“In 2015 we fully expect a business to fail due to the financial consequences of a cyber-attack,” says Joe Hancock, cyber security specialist at Lloyd's insurer AEGIS London in a statement received by SCMagazineUK.com.
Hancock adds: “These attacks are now increasingly destructive as we have seen with the recent attack on Sony Entertainment and statistics from the Organisation of American States (OAS). This trend is going to continue, with affected businesses squeezed between a shrinking top-line due to reputational harm and rising costs to get back on their feet.”
The company warns that the costs of cyber-attacks are increasing as the volume of data stolen rises and the attacks themselves become more destructive, with greater numbers of destructive attacks predicted for 2015 and beyond. Direct costs of an attack and claims of negligence such are likely to increase the cost of doing business and detrimentally affect future earnings suggests AEGIS.
Directors and their governance processes are clearly implicated says Hancock, adding: “Cyber attacks are the new normal. It is not enough to say ‘it won't affect us', ‘it wasn't patchable' or that an attack just wasn't detected – the latest ruling shows that claims of negligence may follow, which, if successful, can result in substantial damages and derivative shareholder claims. For now is firmly a corporate governance issue.”
While the statement issued does not call on the industry to get insured for cyber-risk, that appears to be the clear implication given the source of the report.