Cyber liability is becoming an increasing threat for businesses - many of which have taken heed of the numerous warnings and started to protect their assets

The Financial Times Deutschland was reporting at the end of August that industrial giant ThyssenKrupp had only managed to find 30% of the insurance cover it wanted against possible attacks from German computer worms that could sabotage production.

That news has been heralded as good in terms of boosting awareness of the problem, but bad in that it suggests demand is outstripping the supply of insurance. Joerg Nientiedt, director, corporate audit and consulting division, Bertelsmann and a speaker on the subject at the DVS 2012 Symposion believes, however, that despite such high-profile stories, boards do not neccesarily realise the risk applies to them.

“In our experience, it is very useful to demonstrate to people how easy access to data can be. We call this ‘friendly hacking’. On behalf of the company, I hack into our own network and check which kind of information I am able to access. By testing and evaluating this, everyone involved becomes aware of holes in the security system,” Nientiedt says.

In recent times he has become aware of more targeted hacking. “In the past, trojans were designed to attack a broad range of users, but today’s attacks are more focused. This makes an early detection of these viruses extremely difficult.”

However, Daimler Insurance Services GmbH chief executive and chairman Dr Hanns Martin Schindewolf, says: “Our ‘digital life’ also requires digital insurance solutions. The threat of business interruption caused by cyber risks is also an opportunity for insurance companies. They can open up a new market by providing clever risk management.”

Developments in technology still pose some of the greatest risks. For example, firms are signing over data storage to cloud suppliers without fully realising the implications, Nientiedt says. “In general, users make quite a leap of faith by giving their data to a cloud provider. While normally the security of such systems is comparable to that of other servers, the general framework is totally different. If companies get rid of their own infrastructure and rely on external data storage, they are obviously very much dependent on that provider.”

DAC Beachcroft’s head of cyber risk Patrick Hill suggests cloud users check the small print of contracts and keep control of where data is stored. “Cloud providers store information around the world, including locations with physical risks such as hurricanes or floods. Companies do not realise, but the way legislation in Europe is moving, they will retain responsibility for what happens to the data – even when it is under the control of cloud providers. If something happens it is still their fault.”

As Nientiedt says, “Sometimes I am surprised how naive some people are with regard to this issue.”