Zurich report warns complex technologies for Australia's big business are riskier than expected

A report into future cyber risks for large companies operating within Australia warns current cyber risk management is flawed due to new technology that is too complex for many to understand.

The report, Risk Nexus - Global interconnections of cyber risk: impact on large companies, found that while larger companies must embrace new technologies, they 'will likely prove to be riskier than currently assumed' in terms of cybercrime risk.

The coupling of poorly understood technologies means disruptions will likely come with increasing frequency and intensity and intellectual property will be increasingly vulnerable to theft, even from well-protected companies.

Released as part of a series on global aggregations of cyber risk by Zurich and The Atlantic Council, the report determines that larger companies should have risk management procedures in place under the expectation of a likely future global internet failures for reasons similar to those that put the global financial system at risk in 2008.

Head of Financial Lines Australia and New Zealand, Marc Luginbuehl, says while new technologies such as cloud storage, robotics, and IT-driven manufacturing systems such as SCADA have allowed larger companies to increase efficiency and lower costs, they have also come with the price of significant cyber risks.

"With the majority of front and back office operations coming to rely so heavily on these technologies, it opens the door to mayhem and ruin if hackers and cyber criminals strike," says Marc.

"Even though one aspect of the system is very well understood, the links and interactions business isn’t always as familiar with other aspects of the system and that's where the weakness often lies for cyber disruptions and attackers."

Marc believes that although larger companies are big targets for cybercrime, they have the advantage of possessing more resources to find solutions.

"Larger companies need to implement board level risk management, put in place incident response and continuity training, shift toward resilience and agility and embrace technologies. These proactive strategies will ensure they are carefully managing their risk."

"They should also push out the risk horizon to look at specialist external providers beyond their own internal technology risk management capabilities, and of course, improve cyber security - the one thing many companies don’t take far enough."

Key findings in the latest annual Cyber Crime and Security Report 2013 from The CERT - Australia’s national cyber emergency response team - highlight this problem as one of its key findings in a range of concerns and potential vulnerabilities, stating 'only 27% of organisations had increased expenditure on IT security in the previous 12 months'.

It also found '61% of organisations do not have cyber security incidents identified in their risk register', prompting the report to conclude that this may be linked with the identified need for management and CEOs to improve their IT security skills and practices - and perhaps awareness.

"The CERT report also alarmingly revealed that 54% of organisations surveyed had identified cyber security incidents on their networks in 2013, representing a 34% increase over the 2012 result."

With many of the incidents occurring in the form of targeted emails, followed by virus or worm infection and Trojan or rootkit malware, respondents felt these cyber security incidents were specifically targeted at their organisation rather than random or indiscriminate.

Marc says larger companies only need to take a relatively small set of actions to protect against most cyber risks. They should also realise the value of cyber protection and liability insurance as part of their risk management strategy.

Zurich's Security and Privacy policies insure against risks most commonly associated with privacy breaches, security events and the resultant business income loss.

The full report can be downloaded from the Industry Knowledge section on www.zurich.com.


For further information contact:

Helen Black
Head of Marketing, Communications & Customer, General Insurance
Zurich Financial Services Australia Limited
Level 3, 5 Blue Street, North Sydney, NSW 2060

Phone: +61 (02) 9995 1368
Email: Helen.black@zurich.com.au

Zurich Insurance Group (Zurich) is a leading multi-line insurer that serves its customers in global and local markets. With about 55,000 employees, it provides a wide range of general insurance and life insurance products and services. Zurich’s customers include individuals, small businesses, and mid-sized and large companies, including multinational corporations, in more than 170 countries. The Group is headquartered in Zurich, Switzerland, where it was founded in 1872. The holding company, Zurich Insurance Group Ltd (ZURN), is listed on the SIX Swiss Exchange and has a level I American Depositary Receipt (ZURVY) program, which is traded over-the-counter on OTCQX. Further information about Zurich is available at www.zurich.com.