Talking about Cyber Crime
Guest writer and President/CEO of Adventist Risk Management, Bob Kyte, shares his thoughts on Cyber Crime and how it affects the Adventist Church.
Reports of the Australian Crime Commission and Australian Federal Police indicate that theft of identity is an increasing problem across Australia. A few years ago a survey report by the Australian Bureau of Statistics indicated over a half million victims of identity fraud in a twelve month period. In the United States, approximately 10 million people experience identity theft each year.
Tied closely to the crimes related to identity theft are other cyber threats that businesses and other organisations (including churches) must address. Organisations and business want to avoid liability associated with breaching of their technology and the loss of identities and other valuable information they maintain.
So how does a breach of data owned by the Church take place and what can be done about preventing such loss? Reports indicate that 37% of data losses by organisations result from malicious attacks. This percent has been increasing each year as more criminals endeavor to penetrate computer systems to obtain information that can be used to illegally obtain funds. That information, either used by the hacker who comes into your system or sold to another criminal organisation, may be spread around the world in a matter of moments causing havoc to the individuals whose information is stolen and to the organisation that allowed the loss to occur.
In addition to the malicious attacks, another 24% of losses occur because of system glitches. Organisations that do not have competent security systems may cause the losses whether it is by allowing a malicious attack, or worse, by inadvertently allowing distribution or exposure of private information. Even more concerning is that 39% of losses occur because of negligent insiders. This may be from the loss of an unencrypted laptop or misplacing a thumb drive that contains private information. I know the response to this by many—it will never happen to us! Be assured it can and has happened to organisations in the Seventh-day Adventist Church causing loss of trust for the organisation and costing large sums of money—in one case well over $1 million.
Recent studies in the United States indicate that cost per loss event has climbed to over $5.5 million. Broken down to the individual whose information is lost, this cost is now over $200 per record lost. Why so much? In the United States, as in many countries around the world, there are numerous privacy laws that require notification to each person whose records have been exposed to such a loss, even if there has been no use of those records. Jurisdictions have very specific requirements as to when, how and what must be included. A whole industry has been developed to provide these services to organisations that have suffered such losses because the work to meet these requirements is beyond the everyday abilities of most organisations who have suffered lost data. One data loss by a small to mid-size company may now put the company in jeopardy of closing down. Between the cost to the business to cover data breach expenses and the loss of business resulting from the breach of trust of customers, the company may find itself unable to recover from the financial disaster.
What Can Be Done to Prevent Data Losses?
- Identify the risks to your organisation and takes steps to address them.
- Educate employees on how to protect information and hold them accountable.
- Implement a security system that includes firewall and intrusion prevention in order to keep malware and other problems out of your systems, as well as system alerts to notify you of a breach.
- Have policies in place that prevent confidential information from leaving the premises without specific approval.
- Proactively encrypt laptops and other devices to minimize consequences of a device being lost.
- Be sure that proper passwords requirements are in place for all devices including desktops and mobile devices.
Transfer the Risk
With the growing problems of cyber liability associated with data breaches and loss of data has emerged cyber liability coverage that assists organisations when things go wrong. Traditional insurance coverage such as business interruption, loss of property and so forth generally apply to loss of tangible property. Data and intellectual property which are intangible property are excluded from coverage for loss and the consequences of such loss. Cyber liability insurance provides an important element of insurance coverage for organisations to recover from such losses and pay for the resulting costs of addressing the required notifications and actions needed to recover from such an event. A good cyber liability insurance policy will assist in paying both third party damages for individuals whose information is lost as well as first party coverage for the loss of and damage to the digital data stored by the organisation.
Good stewardship of the organisation’s assets extends to the information entrusted to you by church members and the public. That duty of stewardship means protecting information and providing assistance to individuals should an unfortunate event occur. Taking preventative steps to protect data and providing the organisation with cyber liability insurance are all part of a good stewardship program for the Church and to instill trust in those who provide the Church with their confidential information.
Adventist Risk Management have made available a recording of their recent webinar discussing this topic. You are welcome to view the 30 minute webinar, available on YouTube via this link.
You can also download this 4-page PDF, prepared by Marsh is relevant to the Australian context and worth reading if you are time poor.
If you are based in the South Pacific Division and would like to register your interest in cyber liability cover please contact us.