#CyberFLASH: Privacy breaches often not due to technology failure

201310281614240l4j1t1yodou1gmqihww4xc3fClass action lawsuits involving information security breaches are increasing but cyber risk is operational and strategic rather than one of computer technology, insurance professionals suggested at a workshop Wednesday in Toronto.

In North America, American International Group Inc. “gets about three breach notices every business day, and more than half of them deal with operational failure, not technology failure,” said David Price, AIG Canada’s financial lines leader, of his firm’s claims experience. “The technology works fine. It’s the practice of a senior executive not following protocol. It’s the CEO writing his password on his computer. It’s people leaving briefcases on planes, trains and automobiles.”

Price made his remarks to an audience of about 100 at a luncheon and workshop titled Cyber Liability – the Potential Impact on Directors and Officers.

Katie Andruchow, national cyber expert for commercial brokerage Aon Reed Stenhouse Inc., echoed Price’s comments.

“I think everybody in this room is sophisticated enough to know that while hacking electronic data is certainly one of the types of cyber losses, there are so many other ways” that privacy is breached, she said. Examples include employees losing laptop computers or sending contact lists to the wrong person.

“All of those are real breaches that can result in damages,” she said at the workshop, held at the Hilton Toronto and organized by the Canadian chapter of the Professional Liability Underwriting Society (PLUS).

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.