Cyber Risks Need To Be Considered At Board Level

The emergence of cyber risks and the importance of the Board of Directors identifying, managing and mitigating such potential liabilities was the clear message from a professional seminar hosted by Vantage Insurance at the Pomme D’or Hotel on 8th October 2013.

The emergence of cyber risks and the importance of the Board of Directors identifying, managing and mitigating such potential liabilities was the clear message from a professional seminar hosted by Vantage Insurance at the Pomme D’or Hotel on 8th October 2013. 

The seminar was presented to nearly 100 professionals, the majority from the local financial services sectors, with talks from Richard Packman, MD of Vantage, Arthur Mainja of KPMG and Gareth Tungatt of specialist cyber insurers Ascent Underwriting.  It introduced the attendees to the increasing danger of cyber risks as well as the measures that can be taken to mitigate these risks.

The main theme from the discussions was that cyber risks are real and do need to be taken seriously by the board of directors of companies. Any company that collects, manipulates, or transmits data is at risk, and any business who uses the internet or emails can be exposed. 

Richard Packman from Vantage provided an oversight of cyber liability exposures and the fact that all businesses, regardless of their size, can be prone to the risks of malicious cyber attacks, network interruptions and lost client data. He highlighted the surprisingly high percentage of such dangers that arise from a firm’s own employees – either through their negligence (eg, opening an infected email), losing portable devices or even rogue employees selling company data for personal gain.  He also spoke about the increasing threat from organised criminals and hackers and the need for education of a whole new vocabulary, such as “malware”, “phishing”, “pharming” and “hactivists”. 

Arthur Mainja, senior manager at KPMG, spoke about what is cyber crime and who is carrying it out – hackers, activists, organised criminals and foreign governments. He explained common misconceptions of businesses in respect of cyber risks, for example the belief that it will not affect firms, that they have adequate IT security in place, and the importance of constant monitoring of the increasing exposure.  He continued with the theme of the importance of management assessing the cyber capability of their organisation, of minimising the risk of an attack on an organisation by an outside cyber criminal, as well as limiting the impact of successful attacks. That better information on cyber crime trends and incidents facilitate decision-making. The importance of a clear communication strategy on the subject of cyber security as well as increased knowledge of and competence in relation to cyber security. 

Gareth Tungatt, director at Ascent Underwriting, explained the “first party” (own losses) and “third party” (liability to others) risks associated with cyber exposures.  He advised that with the increased reliance on connectivity of IT networks, data processing, e-commerce operations and the drive for a paperless environment the risks can affect all types of business (ie, financial as well as non-financial) and increase daily.  He discussed emergence of cyber liability insurance from the US and their experiences in this market and how this in now affecting UK and European businesses. He also warned of the anticipated regulation with the forthcoming EU Directive – the General Data Protection Regulations.  He illustrated his talk with actual claims examples that have been paid by insurers for cyber attacks. Gareth closed by highlighting the misconception that a standard Material Damage, Business Interruption or Professional Indemnity provides adequate protection, and the gaps in these respective policies.  He emphasised the need for the correct advice to identify the exposures and design an appropriate insurance coverage programme.