News from Miller

View our latest press information

Risk managers under-estimate the cyber crime cost and motive according to survey by Miller

In a survey of risk managers undertaken by Miller at this years’ AIRMIC conference, respondents discussed their views on the causes and cost of cyber crime attacks.

The Miller survey asked risk mangers which type of cyber crime was the most expensive. Respondents ranked loss or theft of customer data at the top of their list, and extortion at the bottom. However, according to data provided by the Office of Cyber Security intellectual property theft costs UK plc a staggering £9 billion, closely followed by industrial espionage at £7.6 billion. This is in stark comparison to the cost of lost customer data which was valued at only £1 billion.

They were also asked who poses the greatest threat to an organisation, and respondents listed “organised crime” at the top of their list followed by “current employees”. However, they were much less concerned about their current service providers posing a risk – ranking it second from bottom in six possible choices. This might mean that while businesses are focussing closely on their own IT security, they are not paying sufficient attention to other service providers who may be critical to the actual performance of their business in terms of providing networks, computer driven logistics or web-driven sales.

Kiran Nayee, from Miller, commenting on the results of the survey said “The cost to UK business each year from cyber crime now totals more than £21 billion – a significant cost when economic times are challenging. The reports we have read estimate that, in the last year, hostile cyber attacks on companies accounted for nearly one third of all UK data breaches – up from around 22% the year before. With legislation becoming more prescriptive, the liability costs of these incidents are becoming increasingly expensive in terms of detecting and fixing the security gaps as well as the expense incurred in informing potentially millions of customers whose data was compromised, and monitoring their credit ratings going forward. The insurance industry has responded by creating a thriving market for third party liability cover for this risk.

“However, many businesses are now increasingly dependent on data and networks to deliver their sales –whether that is through logistics or perhaps web-driven sales. If an attack results in the networks failing – with the subsequent of income – then this is a different risk profile entirely, one that is a first party business interruption type risk albeit without any physical damage having been done. We have worked with a number of specialist underwriters to create capacity for this as a named peril on a trade disruption policy.”