Advancements in the Information Technology sector are opening up new applications, but also creating new risks.
According to global reinsurer Swiss Re, so-called cyberrisks pose mounting challenges for companies, and corporate risk management needs to consider the threat of losses in turnover and reputational damage.
In 2011, more than 232 million data records containing personal information were stolen or compromised globally, of which about 23 million records related to people in the U.S. According to the “Cost of Cyber Crime” study conducted by the Ponemon Institute, stolen data records can cost an average of $200 per person. In Germany, crime statistics compiled by the police indicate that about 60,000 cases of cybercrime were recorded in 2011.
Cyberrisks can take a wide variety of forms. Virus infections, internet fraud, industrial espionage, misuse of personal data (identity theft), copyright infringements or denial-of-service attacks that block targeted sites by overloading them with communication requests – the companies affected may suffer extensive loss either in terms of turnover or as a result of liability claims made by clients or business partners.
Most traditional property and liability policies provide no cover for cyberrisks. That is why there is increasing demand in the corporate sector for insurance solutions that address this new risk situation and especially its inherent potential for loss accumulation. Depending on their design, individual policies may now cover a wide range of first-party and third-party losses. A British market research firm reports that 30 percent of major U.S. companies have already acquired cover against cyberrisks, as compared to just five percent of the companies in Europe.
“Adequate insurance against data abuse should be a standard element of commercial insurance because this is a context in which any company can suffer loss of turnover or image impairment,” Thomas Blunck, member of the Munich Re board of management, said in a statement.
Munich Re recently published a comprehensive brochure on cyberrisks. In addition to illuminating specific aspects such as the issue of liability for Facebook parties or the special legal situation in the U.S. The brochure “Cyberrisks: Challenges, strategies and solutions for insurers” offers an overview of the various types of loss and liability. Cyberattacks can burden companies with substantial costs, for example:
• Due to business interruption resulting from the disruption of IT operations or the necessity of conducting a forensic investigation of the causes
• For legal counsel, attorneys and penalties or for defence against lawsuits
• For data and system recovery, notifying the clients affected and repairing reputational damage
• For liability vis-à-vis third parties, an aspect important particularly in the U.S. where there is the risk of especially high damages claims (also via class actions).