Cyber Risk Loss Control Should Not Just Respond to Worms Or Viruses, Warns American Insurance Association
All Businesses Should Maintain Ongoing, Enterprise-Wide Risk Management Programs
Date: August 15, 2003
The proliferation of the "MS Blaster" worm this week clearly demonstrates just how vulnerable both private and public sector entities remain to an ever-growing variety of cyber threats, according to the American Insurance Association (AIA). In response, the insurer group urged businesses of all types to immediately institute preventative measures to mitigate the devastating losses that can occur as the result of cyber crime, cyber mischief, and/or cyber mistakes.
"Vigilance is key," stated Eric Goldberg, AIA assistant general counsel. "There is absolutely no doubt that the best defense against a number of cyber risks confronting businesses today is a well-constructed loss control program. Unfortunately, way too many businesses and individuals still wait for the latest high-profile outbreak or threat before focusing on and updating their own system security. That could be a very costly mistake."
As the global economy has become increasingly dependent on technology, cyber crimes have continued to escalate^; they include not only creation and distribution of malicious code (like viruses, worms or Trojan horses), but also unauthorized access by insiders (employees) and outsiders, theft of proprietary information, identity theft, software piracy, disruption of network traffic, financial fraud and electronic espionage.
Cyber-crime costs American business an estimated $14 billion annually, and the situation is getting worse. The Computer Emergency Response Team (CERT) at Carnegie Mellon has found that the number of reported security incidents increased from 21,756 in 2000 to 82,094 in 2002, to 42,586 in the first quarter of 2003 alone. In its latest annual survey on cyber risk, the St. Paul Insurance Companies found that 90 percent of responding companies had detected at least one electronic breach of security in the previous 12 months, with 80 percent of those acknowledging a financial loss due to a breach.
While these numbers are alarming, they do not present the full picture of the frightening potential for loss. Just as dangerous to a company are internal threats, such as employees who inadvertently forward harmful computer code or attachments, give passwords to unauthorized users, violate other organizations' copyrights, or fail to properly apply a patch to affected computers.
Despite this multitude of threats, much of corporate America remains vulnerable when it comes to electronic security. "The better course of action," Goldberg said, "is to be proactive. Identify potential loss exposures, plug any holes that are found, and implement strong all-employee policies before any system weaknesses are exploited."
Original article at: http://biz.yahoo.com
^macro[showdigestcomments;^uri;Cyber Risk Loss Control Should Not Just Respond to Worms Or Viruses]