Organisations need to rethink their exposure to cyber risks and place a greater emphasis on managing data security and privacy, broking giant Marsh has urged.
It warned that while recent high-profile cyber-attacks have increased awareness of the consequences of cyber-crime, organisations remain unsure of where the main threats to their business lie.
“There’s a common misconception that cyber threats are the preserve of big businesses and government organisations being attacked by sophisticated hackers”, said Craig Claughton, NSW manager of financial and professional services at marsh.
“The reality is that everyone has a database. Even if a company doesn’t collect or store third-party data, it will still have employee and client information on file. The simplest low-tech mistakes, like misplacing USB sticks or improper disposal of computers, can be extremely costly and cause significant reputational damage.”
Claughton warned that companies relying on traditional insurance policies to protect them from cyber breaches were likely to find gaps in their coverage, leaving them at risk.
“Traditional insurance policies were developed long before the evolution of cyber risks so the types of exposures companies now face don’t fit neatly within existing definitions and exclusions of those policies,” he said.
“For instance, traditional business interruption cover only applies to damage or loss of tangible property from a physical peril and wouldn’t apply to data and electronic media. Similarly, as a crime policy is usually only applicable to the theft of money, security or tangible property, cove might not extend to loss of data.”