Cyber: loss adjusting in an inferno

DATA BREACH RESPONSES MUST BE CARRIED OUT WHILE THE STORM STILL RAGES, SAYS BENEDICT BURKE, CHIEF CLIENT OFFICER, INTERNATIONAL, AT CRAWFORD & COMPANY

When a major natural catastrophe occurs, armies of loss adjusters are deployed as soon as the dust has settled. Cyber claims have one major difference. We deploy teams while the event is still underway and there are still multiple moving parts. It is the virtual world equivalent of sending in adjusters at the height of the storm surge, or into the centre
of a blazing inferno.

Why? Because speed is of the essence. That first critical 48 hours following the discovery of a cyber intrusion can make all the difference from a brand and reputation perspective.
Take the TalkTalk breach. Within six hours of uncovering the hack it had become global headline news.

Another big difference between a major physical event and a cyber attack is geography. Even the recent Japanese earthquakes, which impacted global supply chains, were a relatively localised event. A big data breach by contrast can affect customers worldwide, becoming a highly complex multinational, multi-jurisdictional event.

With the EU Data Protection Regulations due to come into force in 2018, now more than ever the ability to respond quickly and effectively to a breach is essential to preserving brand and reputation.
The new rules will require firms to notify the authorities within 72 hours where possible, with the onus on senior executives to arm themselves with as many facts as possible.

Future response plans will need to be significantly more polished than many of those we have knowledge of today and have seen rolled out publically. A strong message from the top and a decisive plan of action will go a long way to reassure customers and shareholders, and ultimately prevent share prices going into freefall

While data breach arising from a cyber intrusion grabs the headlines, business interruption and business income loss arising from a denial of service (DoS) attack, for instance, can be just as damaging. Again, in such scenarios it is important to have an immediate response plan, to deploy forensic IT, crisis management and other experts and to kick-start the crisis response and business continuity plan so business can resume quickly.

In the technological world in which we now operate, no business can afford to have its systems down for more than a few hours. The average global cost of a data breach was $3.79m in 2015, according to Ponemon and IBM’s annual data breach survey, and these costs are rising year by year.

The cyber insurance market is developing but capacity is still low and products, which mostly contain similar elements, vary by wording. However, insurers are showing they can be innovative and recognise that risk transfer is but one of the three basic elements of cyber coverage, alongside loss prevention and post breach response.

Sophisticated IT security can go some way to help organisations avoid being the low hanging fruit, but it cannot prevent all intrusions. Likewise, proper training can empower staff to better spot phishing scams. But human error is inevitable in any large organisation and there is always the spectre of the disgruntled employee.

Some of the more expensive but highly-effective deterrents currently being utilised include Honeypot servers, that detect and contain intruders, and data loss prevention software, which monitors where data is stored and replicated. Simulated phishing attacks are also frequently used by large corporates to highlight weaknesses and to put security systems to the test.

It is not a question of if but when an organisation will face a brand-threatening cyber attack. Response plans need to be tried and tested so the C-suite can respond appropriately when they are door-stepped by the media in the early hours, helping to dissipate the intensity of the inevitable storm. The loss adjuster has a pivotal role in any effective post-breach response. This includes supporting the insured in protecting their business (and brand), managing a crisis, mitigating the risk, instructing and managing experts, ensuring effective communication and ultimately achieving a successful resolution of any (potential) claim.

The three basic elements of Cyber coverage
● Loss Prevention (Risk Management or Pre-Risk work)
● Loss or Risk Transfer (Insurance)
● Post-Breach Response (Insurable)

 

Big numbers
● 48 – the critical hours for action following a data breach
● 91% – percentage of firms affected by a data breach in
the last two years that now have their board and senior
executives involved in future breach plans
● 42% – percentage of Britons affected by a data breach
(source: Experian and Crawford)

June 2016