Nine out of 10 New Zealand businesses are likely to have ineffective insurance cover should they suffer a technology-related catastrophe, IT industry leaders have been warned.
They should reassess the risks facing their business and check their liability fine print of their insurance policies, says Mark Jones, a principal at insurance firm Marsh. Marsh claims $US5.2 billion revenue and 36,000 staff.
Jones, speaking at an IT law seminar in Auckland, cites a UK survey which found that 30% of businesses don’t know if they are covered for technology risks, 25% admitted they were not and 37% believed they were covered by general policies. Only 8% had specific IT insurance. “In our opinion, 92% are not covered,” Jones says, suggesting the numbers are likely to be similar in New Zealand.
Most fire and general policies have narrowly defined terms, Jones explains, so “physical loss” may not cover a virus or data loss, or policies would impose “cyber-exclusions”.
Businesses face traditional risks such as damage to systems, damage to records, extortion, business interruption, theft of money and of information. As they go online, says Jones, they face perils such as viruses and hackers, as well as damage from disgruntled ex-employees and cyberspying from competitors.
He says 80 customers of Telecom’s Safecom security service reported 972 new viruses in January and logged 8500 malicious incidents. But companies not using such services may not even know their systems are being attacked.
Businesses, Jones says, also face growing third-party exposure from the transfer of viruses to other systems, defamation, breach of intellectual property, fraud, privacy and other workplace issues. Britain’s Norwich Union insurance faced a $1.6 million libel payout recently after a staffer put in an email that a corporate rival was being investigated by the Department of Trade and Industry. This email was passed around the country but was eventually traced back to Norwich Union, which was held liable.
On the subject of intellectual property, Jones spoke about a local manufacturer of loudspeakers, Slab, who rebuffed a takeover bid from a UK firm only to find it later claiming that Slab had breached its intellectual property rights. This cost Slab hundreds of thousands of dollars in legal fees, forcing Slab to find extra funds, not to mention the unwanted distraction. Christchurch-based Jade recently found a company exhibiting at an Australian tradeshow was using its logo. Jade spent $100,000 before the offending firm withdrew its product.
Norwich Union would be told that staff sending emails was not part of its business, so it probably would not have been covered by its insurance, Jones says. Slab and Jade would have needed specific intellectual property insurance to help fund its legal battles.
The meeting also heard that an Auckland graphics firm recently lost a server in a break-in. General insurance would have replaced the server but not the cost of the lost data on it and the cost to the company of having to re-do some designs for its systems before it could serve customers effectively.
“Insurance can give you dollops of cash. But it cannot make up for loss of trust, damage to reputation, lost opportunity, inefficient processes; and unfortunately, being what they are, insurers will probably increase your premium,” Jones says.
The seminar was the first for IT law firm Glaister Ennor, which has launched a technology group aimed at medium-sized firms.