Risk of cyber attacks must be a board-level concern, warns Lloyd’s

Thu 02 Dec 2010 – Digital risks must be a board-level concern for business as the range, frequency and scale of cyber attacks increases.

Many companies are unwittingly vulnerable to the possibility of data leakage, phishing attacks, trojans or advance persistent threats, according to a new report from Lloyd’s, the world’s leading specialist insurance market, and HP, the world’s largest technology company.

The report, “Managing digital risks: trends, issues and implications for business,” warns that, as businesses become more reliant on technology, they will face more complex and damaging digital attacks as sophisticated attackers quickly adapt their methods to steal from, disrupt and spy on businesses.

Many companies are unintentionally exposed to digital risks, believing their existing insurance policies will cover them, but most traditional (property and commercial liability) policies focus on the tangible damage to physical property and do not cover the many new areas where digital risks lie.

Lloyd’s Chairman, Lord Levene, said:

“A discussion of digital risks should be on the agenda of board meetings everywhere as cyber attacks become more frequent, more creative and more disruptive. Cybercrime is an international business aided by those countries without the legislative framework to tackle it. If we are serious about combating cybercrime, we need to increase international communication and collaboration between governments and businesses, and move towards uniform global regulation.’

Most of the digital risks that companies face, such as extortion and stolen information, are similar to risks they have always known. However, technology has increased the speed at which these risks can occur as well as amplified their impact. It has made information and processes more accessible and now citizens of the world � with both good and bad intentions � are more connected than ever.

The study points out that:

As part of the overall digital risk management strategy, companies should consider the growing number of cyber-risk insurance products and solutions that can transfer these risks to third parties. Although difficult to measure, the current market for cyber insurance is estimated to be around USD $600 million, a 16-25% increase from 2009.

Most digital risk mitigation typically happens within the IT department. However, risk managers, technology experts and other stakeholders need to be more involved in the process in order to bring broader business perspectives to the decisions that are made.

Prith Banerjee, Senior Vice President of Research at HP and Director of HP Labs, said:

“This collaborative research effort demonstrates HP’s focus on innovation with a purpose. The combination of Lloyd’s corporate view of risk with HP Labs’ knowledge of future technology trends and information security has enabled us to provide companies with impactful information about the digital threats facing businesses worldwide.”

The real challenge for risk managers is to determine how to effectively monitor digital risks in order to decide how seriously they should be considered. The report provides several practical and implementable recommendations to help risk managers respond to the growing digital threat including:

  • Setting up a working group to monitor and review business risk exposure;
  • Becoming more involved in IT governance and strategy; and
  • Ensuring that applicable standards are used to manage digital risks.

About Lloyd’s

Lloyd’s is the world’s leading specialist insurance market and occupies fifth place in terms of global reinsurance premium income, and is the second largest surplus lines insurer in the US. In 2010, 78 syndicates are underwriting insurance at Lloyd’s, covering all classes of business from more than 200 countries and territories worldwide. Lloyd’s is regulated by the Financial Services Authority. www.lloyds.com