For Immediate Release
Hong Kong, 14 May 2012 - Chartis, one of the world’s leading insurers, today called on Chairmen and CEOs to get serious about cyber threats, saying current corporate risk management practices in Hong Kong were inadequate against cyber threats. This was despite the fact there has been a 2000 percent increase in cyber attacks over the last three years with more than 49 percent originating from the Asia Pacific region alone.1
Chartis Vice President, Asia Pacific, Mr Ian Pollard said: “Hong Kong businesses are significantly unprepared for cyber risks, and Chairmen and CEOs need to get serious about managing their cyber risks.”
The alarming growth in cyber breaches dominates world headlines. Seventy five percent of organisations have experienced some form of cyber incident, yet awareness of cyber risk remains low. 2
“A corporate risk management framework needs to address cyber exposures, yet many risk managers in Hong Kong rarely evaluate cyber risk. Companies need to proactively manage cyber risks across the organization, and this priority should be driven from the boardroom,” Mr Pollard said.
The cost of cyber attacks is enormous and growing. Cyber attacks, often in the form of data breaches and network intrusions, can impact operations, frequently result in lost productivity, legal expenses, third party liabilities, exposed intellectual property, and damage to a firm’s reputation. Chartis estimates the average security and privacy claim at US$5.2 million.3
“It’s not a coincidence that the World Economic Forum ranked cyber risk as the single largest threat to global infrastructure for 2012, above financial collapse, natural disaster or traditional terrorism. Cyber threats are real, growing and very costly,” Mr Pollard said.
Examples of the financial ramifications of cyber attacks include:
Symantec’s Eric Lam, Enterprise Director for Risk & Compliance, Asia Pacific and Japan, said “The growing popularity and rapid adoption of mobile computing, social media use and consumerisation of IT in the workplace have introduced new security risks for businesses. Today cyber security is a top concern for many organizations. With more and more organizations experiencing cyber attacks, a large number have seen losses from the theft or loss of confidential data and downtime. Twenty percent of enterprises incurred at least US$271,000 in damages last year according to Symantec 2011 State of Security Survey. As cybercriminals continue to deploy increasingly sophisticated attacks, organizations need to put in place a defense-in-depth security strategy covering technology, processes and employee awareness. This is no longer just an IT issue; it is a business issue.”
Chartis has observed the impact to large and small companies alike, with attackers often stealing personal and government identification information, as well as credit card details.
The rise in cyber threats prompted Chartis to develop a new specialised insurance product called CyberEdge, which provides the first comprehensive cyber coverage solution in Asia Pacific. It provides coverage for cyber liabilities that most commercial insurance policies do not cover.
Launched today, CyberEdge is especially designed to address the consequences of losing corporate information and personal data from cyber threats, and covers companies’ liability arising from data protection laws.
Norton Rose, Partner and Asia Lead for Technology and Data Privacy, Ms Gigi Cheah said: "There is an increasing awareness of the need to protect data, whether of individuals or companies, with corresponding strengthening of privacy and security legislation worldwide. The penalties imposed by these laws for failure to adequately safeguard data are also increasing with proposed changes to the EU data protection regulation including a maximum penalty of two percent of global annual turnover of an offending corporation."
Mr Pollard said that technology trends such as social networking, the proliferation of mobile devices, and cloud computing, will cause the risks to data security to grow. These trends highlight an even greater need for organisations to vigorously protect data.
“Managing cyber risk used to be the domain of Information Technology service providers. Now the consequences of cyber attacks are so far reaching, damaging corporate reputation and strategic business plans, all levels of an organisation from the Chairman down, need to take action to protect against cyber threats,” Mr Pollard said.
“Insurance can provide financial protection against cyber risks and CyberEdge helps organisations in Asia strengthen their defences against cyber threats,” he said.
1 Akamai. (2011). State of the Internet Report, Q3 2011
2 Deloitte & Touche LLP. (2011). Cyber crime: A clear and present danger - Combating the fastest growing cybersecurity threat
3 Chartis, U.S. Financial Lines Division, U.S. security and privacy claims averaged from 2007—2011
4 PWC. (2011). Cybercrime: Protecting against the growing threat - Global Economic Crime Survey
5 Ponemon Institute. (2010), Symantec 2010 annual study: Australian cost of data breach
6 McAfee Survey
7 Hal Steven. (2011), Network Security Spending Increases – You can’t afford Not To
# # #
Chartis Insurance Hong Kong Limited
46/F, One Island East
18 Westlands Road, Island East
Chartis is a world leading property-casualty and general insurance organization serving more than 70 million clients around the world. With one of the industry’s most extensive ranges of products and services, deep claims expertise and excellent financial strength, Chartis enables its commercial and personal insurance clients alike to manage virtually any risk with confidence.
Chartis is the marketing name for the worldwide property-casualty and general insurance operations of Chartis Inc. For additional information, please visit our website at http://www.chartisinsurance.com. All products are written by insurance company subsidiaries or affiliates of Chartis Inc. Coverage may not be available in all jurisdictions and is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain coverage may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds.
About Norton Rose
Norton Rose Group is a leading international legal practice. We offer a full business law service to many of the world’s pre-eminent financial institutions and corporations from offices in Europe, Asia, Australia, Canada, Africa, the Middle East, Latin America and Central Asia. Knowing how our clients’ businesses work and understanding what drives their industries is fundamental to us. Our lawyers share industry knowledge and sector expertise across borders, enabling us to support our clients anywhere in the world. We are strong in financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and pharmaceuticals and life sciences. We have more than 2900 lawyers operating from offices in Abu Dhabi, Almaty, Amsterdam, Athens, Bahrain, Bangkok, Beijing, Bogotá, Brisbane, Brussels, Calgary, Canberra, Cape Town, Caracas, Casablanca, Dubai, Durban, Frankfurt, Hamburg, Hong Kong, Johannesburg, London, Melbourne, Milan, Montréal, Moscow, Munich, Ottawa, Paris, Perth, Piraeus, Prague, Québec, Rome, Shanghai, Singapore, Sydney, Tokyo, Toronto and Warsaw; and from associate offices in Dar es Salaam, Ho Chi Minh City and Jakarta. Norton Rose Group comprises Norton Rose LLP, Norton Rose Australia, Norton Rose Canada LLP, Norton Rose South Africa (incorporated as Deneys Reitz Inc), and their respective affiliates.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
# # #
Tel: 3555 0037