A megabyte of prevention. (Up front: news, trends & analysis).
Intrusion prevention is absolutely critical for every company, but especially for those with access to sensitive information. Experts say such organizations are particularly vulnerable to professional hackers, who can cost companies millions in lost revenue and productivity with each cyber attack. A 2001 Computer Security Institute (CSI)/FBI study reported that the average company loss due to vandalism and denial-of-service attacks is $2 million.
At the recent Internet Security Alliance Conference (ISAlliance) in South Carolina, experts urged companies to take a more holistic approach to cyber security with a clearly defined and implemented Internet security policy.
According to Robert D. Wice, AIG eBusiness Risk Solutions manager of underwriting, specific strategies--or risk management building blocks--can help companies avoid cyber-security breakdowns. For example:
* Personnel must be educated about Internet security and familiar with the company's security policies.
* A crisis management team should be in place and active.
* Ensuring that the company's technology is up to date can prevent security problems.
* By strengthening foundations within the company, security breaches can be avoided.
* Enforcing a total risk management program greatly reduces the challenge of a security problem within the company.
* By implementing a loss-prevention service, the company can analyze, mitigate, and prevent legal liability and damage from a cyber attack.
Wice said uninsured companies are extremely vulnerable to cyber-security breaches as the number of risks increase and become more severe. First-party losses include corruption or loss of data, business interruption, repair costs, extortion costs, damage to reputation, and loss of market capitalization. Additional risks include Web content liability such as libel, slander, and trademark infringement; professional errors and omissions liability; and network security and liability loss.
But it's not good to use traditional insurance to cover cyber security. Because courts have ruled that data is not tangible property, companies that have invested in traditional insurance may be left financially devastated. However, cyber-security risk insurance enables a company to take the financial loss off its balance sheet and move it to that of a third party. Wice predicts that Internet risk insurance will grow to $2.5 billion by 2005.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Industry Trend or Event; Industry Legal Issue; against computer crimes|
|Publication:||Information Management Journal|
|Article Type:||Brief Article|
|Date:||Jul 1, 2002|
|Previous Article:||Cyber security: key to homeland security. (Up front: news, trends & analysis).|
|Next Article:||Virtual vulnerabilities. (Up front: news, trends & analysis).|