The volume of data breaches and cyber attacks that marked
2015 could be appropriately described as a ‘cascade’ or ‘torrent’, or perhaps
‘maelstrom’.
There have been breaches of highly sensitive data (including
that of children), targeted attacks on government agencies such as the US’s OPM
and Germany’s Bundestag, and an alarming number of well-orchestrated DDoS
attacks.
Money has been stolen, data has been swiped and lives have
been ruined.
Lewis Morgan of IT Governance calculates, that counting up
all of the available numbers on the stories that he has reported each month in
2015, he is at 487,731,758 leaked records in 2015. It is very likely that the
final number is significantly higher, but we know that there has been at least
487,731,758.
There’s a black market where records are sold and bought,
and hackers are only getting savvier. The Department for Business, Innovation
and Skills reported that 74% of small businesses & 90% of large organisations
suffered a data breach in 2014 and it is becoming increasingly common.
Our response to “My IT department is confident we are
secure, therefore do I need a cyber liability policy?” is Carphone Warehouse,
TalkTalk and many other large corporations like them have entire departments
devoted to IT security, and they still suffered a data breach. A simple
oversight like not updating software, not setting appropriate user authentication
procedures for third party vendors, losing an unencrypted laptop, or a rogue
employee with malicious intent, can all lead to a breach.
If you are in the “cloud” you are not safe! It would be in
your best interest to carefully review your cloud contracts with legal counsel.
Even if the risk is reduced, the liability may still fall on your shoulders.
You can outsource the service but not the responsibility, you are still legally
liable for lost data.
Hiscox claim example:-
“Our client was
contacted by a government agency and advised that government security services had
detected an intrusion on its systems. Our IT forensic experts were deployed to
investigate and assess the extent to which the network had been compromised. A
significant amount of malware was discovered on our client’s servers so a
containment plan was executed to remove all malware. Our client was also able
to take legal and PR advice under their insurance cover to help them decide how
and when to communicate this incident to their clients.”
<Information courtesy of Hiscox and
IT Governance>