In Lord Levene’s address to the conference he cited the report adding “Now if your business stores its IT files in Asia or the Gulf of Mexico, and a flood or storm strikes, your systems could fail in London. Suddenly, the wet and windy South of England is exposed, through a computer connection, to a natural catastrophe.”  Indeed, Jaak Aaviksoo, Minister of Defence for Estonia went on to highlight his country experiences when they suffered a nation-wide cyber attack in 2007 over a dispute with Russia over the moving of a war memorial.

The digital risks report itself focuses on some of the trends and emerging risks posed by the revolution in digital and communications technology with the aim of raising the profile of these risks within the insurance industry and amongst risk managers in affected businesses.  Key topic areas included:

• the rise in the number and sophistication of cyber crime attacks;
• highlighting the legal and liability issues surrounding internet or ‘cloud’ computing;
• the risks and opportunities of ‘Web 2.0′ and the unprecedented level of sharing of information that the internet makes possible;
• raising the potential risks due to the increasing trend of using Global Positioning System or GPS within industry and transport; and
• reiterating the fact that this new virtual world is still grounded in the physical world and that natural or man-made disasters could have significant impacts on the digital economy.

Beyond those reports referred to in our report, there are several others that highlight other facets of this interesting and increasingly pertinent risk topic, including several strategy reports that summarise the current infrastructure and threats.  Insurers with cyber-liability and other digital risk exposures will find the following reports worth reading:

• Council of Science and Technology’s report on “A National Infrastructure for the 21st Century“
• The Technology Strategy Board’s (TSB) Network Security Innovation Platform (NSIP) recently published their interim strategic assessment  focusing on the challenges information risk poses to the UK.

This precedent is another reminder that UK society is increasingly taking advantage of, and relying upon, digital and communications technology.

The document puts the average cost of a security-information incident at between £10,000 and £20,000 for a small company; and £1 to £2m for large companies with more than 500 employees; and that the incident can be perpetrated by a range of individuals or organisations (source: BERR Information Security Breaches Survey 2008, PwC). 

The perpetrators can include criminals, terrorists and states. They can use a variety of methods: from electronic attacks to gain or deny access to information and subversion of supply chains to more overt attacks, such as manipulating radio signals or damaging unprotected electronic equipment through high power radio transmissions.

The report indicates that the impact will vary according to the target and wider context and that the probability of these attacks occurring increases when a so-called ‘insider’ within the target organisation is involved.

Two new governmental structures will be created, one of which will be entitled the Cyber Security Operations Centre (CSOC) and will help to ‘ensure coherent dissemination of information across government, industry, international partners, and the public’. 

This may become a useful resource for insurers wanting to keep track of cyber risks that could impact their books.
Another source of information that may be useful to insurers is the Centre for the Protection of National Infrastructure (CPNI) which ‘has built up strong partnerships with private sector organisations across national infrastructure, creating a trusted environment where confidential information can be shared for mutual benefit’. Such information may help insurers to better assess their digital risk portfolio and their own operational risk.

The Lloyd’s Emerging Risks team is currently investigating the potential impact on insurance of an increasingly digital economy and society and will soon publish a summary report.

Related links
Cyber-security strategy launched, BBC news, 25 June 2009

The project is also currently writing 56 reports regarding the various scientific and technological developments covering a wide range of sectors.

At the time of this blog posting the scientific, economic, societal sections already contain some interesting information; however, the regulatory, business and HSE & risk sections are currently under construction. Interim annual reports from each section are expected in April 2009.

As insurers, the HSE & risk section is of particular interest and the following quote—taken from the project’s first newsletter (which can be subscribed to by registering on their website)—describes their work:

“Nanotechnology-based products, as with those from other technologies, have the potential to cause harm to both human health and the environment. A number of activities have been initiated over the last few years to investigate such impacts; however their coverage is still incomplete in terms of materials, exposure routes and doses. This work package will highlight such new research and make extensive links to existing databases, organisations, networks and initiatives. In addition, it will review the ST analysis performed within the project to determine what (if any) EHS impacts they may have that are not already being investigated by other projects/organisations.”

This will be headed up by the Institute of Occupational Medicine (IOM) and includes the CEA, RIVM and Empa. The IOM is based in the UK and also runs the SAFENANO project, an excellent resource for information on nanotechnology hazard and risk.

The health and safety comments echo those made in the Lloyd’s report on nanotechnology, which was published at the end of 2007.

In addition, a questionnaire for stakeholders in nanotechnology will be launched in December 2008 and will cover environmental health and safety as well as economic and societal impacts of nanotechnology.

Insurers may want to consider taking part in this to ensure the industry’s voice is heard in this rapidly developing field.