ALTHOUGH Malaysia has been ranked the sixth riskiest country in the world in terms of cyber threat exposure this year (according to Sophos Security Threat Report 2013), Ian Pollard, vice-president for regional professional liability, financial lines, Asia Pacific at AIG Insurance New Zealand Ltd interprets this as a positive sign because it shows that the nation is making good progress in establishing itself as a knowledge based economy.

“It reflects the fact that Malaysia is seen as a fast growing economy. It’s a professional services and shared services centre so it’s data rich,” he says.

Pollard believes that it is Malaysia’s growing responsibility in managing “critical (business) infrastructure” that makes it such a viable target for cyber attacks.

He also notes that many local organisations have started to wisen up in the face of such threats.

“In the last 12 months, education and awareness (about cyber threats) have increased rapidly. That being said, I think there’s still a need for more education because there are still events making front page news with regards to privacy breaches and security attacks. Organisations need to better prepare themselves and to have in place a better risk management plan around people, processes and technology,” he says.

But it isn’t just companies that need a shift in their current risk management mentality. Even insurance brokers themselves need to work at gaining better insights into the changing needs of their business clients.

“We undertook a survey of 250 global organisations and found that about 86% of those organisations ranked cyber risk as their highest concern. There’s a disparity here with what their insurance brokers thought, which was that cyber risk was the lowest in comparison to other categories presented to them,” Pollard says.

To him, this is clearly evidence that there’s plenty of work to be done yet in educating those from the insurance sector as well.

Be prepared

For small companies who are just starting to look into protecting themselves from cyber risks, Pollard advises them to build up a base level of risk management first.

“They should have a budget in place to invest in network security controls such as antivirus software and a firewall,” Pollard says.

Once these basic measures have been taken, he says they can then move on to consider a wider, more comprehensive risk protection plan which includes things such as cyber insurance.

Besides that, Pollard also highlights the need for greater public and private partnerships to raise awareness as well as to share knowledge and best practices.

“There’s a lot more here than just an IT risk,” he points out.

Cyber threats that organisations could face today include both malicious events such as cyber fraud, industrial espionage and terrorism as well as non-malicious events like accidental system failures or human errors.

Meanwhile, insurance coverage that is available from AIG covers three main areas: First-party protection, third-party protection and tangible benefits.

First-party protection referred to areas such as electronic data restoration and network interruption coverage whereas third-party coverage looked at personal as well as corporate data liability. Tangible benefits includes areas such as media coverage, data crisis response, Cloud failure, contractual fines and much more.

Risk review

Quoting from a recent report, Pollard says that 75% of individuals stated they would stop dealing with an organisation in the event of a security breach. In addition, share prices tended to fall by an average of 5% during the occurrence of such events.

“The most exposed sectors we’ve seen at this stage are financial services, technology, media and telecommunications,” he says, adding that AIG has recently also seen an increase in the level of interest from companies in the hospitality, professional services and retail industries.

AIG launched its cyber insurance product, CyberEdge, earlier this year in June. According to Pollard, it was introduced a little later in comparison to other Asia Pacific countries due to stringent local regulatory requirements and the need for translation.

He shares that the company had initially wanted to see the outcome of the implementation of the Personal Data Protection Act 2010, but finally decided that it would not wait any longer to provide such a solution to its clientele.

“We felt that first-party coverage was a critical service provision for our clients here in Malaysia,” says Pollard.

AIG has also released a free iPad app called AIG CyberEdge, which is available via the App Store. It provides information on AIG’s latest claims, high profile events and its insurance products, and also has a data risk map, cost calculator and glossary.