyber issues.”

    “I think the opportunities offered by this development, for those within the insurance industry, are twofold. First, it is about retention – if brokers aren’t talking about this to their clients then their competitors will be. Second, it is about new business – if you can specialise and become extremely knowledgeable and well-known in the area then you can claim that niche, that space, as your own. Cyber cover is a serious growth area and it’s not one that any business insurer can afford to ignore right now.”

    Case Studies

    These case studies, from Kelly Butler at Willis Group, demonstrate the breadth of cyber issues.

    Retail – A hacker accessed a retailer’s network and stole the personal details of 15 million customers. The retailer incurred significant costs to deal with the breach including forensic costs, notification costs, fines and credit monitoring costs. Liability claims followed.

    Hotel – A hotel group’s point of sale network was hacked and credit card details of six million customers were taken. The hotel experienced high forensic costs to isolate the hack. Additional expenses included mandatory notification costs and fines. The hotel offered all of the individuals two years of credit monitoring services. They also received liability claims for damages from banks.

    Airline – An airline received a Distributed Denial of Service (DDoS) attack, bringing down their online sales platform for 48 hours. The airline experienced a significant loss of revenue during the network downtime plus serious costs in dealing with the issue.

    Financial Services – An employee of a financial services company left a laptop, containing the personal financial details of its clients, in a public place. Costs included the hire of a PR firm, notification of all of the customers affected, setup of an ID theft/credit alert service call centre and credit monitoring services.

    Tips for preventing cyber attacks

    Passwords, email, social networking and out-of date software all provide opportunities for cybercriminals. To prevent attacks:

    1. Protect your computer with both a firewall and an anti-virus program. Keep your anti-virus program up-to-date and remember to renew your annual subscription.

    2. Back-up all important data. Viruses and malware can destroy vital information.

    3. Create a password of more than six characters with a combination of letters and numbers. Do not save the password on your computer or share it with others and change it regularly.

    4. Email is the most likely route for viruses and hackers. Do not open any email attachments from people you do not know.

    5. Use the privacy settings on social networking sites to prevent malicious access to your personal information.

    Pointers from the US

    In 2012 both Australia and the US passed new cybercrime legislation aimed at increasing the level of cooperation and accountability between countries in order to combat cyber crime and intellectual theft and to further bolster the Council of Europe Convention on Cyber Crime. The convention has 34 signatories including the US and Australia.

    On August 2 2012, the US Senate passed the International Cybercrime Reporting and Cooperation Act which has muscular provisions to help improve the capacity of other countries to combat cyber crime. To do this the bill requires US agencies with oversight of cyber crime to report to Congress on the capacities of other countries including the effectiveness of their laws and the measures taken by their government to protect consumers from cyber crime.

    Under the bill the US President will be able to give aid to other countries to give priority to improving the effectiveness and capacity of their legal and judicial systems and the capabilities of law enforcement agencies with respect to cyber crime. The aid will include providing foreign countries with the tools to improve critical infrastructure, telecommunications systems, financial industry, legal or judicial systems, or law enforcement capabilities of that country necessary to combat cybercrime.

    Based upon the report to Congress the President must create an action plan that will assist the government of a given country to improve the capacity of the country to combat cybercrime. The President is then required to meet with the leaders of each country of “cyber concern” to formulate action plans to combat cybercrime. If a country fails to meet an action plan benchmark within one year, the US can opt to block any new financing or loans for the countries in question, restrict trade to the countries in question and restrict foreign assistance.

    Cyber crime – the true cost

    What is cyber crime really costing Australia and the rest of the world? Use these jaw-dropping stats if your clients need convincing of the need for cover against cyber crime.

    In 2012 the cost of cyber crime global was $114 billion annually – $388 billion if you include downtime.

    The annual global cost of cyber crime remediation is $1 trillion

    In 2012 information theft accounted for 44% of total external costs, up 4% from 2011.

    Disruption to business or lost productivity accounted for 30% of external costs, up 1% from 2011.

    There are 556 million cyber crime victims per year, 1.5 million per day and 18 victims per second.

    The total annual cost of cyber crime in Australia is $2 billion, the US $21 billion, Europe $16 billion and China $46 billion.

    The average cost per victim of cyber crime is $197 (Norton)

    Less than 50% of companies have a documented process for handling data breaches.

    73% of (US) companies have not purchased network liability insurance.

    Only 46% of worldwide companies have some form of cyber crime insurance.

    Full article published 5th June 2013 – http://www.insuranceandrisk.com.au/238496df/Cyber_Crime_The_elephant_in_the_room

  • Opinion: Why ignoring social media will destroy your business

    24 April 2014 | Asset Insurance Brokers

    SOURCE: INSURANCE BUSINESS ONLINE | 19 MAR 2014

    Don’t use Facebook, Twitter or LinkedIn? It doesn’t matter – you’re still on social media even if you ignore it. ProRisk’s Peter Marshall explains why you must embrace the online world to protect your livelihood.

    Social media enables the public to share what’s happening and what’s on their mind easier than ever before. Some of it is interesting, some of it is banal. Some of it is informative – and some of it can be vindictive.

    Opinions vary as to the relevance and usefulness of social media. Some businesses make it an integral part of their online presence, using it as an opportunity to be a useful and fun part of their customers lives. Some have not made it a part of their business but have plans to do so in the future, while others simply don’t see the value – just the risks. We can see this in our own industry. Some brokers have embraced social media to the level where they are active on a number of social media platforms – actively managing their own web TV sites. – whereas some still don’t have their first website.

    As with all forms of communication, care needs to be exercised in the management of updates. If good news travels fast, then bad news travels at hyperspeed. Like any information source, news feeds and reactions need to be actively monitored. Sometimes damage control can be required – but that’s just the way of things with all communication.

    Like it or not, social media is a part of business. Not only is it here to stay, but it is here to change the way we do things. Platforms continue to grow in number and new ways to engage audiences continue to pop up.

    Even if you’re not actively on social media, you’re still on social media – because other people are talking about you. Consider this example: you need to arrange a booking at a restaurant for a group of friends or business associates. You go onto Google to search by location and cuisine. In amongst the restaurant details there are links to reviews, written by people who have dined recently. In some of these reviews you read great comments from satisfied diners, as well as critical comments about service and quality. Would you book the restaurant that has comments about poor service, rude waiting staff and high prices for poor quality dishes?

    Of course not. You’d most likely pass that one by and choose the one with the good reviews. Just how much income have restaurants lost through lost opportunity from bad social reviews?

    Brokers are far from immune to this. We all know the power of a positive recommendation, and more and more of your existing customers are influencing the buying decisions of your potential customers. It used to be that one dissatisfied customer would tell ten people of their experience and the news would move on exponentially until the wave subsided and lost momentum. With social media,  a person who posts their dissatisfaction reaches a far more vast audience. These comments can seriously damage a business and have a material effect on its viability.

    Anyone can post their experiences of you and your business in online consumer directory platforms such as Truelocal. Do you know what they’re saying about you and your staff? How do you answer it if you do?

    You could choose to put the fires out one at a time once you are aware of them or you could choose to be proactive and be active in social media for your business. You can’t stop people making negative comments. Indeed, these comments can be valuable feedback for you. But you can balance the equation by making sure that you create a publishing space for your satisfied customers to share their positive experiences – which should outnumber the bad.

    Social media is more than just a place for compliments and criticisms. It is a community and a platform to enable your business to showcase itself to existing and potential clients. If you think clearly about how you want to be seen, clearly about how you will use it and the outcomes you want to achieve, it can be a platform for business social credibility, growth and retention.. It’s a whole new playing field, and one  that’s full of potential.

    Full article – http://www.insurancebusinessonline.com.au/news/opinion-why-ignoring-social-media-will-destroy-your-business-185545.aspx

  • Public confidence in brokers grows

    23 April 2014 | Asset Insurance Brokers

    SOURCE: INSURANCE NEWS.COM.AU | 14 APRIL 2014

    Insurance brokers are now more highly regarded than they have been for decades, according to a Roy Morgan study.

    About 16% of respondents rate brokers as having high or very high standards of honesty and ethics – the best return since the annual Image of Professions Survey began in 1979.

    However, brokers still languish in 22nd place on a list of 30 professions, which is topped by nurses (91%) and propped up by car salesmen (3%). Financial planners place 17th (28%).

    Last year insurance brokers were 26th, with just 13% of the public giving them a favourable rating.

    National Insurance Brokers Association (NIBA) CEO Dallas Booth says he has serious reservations about the survey’s usefulness.

    “It is a survey of perception and I’m not sure it provides much guidance on true views,” he told insuranceNEWS.com.au. “The majority of people buy insurance direct and have never spoken to a broker in their lives.”

    Mr Booth says research such as Vero’s SME Index is much more valuable.

    “When you survey people who use brokers, they know they give good advice, are professional and add value. There are some people who do not understand what brokers offer, and that is for NIBA to tackle.”