CyberEdge Chartis Insurance New Zealand Ltd, today warned that cyber threats now pose a significant risk to New Zealand businesses.

New Zealand is ranked 4th in the world for cyber attacks. Last year they cost New Zealanders an estimated $625 million, with 50 percent of responding New Zealand companies experiencing high levels of cyber attack. 40 percent of employees receive no cyber security training and the majority of our businesses say they have no cyber attack response plan in place.

Chartis Vice President, Asia Pacific and Far East, Ian Pollard said New Zealand businesses are woefully unprepared for cyber risks.

"The financial cost of cyber attacks can be enormous and is growing as our reliance on digital media expands. This can result in lost productivity, legal intervention, lost intellectual property, and reputational damage coupled with the loss of customer confidence.

"More businesses need to know that if customers perceive that their personal details are under threat, they will switch to a competitor."

Publicly listed companies have further cause for concern, with the average share price drop for notifying the market of a network security breach shown to be five percent.

Global responses to Cyber threats

There has been a 2000 percent increase in cyber attacks over three years with more than 49 percent originating from the Asia Pacific region.

Cyber crime was the 4th largest economic offence for companies worldwide in 2011. In the previous survey, just two years earlier, it was virtually non-existent.

In addition to malicious cyber risks, companies can also fall victim to 'non-malicious' cyber events, including massive disruption or system failure, or human error and for which the financial and reputation damage can be just as significant.

Businesses in other countries are already responding to these threats and Chartis Insurance New Zealand's CEO, Cris Knell is urging local business leaders to take action to meet the same level of preparedness as their counterparts in the United States and other developed OECD economies.

"As New Zealand businesses position themselves to compete and win on the international stage, it is vital that they attain competitive global standards in safeguarding their data and securing their customers' confidence.

"It's no coincidence that the World Economic Forum ranked cyber risk as the single largest threat to global infrastructure for 2012, ahead of financial collapse, natural disaster or traditional terrorism," said Mr Knell.

Safeguarding against Cyber threats

The rise in cyber threats prompted Chartis to develop a new specialised insurance product called CyberEdge, which provides the first comprehensive coverage for cyber attacks and data loss in Asia Pacific. It covers cyber liabilities that most general insurance does not cover.

Launched today, CyberEdge is especially designed to address the consequences of losing corporate information or personal data as a result of either malicious or non-malicious attacks, as well as covering companies' liability arising from data protection laws. CyberEdge also includes coverage for specialist PR assistance to minimise reputational damage and restore trust in the company following a breach.

"Insurance can give financial protection against cyber risks, helping organisations in New Zealand strengthen their defences against cyber threats.

"We've seen some high profile data and privacy leaks in New Zealand hit the headlines recently, some of which may result in compensation and financial damages for the data users. CyberEdge's comprehensive coverage also provides victims with legal access and assistance with minimising reputational damage 24 hours a day, seven days a week," said Mr Pollard.

Andy Prow, Managing Director, Aura Information Security comments that there is a pressing need for data protection.

"While companies are becoming more aware of the cyber risks facing them, it is somewhat alarming to note that more than 60 percent of NZ companies use less than five percent of their IT budget on security," says Mr Prow.

Mr Prow further commented that managing cyber risk can no longer be the sole domain of Information Technology service providers.

"The consequences of cyber attacks are so far reaching that all levels of an organisation from the Chairman down, need to take action to protect against cyber threats."

Cyber threats and the law

Mark Anderson, a cyber liability insurance law specialist at DAC Beachcroft, has observed that privacy and security legislation is being strengthened by Governments worldwide.

"It is inevitable that New Zealand's 20-year-old Privacy Act will soon be repealed and re-enacted following a Law Commission review completed last year.

"Proposed changes to NZ's privacy and cyber crime legislation include the mandatory disclosure to affected individuals of any personal information lost by businesses. There are already a number of jurisdictions, including the United States and Europe, that are forcing organisations to reveal when personal or sensitive information they held electronically has been stolen or lost. Anyone with electronic business or data in those regions face the peril of considerable compliance costs in investigations, reporting and responding to privacy regulators, in addition to the actual cost of the lost, damaged or compromised data. New Zealand businesses need to safeguard those costs with risk management plans and adequate insurance portfolios. "

Monitoring Cyber threats

Matt Hammond, Senior Manager, Fraud Investigation and Dispute Services, Ernst & Young said Cyber threats range widely in scope and have far reaching consequences.

"Over the last few years, companies in every industry sector around the globe have seen their sensitive internal data lost, stolen or leaked to the outside world.

"A wide range of high-profile data loss incidents have cost organisations millions of dollars in direct and indirect costs and have resulted in tremendous damage to brands and reputation.

"Economic pressures on individuals and the monetisation of data on the black market have created an environment where people with access to information can convert data into cash," says Mr Hammond.

Mr Pollard concluded that technology trends such as social networking, the proliferation of mobile devices, and cloud computing, will cause the risks to data security to grow. These trends highlight an even greater need for organisations to vigorously protect data.