Category Archives: Cyber-Liability

Study Shows Cyber Insurance Utilization Low

A recent article by Anya Khalamayzer cited that based on a Willis North American reporty, more than HALF of the Fortune 500 believe their firms would be seriously harmed by a cyber-attack. With increased cloud computing adoption, more and more small to mid sized businesses are finding themselves in situations similar to their Fortune 500 counterparts. In October of 2011, the Securities and Exchange Commission (SEC) issued guidance to U.S. listed companies to provide extensive disclosure on cyber exposures.

Ann Longmore, who is an executive vice president with Willis North America and co-author of the report said “D&O liability risk may be heightened for companies that experience cyber breaches if cyber risk disclosures are deemed not to meet SEC standards and a significant loss were to occur. This may be especially true if peers have provided more detailed disclosure.” Obviously the SEC feels that companies are not doing a good job of disclosing their exposure level for cyber-liability to their shareholders.

While most companies will fall outside of the scope of the SEC guidance, it is no less important to note the damage that can be caused by a cyber attack on a middle market company. Data is one of your most important assets yet it is not covered by standard property insurance policies. The loss of critical archive data, billing files, proposals, or other hard to replace data can be a crippling blow to a company. While data security is important to many companies, it is not the only asset  that needs to be considered.  Critical electronic systems or equipment crashing can be incredibly detrimental to a business. Imagine Point of Sale systems crashing during the holiday season, or the loss of revenue associated with that system’s  downtime.

Right now, most businesses just don’t understand the perils associated with  cyber integration. Mainly this is because it is not as tangible as a fire, flooding, or employee injuries. This does not make it any less real. It is also reasonable to note that 15 percent of the Willis study group said that they do not have the resources to protect themselves from critical attacks. Usually the costliest risks are the one’s never appreciated or considered fully. This is why I implore business owners really take stock into how bad it can be if things do go south, and realistically determine the impact a liability loss would cause them.

I believe as more companies get “plugged in” we will see a rise in losses associated with these types of risks. These experiences will become part of IT consciousness  and owners, directors, and department heads will demand ways to protect themselves; it will be our job as risk consultants to educate them as to the tools available to mitigate this new and evolving risk.

Related articles
Advertisement

Medical Device Companies May Be Exposed to Cyber Liability Risks

Some Durable Medical Equipment (DME) manufacturers may now have to educate themselves to a new risk that can pose significant chance of loss if not properly prepared for.

An alert published on the government’s Industrial Control Systems Cyber Emergency Response Team website, cited research from Billy Rios and Terry McCorkle of the cyber security firm Cylance Inc., who said they have identified more than 300 pieces of medical equipment that are vulnerable to cyber attack. They include surgical and anesthesia devices, ventilators, drug infusion pumps, patient monitors and external defibrillators.

Reuters reports that because of the alarming new revelations,  the U.S. Food and Drug Administration on Thursday urged medical device makers and medical facilities to upgrade security protections to protect against potential cyber threats that could compromise the devices or patient privacy.

“Over the past year, we’ve become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us,” William Maisel, deputy director for science at the FDA’s Center for Devices and Radiological Health, said in an interview. “Hundreds of medical devices have been affected, involving dozens of manufacturers,” Mr. Maisel said, adding that many were infected by malicious software, or malware.

These new exposures have opened up a new opportunity for risk consultants to have conversations with DME manufacturers. This time, in addition to your traditional product liability insurance, it may be prudent to discuss cyber-liability coverage since this type of peril may not be specifically covered.

Related articles