Willis’ Cyber Risk Unit reports that cyber-related insurance claims have spiked by 56 percent over the past year alone, with an increasing proportion of victims in the hospitality industry. Citing a recent survey, Willis' newsletter warns that hotels, resorts, tour companies, and other leisure and entertainment providers are increasingly vulnerable to hackers seeking to steal personal information. The Newsletter highlights the major risks posed by the deluge of personal data and explores actions companies can take to protect themselves against cyber crime.
The Ponemon Institute, a US-based information technology think tank, estimates that the costs of recovering from a cyber attack –including costs associated with notifying customers and implementing credit monitoring software to help ensure victims’ credit records are not compromised by the misuse of stolen data -- typically range anywhere between US$100,000 to US$1 million.
However, Willis warns that some of the largest breaches can cost in excess of US$100 million. More stringent data protection legislation coming into force will only further increase companies’ financial exposure to cyber crime, both in terms of liabilities to banks and individuals, to say nothing of the more difficult to quantify reputational damage such attacks can cause.
The main culprits of data breaches include rogue employees, malicious attacks, and innocent mistakes made by outsourcing firms employed to manage customer data.
Laurie Fraser, Global Markets Leisure Practice Leader for Willis said: “Hackers are getting ever more sophisticated, penetrating firewalls to drain corporate databases of their customers’ personal details, including credit-card numbers when not encrypted, medical histories and other personal information. This year has already seen at least three high profile cyber crime cases where security breaches triggered public outrage and panic over identity theft and fraud. The incidents badly bruised the reputations of popular consumer brands, as well as exposed firms to a host of increased costs as well as potential liabilities.”
Jeremy Smith, Practice Leader of Willis’ London Cyber Team, observed: “Companies that hold substantial volumes of personal, identifiable data are irresistible to web-based pirates.”
In response, Smith said that cyber liability insurance, which has existed for about 10 years, is evolving to reflect the current environment, helping companies to transfer the risks and costs of data loss and cyber piracy.
“Willis is working closely with the insurance industry to stress test existing policies’ ability to address the nature of cyber crime and develop exclusive wordings that assist in the transfer of these risks. Recent breakthroughs include the introduction of identity theft solutions and Payment Card Industry fines coverage, which helps to protect companies from penalties linked to the mismanagement of credit card data.”