Disruptive Trends: The Rise and Rise of Hacking
Most businesses think that having their business IT systems and website hacked, or picking up Malware is something that happens to other businesses. Not theirs.
The problem is that hacking has moved from the nerdy teenager in their parent’s garage into a main income stream for organised crime. It is has also become one of the preferred methods of propaganda dissemination for disgruntled social and political activists, as well as becoming a way of getting messages out during wars.
With all small businesses, the question is if not when. And therein lies the problem.
Where are we now?
A new study by Price Waterhouse Coopers has shown that one in 10 Australian organisations have reported losses of over $1 million from hacking and cybercrime in the past 2 years.
Australian organisations experience cybercrime at double the global rate, with 65% experiencing cybercrime in the past two years, compared with a global average of 32%.
60% of businesses hit by cybercrime go out of business within 6 months. (2)
Only 2% of small businesses treat protection against hacking and cybercrime a priority in their business. Most do not have solid firewalls or industry strength anti-virus and anti-Malware programs. They don’t update their programs on their PCs and don’t update the programs that power their websites.
Hackers are getting smarter at their approach. You may have heard of a little case called the Panama Papers. The hack at Mossack Fonseca that created the largest release of data to journalists in history, and it all came about from an un-updated plugin on their website. (3)
Hackers are not just about defacing your site, they are about accessing the data you store about your clients, and using that in blackmail and extortion. This data release can then flow onto legal cases against your organisation for breaches of privacy.
This can work out quite costly for a business. Choicepoint in the US had to pay $10 million in penalties and $5 million to consumers for their data hack! (4)
Hackers target areas of vulnerability. The FBI has warned US based medical and healthcare providers that they are key targets and that they need to take action to protect themselves. (5)
Current Developments
One of the hottest insurance policies is now Cyber Insurance – protecting from the damage hacking makes on a business.
Depending on the policy, Cyber Insurance covers the financial consequences of losing the data, cost or restoring or replacing IT infrastructure, restoring or recreating data, regulatory fines and investigations, crisis management, privacy monitoring for victims. It can also include business disruption and extortion demands.
In the USA 50% of businesses have either bought cover for the first time, or increased their level of cover in the past year. (6)
Talking to an Australian insurance broker who declined to be named for this post, he reported that he is currently running at a 50% claim rate against the Cyber Insurance policies he has underwritten.
A claim he is currently managing for a commercial cabinet maker relates to hacking that affected almost all aspects of the cabinet maker’s business.
The costs so far from the hacking:
• $10,000 to restore his systems.
• $6,500 in overtime for his staff to redo all designs for current jobs.
• $50,000 drop in income for April through downtime in the shop for the first week.
• Plus, costs for loss of income over 12 months due to sales staff redoing old work. This will be calculated based on a 6 month rolling turnover as this is the average time it takes from sales to finalised job in his industry. This could add up to $100,000 or more for loss of profits.
The Cyber Insurance policy cost $717 (including taxes and fees).
Implications
Hacking is only going to get worse.
I predict that Cyber Insurance will become as common as household insurance and will become one of the top insurance products sold.
To reduce risk, insurance underwriters are going to require increased vigilance and protective measures for all companies taking out Cyber insurance.
These strategies will increase the protection from hacking for companies that can afford the monitoring and systems maintenance, and will send the hackers in search of softer targets – small businesses.
Businesses that will win from this trend: insurance companies; IT security and repair companies; IT companies that offer simple solutions to website updates.
Businesses that will lose from this trend: small businesses who do not take protective measures, IT companies that do not take out adequate liability insurance and who offer protectives services that fail.
References
(1) http://www.abc.net.au/news/2016-05-17/pwc-says-australia-hotbed-for-economic-crime/7420524
(2) http://www.abc.net.au/news/2015-10-12/small-businesses-under-greater-threat-from-computer-hackers/6846024
(3) https://www.wordfence.com/blog/2016/04/mossack-fonseca-breach-vulnerable-slider-revolution/
(4) https://www.ftc.gov/news-events/press-releases/2006/01/choicepoint-settles-data-security-breach-charges-pay-10-million
(5) http://www.reuters.com/article/us-cybersecurity-healthcare-fbi-exclusiv-idUSBREA3M1Q920140423
(6) http://www.insurancejournal.com/news/national/2016/05/18/409013.htm