Cyber Crime – facts and figures

Barely a day goes by without some form of data breach being reported in the media, be it a competitor looking to gain an edge by stealing sensitive data, a disgruntled ex-employee looking to take retribution on a former employer, or the more traditional image of a technology “nerd” sitting in his bedroom pitting his wits against mankind
As an insurance market we have not helped ourselves by labelling our product “Cyber”. Most other products do what they say, for example “Property Damage” covers damages to property. You can purchase Cyber insurance to protect your balance sheet and it is typically on a pick and choose modular basis that can be tailored to your risks and price point.
Further articles will better describe the events that are typically covered under the policies we can source on behalf of our clients. In fact, there is barely a person, let alone a business, that is not vulnerable.
Following is some raw data that confirms what our industry, as well as those bodies enforcing the law, have been attempting to inform the public. Cyber Crime is the ‘new burglary’.Yes, the thieves may not wear balaklavas, break locks or jimmy windows, but their form of trespass is every bit as intrusive.

The average cost per individual for a data breach in 2012 was $141 in Australia, US$188 in the USA, and GBP86 in UK, according to the Ponemon Institute’s 2013 Cost of a Data Breach Report.

The average cost per data breach in 2012 was $2.72m in Australia, US$5.4m in the USA, and GBP2m in the UK, according to the Ponemon Institute’s 2013 Cost of a Data Breach Report.

The Verizon Data Breach Investigations 2013 reports that, of the 47,000 incidents in 2012, 37% affected financial organisations; 23% affected retail firms and restaurants; 20% affected manufacturing, transportation and utilities; and 20% affected information & professional services firms.

They also report that 52% of incidents used some form of hacking; 76% of network intrusions exploited weak or stolen credentials; 40% incorporated malware e.g. viruses, trojans, botnets; 35% involved physical attacks e.g. coming onto your site to install spyware; 29% leveraged social attacks e.g. socially engineered emails; and 13% resulted from privilege misuse and abuse e.g. an employee abusing clearance rights.

On 12 March 2014 new Australian Privacy Principles (APPs), amendments to the Privacy Act and fines of up to $1.7 million for agencies and companies and $340,000 for individuals for serious or repeated invasions of privacy (i.e. for breaches of the APPs/Privacy Act) become effective.