Cyber attacks: Directors' Liability
The risk of a cyber attack is material for the majority of businesses in the financial services industry today. Such attacks are increasingly sophisticated, widespread and disruptive…
Published 18 December 2014
2014 has been another year of high profile attacks on global corporations, with cyber-crime showing no signs of abatement. This month we have chosen three recent cyber risk themes which draw 2014 to a close but set the scene for 2015: Cyber risk implications for directors and officers, the global nature of cyber threats, and the implications of cyber risks for the wider insurance market.
The highly sophisticated cyber attack on Sony last month highlights how organised, criminal gangs are using new, widespread and disruptive techniques to attack businesses today. The attack has been described as "unprecedented in nature" and it demonstrates that IT security measures at the largest of corporations can be ineffective at avoiding sophisticated attacks.
The financial repercussions for Sony and indeed any corporation subjected to a cyber attack can be significant, not only from the immediate costs of investigating the incident, but also the long tail exposure to regulatory investigations, civil claims and heightened compliance programmes. These exposures coupled with reputational damage can reduce share price and harm investors. Directors & Officers are increasingly being held responsible for preventing such incidents and if not, may face regulatory criticism and civil claims. For a more detailed consideration of cyber risks for D&Os, please see our recent article here.
The Sony attack also highlights cyber risk as a global phenomenon. The media has suggested that North Korea carried out the attack because it was disgruntled with Sony's recent film premier involving a plot to assassinate North Korea's leader. Whether or not this is true remains to be seen, but the media has suggested there are organised gangs in Russia, Eastern Europe and China and the FBI has said that certain nation states (including some based in the Middle East) have the capability to carry out such attacks. Jurisdictions around the world are awakening to cyber risks and mitigation strategies. The global opportunities for insurers were discussed in our recent seminar on global cyber risks, and you can watch the highlights here.
Finally, a further emerging cyber risk issue is how insurers, and indeed the insurance industry as a whole, should grapple with the exposure to cyber-attacks under existing lines of business. We are looking forward to seeing the outcome of Lloyd's data collection exercise and the adoption of the new "CZ" risk code for Cyber Security Property Damage in 2015. These were recently announced by the award winning Tom Bolt and his performance management team at Lloyd's.
We end the year on a happy note, wishing you all a Merry Christmas and a cyber safe New Year.
For DAC Beachcroft privacy updates, please follows us at @DACBprivacy.