6 Jul 2012

NZ firms warned of risk of cyber attacks

7:28 am on 6 July 2012

Cyber crime commentators say many New Zealand businesses are dangerously unaware of the risk of attacks on their systems.

Their warning comes as a company launches a new insurance product covering the threat of online attacks.

Hacking has hit the headlines in recent years following high-profile attacks on companies like Hell Pizza in 2010 and, internationally, on Sony in 2011.

Senior manager in fraud investigation at Ernst and Young Matt Hammond says there's plenty of potential for harm.

He says a lot of organisations don't correctly assess the risk that data loss has on their business.

Mr Hammond says it can be catastrophic, particularly in terms of damage to brand and reputation, if there is a substantial breach of sensitive information.

Aura Information Security offers consultation services to companies worried about their security.

Managing director Andy Prow says there are thousands of programmes scouring websites and apps looking for holes where the owner is vulnerable.

He says the information that it's possible to hack certain websites can be sold to that company's competition, or information can be stolen directly from the website.

Mr Prow says there are many ways to make money from knowing that websites are vulnerable to attack.

A lawyer at DAC Beachcroft, Mark Anderson, says the level of cyber crime is somewhat understated because companies don't currently have to tell customers if their data has been compromised.

"The UK and the EU have imposed regulations and rules requiring organisations to notify when personal data breaches have occurred.

"Similar reforms are occurring in Asia, Australia is presently undertaking a review of its privacy legislation and (is) likely to include a requirement that organisations notify in a compulsory way of any data breaches".

Mr Anderson says New Zealand is also undertaking a review which is expected to be tabled before Government with recommendations in September this year.

Last year, web security company Symantec estimated cyber crime costs New Zealanders $625 million each year.

Figures like that have encouraged insurer Chartis to launch its cyber crime insurance product in this country.

Spokesperson Ian Pollard says the industry is already well established in the United States, taking in $US1 billion of premiums each year.

He says cyber risk is a serious and costly issue for US organisations and the insurance, technology and risk management markets have grown in response to that.

Mr Pollard says awareness of cyber threats is much lower in Asia and the Pacific, despite the fact cyber threats are there, are real and are growing.

Chartis says the insurance covers losses for the company attacked and the liabilities of third parties whose data has been compromised.