How Deep Does the Rabbit Hole Go?

Posted: by Matthew J Denehy

An interesting headline for an insurance article I realise but I am continually surprised how far and wide reaching this new “cyber thingy” is taking hold across the globe. And the effect is largely unseen as a clear majority of businesses don’t report these cyber hacks or data breaches to anyone and just battle through. Perhaps because there is no one to report them to or they are simply not insured.

When will it stop? Or a better question, how far will it go? Hence my article headline.

I heard recently that Artificial Intelligence will soon be deployed into cyber hacking, no need for human intervention to search and find the next victim. They will deploy a selflearning program that continues to watch and act as necessary and strike when the percentage variables are right, mainly down to our traits of repetitiveness and laziness.

A case in question!

Recently a builder had his email systems compromised likely from a phishing email, which opens a backdoor into your computer. Originally I struggled as to see how a builder would need Cyber Event Protection, most don’t use computers that much and outsource anything that isn’t building and tools of trade.

However I was wrong, here’s how it panned out:

The builders’ own email system sent an email to the owner while the builder was in mid-flight on an overseas holiday so could not be contacted by anyone. The email requested that the owner make a progress payment as scheduled. That was sent onto the bank with the relevant Tax Invoice with all the proper details on it, just different bank details. It seemed evident that the bank received the correct documentation from the builder and authentication from the client that the job had been completed as scheduled and proceeded to make the payment.

Voila! Money transferred into hackers account, promptly withdrawn and account closed, never to be seen again.

The builder when he returned sent the proper Tax Invoice to the owner and that’s where the problems started. Threats about Court and not finishing the job were worthless. The builder needed the progress payments to continue other works, in this case the builder may not survive this episode. And to think that I didn’t think a builder needed Cyber Event Protection Insurance.

This is fast becoming known as a “Digital Fire”, a phrase coined by Troy Filipovic, Managing Director of Emergence Insurance who specifically only underwrite Cyber Insurance on behalf of Lloyds of London. Troy and I recently presented to a large client in the Northern Rivers and Troy’s statement of “Every organisation relies on digital in some way – to communicate, to transact or to compete. Data breaches and cyber events are not an IT security problem but a business problem. There is no such thing as an impenetrable system. Compromise is expensive, it can include financial losses, damage to reputation, loss of intellectual property and disruption to business.” He couldn’t be truer.

I’m just asking you: Do you have your passwords saved in a folder in your emails called passwords, or a word document called “Passwords”? It’s all too easy for the hacker!

These events are often random and can affect both small and large companies. Distribute IT was a $50 mill turnover business with a 10% market share managing 250,000 domains, 30,000 hosting clients and 3,000 resellers with offices across Australia and Jakarta. They were in the process of an IPO onto the Australian Stock Exchange. One lonely trucker who was trying to get a job in the IT field applied for a job and didn’t get it so decided to take it upon himself to demonstrate how good he was and with 6 DoS (denial of service) attacks, the primary server and 4 levels of backups were destroyed. The regulator stepped in and took over the business and it no longer exists today and that lonely trucker is currently in jail.

A sad story for the owners and investors and illustrates how easy it is to be a victim even when you do nothing wrong.

So if you buy an Insurance Policy to protect you what events are you covered for?

  1. Cyber Event Response Costs Costs incurred through event response and management services
  2. Losses to your business Costs and revenue replacement cover
  3. Loss to others Sums payable including regulatory fines, penalties and defence costs
  4. Contingent Business Interruption Costs and revenue replacement if an external supplier suffers a cyber event
  5. Cyber Theft Replacement of first party (yours) and third party (others) funds and telephone freaking
  6. Tangible Property Replace tangible property that has been damaged as a result of a cyber event

As you can see there is a fair bit of protection involved in a policy and like all insurance policies you probably won’t get to use every section (unless you’re tremendously unfortunate)

NOTE: This article is general in nature and does not provide any personal advice. Oracle Group (Australia) Pty Ltd t/as Agile Insurance Advice have not had the opportunity to understand your personal and business financial circumstances. Should you wish further information, please always refer to the Product Disclosure Statement.

Share socially

LinkedIn Google+

Subscribe to NRBM »