MANAGING CYBER EXPOSURES

The range of cyber threats has increased at an alarming rate during the last decade.

We conduct more of our business – both professional and personal – online than ever before and in doing so disclose sensitive information which may be intercepted.

Responsibility to manage these exposures can no longer be left to the IT department, but rather rests with the Executive to ensure that robust risk management procedures are in place. When TJ Maxx made payments of just under US$10m to customers who had their credit card details misappropriated by criminals during 2005/06, this was just the beginning. A shareholder derivative action followed alleging the company had failed to properly address the issue of cyber risk despite assurances having been made to shareholders at an earlier AGM by the Executive. The action was successful.

Anyone who holds personal information is at risk, regardless of the size of their operation. Whilst awareness of cyber threats is increasing due to the recent much publicised breaches, the uptake of an insurance policy to assist in managing this risk is still slow in comparison. Smaller companies think “It won’t happen to me” as they see that global companies and financial institutions as prime targets. The reality is far from this. SMEs are targets of opportunity as they tend to have less robust security systems and are unlikely to have audited disaster or incident response initiatives. During the last year alone Australian retailer Endless Wardrobe was unable to operate for a week when hackers launched a denial of service attack when they failed to pay the $3,500 asked of them which resulted in loss of revenue and customers, according to InformationWeek. Medical practices in Queensland have also suffered similar threats.

Jan-Mar 2013 Issue

AIG Australia