Asian Cyber Wars; The New Frontier

The idea of a wave of attackers, getting ready to commence their assault against heavily fortified defences, sounds like a Hollywood movie, or an on-line role playing game. However, in a situation where fantasy is becoming closer to reality, this is exactly what is happening on a daily basis against corporations across the world. The "treasure" is personal data, which can be sold on to third parties, or used to access personal accounts. The loss of this data, can not only cost companies millions in terms of direct compensation, it can lead to severe fines and penalties. Countries across Asia, keen to be seen to be taking steps to address cyber-attacks are rolling out increasingly more onerous legislation. Companies, and their Directors, need to be aware of these new exposures, and consider the new insurance products that are available to meet them.

In August of this year, account details for millions of game players were stolen in a hack attack on 'Blizzard', the maker of various online role-playing games. Players in Southeast Asia as well as the US and Canada were advised to change their login details and security questions. The risk was highlighted that if (as commonly occurs), users adopt similar security procedures and questions across all of their personal accounts, a wholesale change of users' security inputs may be required.

The 'Blizzard' attack followed on from the high profile hacking of the Sony PlayStation Network in April 2011. The associated costs amounted to approximately US$173 million which took into account the cost of increased customer support services, notification costs, legal fees and a drop off in sales due to a loss in consumer confidence.

However, it isn't just the gaming industry that is under attack, advances in information technology have revolutionised the ways businesses attract, retain and interact with customers. Heavy reliance on information technology is making businesses ever increasingly exposed to data breaches and cyber attacks. According to global research by data security software maker Symantec, 5.5 billion cyber attacks were blocked in 2011.

Cyber attacks are becoming increasingly prevalent and highlight the increasing awareness of, and need for, cyber-liability insurance products across Asia to cushion the liability exposure of companies that process and retain personal data of their clients.

This article highlights the potential liability and compliance exposures of companies in Asia and recent trends in cyber crimes.

Cyber crime on the rise

Marsh's report, "Cyber Risk in Asia", stated that in 2010, 75% of Asia Pacific businesses experienced cyber attacks, costing them as much as US$763,000 annually. Reports of data or network sabotage, virus and Trojan infections, computer fraud, laptop theft and network scanning are said to be widely on the increase. 42% of mailboxes targeted for attack are high-level executives, senior managers and people in Research & Development.

In Hong Kong, according to statistics published by the Hong Kong Government Information Security ("InfoSec") website, between the years 2009 to 2011, the number of computer crimes rose from 1,506 to 2,206 and the financial losses due to computer crimes rose from HK$45.1million to HK$148.52 million.

In Singapore, according to Symantec's study, 1.2 million people fell prey to cyber crime in 2010, suffering US$195 million in direct financial losses and an additional US$675 million in time spent resolving the crime- a total cost of US$870 million Small businesses are becoming more desirable targets than larger organisations, due to generally weaker security. Symantec's research shows that since the beginning of 2010, 40% of all targeted attacks have been directed at small and medium sized businesses, compared to 28% directed at large corporates.

Cyber attacks have wider implications and can affect a whole industry; recently, hackers targeted the Hong Kong Stock Exchange The partially closed trading session affected stocks that made up 18% of the Hang Seng index's weight.

Impending laws and regulation in the Asia region

It is because of this wave of cyber attacks that governments in Asia are beginning to step up the regulation and enforcement of personal data...