In a recent FT article, Janet Williams, the lead on cybercrime
initiatives for the Association of Chief Police Officers, commented
that insurers should agree only to provide cover against cyber
attacks to companies that meet a minimum cyber defence Kitemark
Cyber crime attacks have now been upgraded to a "tier
one" national security threat. Government statistics have
estimated that cyber attacks cost businesses approximately
£21bn a year and high profile commercial victims of
cybercrime include Sony and Lockheed Martin, the military supplier.
More recently, the website of the Serious Organised Crime Agency
(SOCA) was subjected to a Distributed Denial of Service (DDoS)
attack, which overloads a site with data requests with the aim of
making it inaccessible to users.
In November 2011, the police central e-crime unit worked with
various UK banks to convict members of an international cybercrime
outfit who used a computer virus to steal £3m from online
banking customers. This kind of collaboration signals an effort
from businesses and financial institutions to discuss attempted
cyber attacks to help the police combat cybercrime and to improve
their own risk management procedures.
Another area of exposure to cyber attack will be operations for
the London 2012 Olympic Games this summer: the organisers are
already gearing up to deal with cyber disruption based on the
experience of the 2008 Beijing Games, where operators reportedly
received 12 million cyber attacks a day despite extensive firewall
protection against computer viruses.
Insurers have responded to the notion of establishing minimum
security standards to prevent cyber attacks through the launch of
The Cyber Insurance Working Group. The Group comprises technology
insurers including Liberty, Zurich and CNA Europe, plus specialist
technology insurance broker Oval. Other insurers selling cover for
cyber attacks and security/data breaches could be keen to
The Group plans regular meetings to develop a framework of
recommended information security practices and procedures,
including adequate business continuity plans and corporate
information security policies.
The aim is that insurers providing security cover will be able to
demand a specific structured demonstration of commitment from their
insureds and ultimately avoid the costly fall out from claims,
particularly in circumstances where there is little scope for
insurers to make any significant recoveries in the event of a loss.
Cyber attacks involving a complex web of data/security breaches and
multiple individuals can be difficult to prosecute through the
criminal courts and whilst companies and insurers may want to
pursue civil cases against cyber offenders, it remains to be seen
whether these actions would suffer from the same
The benefit to insured businesses implementing the minimum
standard will be a strengthened infrastructure and cyber risk
This article was written for Law-Now, CMS Cameron
McKenna's free online information service. To register for
Law-Now, please go to www.law-now.com/law-now/mondaq
Law-Now information is for general purposes and guidance
only. The information and opinions expressed in all Law-Now
articles are not necessarily comprehensive and do not purport to
give professional or legal advice. All Law-Now information relates
to circumstances prevailing at the date of its original publication
and may not have been updated to reflect subsequent
The original publication date for this article was
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A discussion on a recent judgment of the High Court of New Zealand, which indicates how New Zealand courts will approach indemnity disputes associated with commercial property damage caused by the Christchurch earthquakes.
This case considered whether, where a liability policy contained an exclusion excluding liability arising under a contract, unless such liability would have attached in the absence of such a contract, and where there was a judgment finding the insured liable for breach of contract, that foreclosed the question as to whether there was also tortious liability that would fall within the terms of cover.
A recent Court of Appeal case, has fired a warning shot that the costs of preparation could be disallowed if skeleton arguments are not kept as concise as possible.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”