Printed from BusinessInsurance.com

Time to duck and cover as cyber threats loom

Posted On: Dec. 6, 2015 12:00 AM CST

When I lived in New York in the 1990s, my apartment building had a fallout shelter in the basement. Relics of another era, the shelters were found in many buildings in the neighborhood, which was developed during the height of the Cold War. Our landlord had long since converted the shelter into a storage room, and the containers full of water, dehydrated provisions and other paraphernalia intended to keep survivors alive after the bomb dropped had been dispensed with.

I always found it ironic that the shelter was there because, given the ever-changing population in that area of Queens, if there had been any need to use it when I lived in the building, half the people inside it would have been Russian.

Thankfully, the risk of global nuclear war has diminished significantly over the past 50 years. And while we all fear the possibility of a terrorist attack involving a nuclear device, now it's more likely to be some kind of nuclear leak rather than war that would yield a fallout risk.

The old shelter sprang to mind last week when rating agency A.M. Best Co. Inc. released a study that estimated the probable maximum loss for insurers from cyber security risk globally is about $31 billion, which is nearly seven times the PML for a nuclear loss, according to the report.

That's staggering and troubling given how commonplace cyber breaches now are. And that's just the threat today — as the so-called Internet of Things grows exponentially, billions more everyday devices will be connected to the Internet and will suddenly become vulnerable to cyber risks. Moreover, as companies increasingly seek competitive advantages by harnessing data, the risks are going to get bigger and bigger.

Other cyber security news last week also provided new reasons to worry. Toymaker VTech Holdings Ltd., which makes tablets, games and other digital products aimed at kids, announced that data related to about 6.4 million children had been exposed via a hack on the company. VTech said the children's profiles exposed by the hack consisted of name, gender and birth date, which may be of less intrinsic value to hackers than credit card information or Social Security numbers — but for many parents, the notion that hackers are getting hold of personal information on their children is even more disturbing than having their own information accessed.

Of course, no flood of cyber news would be complete without allegations of state-sponsored hacking, which last week came out of Australia, where news reports said the country's bureau of meteorology, which houses one of Australia's largest supercomputers, may have be hacked by China. Chinese officials dismissed the allegations.

And that's just the headlines from one week of cyber security news. Given the huge figures involved and the evident potentially catastrophic vulnerability of many organizations, maybe it's time to refill the water containers, buy some more food packs and head down to the basement — off the grid.