Product Family


Business is booming!In mid-July, the host of a popular Brazilian television show, reportedly was the victim of a hacker who stole thousands of Brazilian Reals from her bank account. She’s not alone. As we come to rely on technology in virtually all aspects of our lives, criminals are continually on the lookout for new opportunities to steal our money, intellectual property or identities. And cybercrime knows no borders; every device connected to the Internet is a potential entry point.In recent years, Internet use has grown faster in Latin America than in any other region in the world. And as Internet use has grown across the region, so has cybercrime; Latin America has seen significant increases in data breaches, banking Trojans, mobile malware, and other online threats. According to a recent survey by Grant Thornton, 11 percent of the businesses in Latin America were hit by a cyber-attack in the past 12 months.Cybercrime is especially common in Brazil, to the point that it has been described as “at the epicenter of a global cybercrime wave.” The country now ranks second, behind Russia, as the source for online banking fraud and financial malware. The number of cyber-attacks in Brazil grew by 197 percent in 2014 and online banking fraud increased by 40 percent. It has also been reported that about USD 3.75 billion has been hacked since 2012 from a popular payment method used throughout Brazil.Cyber-attacks are a particular risk for small- and medium-sized companies. In Brazil, for example, a recent study showed that close to two-thirds of the cyber-attacks were directed at small companies. While small businesses may not offer a big payday for cyber attackers, they often are not well protected – given a choice between “big and difficult” and “small and easy,” many cyber criminals are attracted to the latter opportunity. This is especially challenging for small businesses in the current economic climate where spending on “non-core” activities, like cyber security, has to be managed extremely carefully.Other countries in the region have also experienced significant cyber-attacks. Criminals in Mexico, for example, were apparently the first to discover how to reverse-engineer ATM software and create an interface that allows them to interact with the machine; in effect, to get a machine to discharge all of its cash. Businesses and consumers throughout the region have also witnessed a surge in ransom ware attacks where criminals seize a user’s data, encrypt it, and then demand a payment to decrypt it. The most prominent ransomware in use currently is not possible to break. In the past, collecting the ransom and avoiding detection was the hard part. Today, with online currencies like Bitcoin, this is no longer a problem.How companies can minimize the riskAlmost all businesses that rely on the Internet in some fashion are vulnerable to a cyberattack, and the list of threats is long: malware to steal sensitive or confidential information; ransomware attacks; social media scams; banking Trojans and heists. However, there are a number of prudent steps companies can take to lessen their vulnerability to a cyber-attack. First and foremost is to recognize that cybersecurity is not an IT issue, it’s a management problem. All employees using a device connected to the Internet should recognize that they bear some responsibility for keeping the company secure. Training is also important, including training in incident response.Companies that rely heavily on the Internet should periodically map their vulnerabilities and define their tolerance for cyber risk. Finally, companies should consider how they could respond in the event of a cyber-attack. While the threat may seem remote, having a contingency plan in place, “just in case,” can greatly minimize the financial and reputational costs of a cyber-attack.Insurance solutions can help companies manage and mitigate cyber risksAlthough cybercrime is a relatively new phenomenon, insurers in Latin America have developed a range of coverages to help companies manage and mitigate this risk. These policies typically cover data breaches involving financial, customer, employee or other proprietary data as well as any type of cyber-attack that disrupts a company’s operations.Even though the threat is fairly new, cyber insurance is quickly becoming quite sophisticated. In many cases the policies also cover: business interruption expenses; data recovery costs; cyber extortion demands; and defense costs, including any penalties or fines that are assessed. In addition, cyber insurance often extends to outsourced providers, including cloud providers, and to both online and offline content. And when an attack occurs, the coverage typically includes access to leading firms that specialize in neutralizing the breach, and helping the company navigate what is often a very delicate situation.Cybercrime is obviously a particular concern to technology companies providing IT products and services. Products manufacturers and software developers have to ensure their solutions are not vulnerable to cyber-attacks. And service providers have to ensure that their solutions don’t compromise a client’s proprietary data, including intellectual property. For businesses involved in these areas, cyber insurance can also include product liability and professional indemnity coverage that covers legal costs incurred in defending a claim, as well as any damages that are awarded.Many government agencies and private companies across Latin America are taking concrete steps to combat cybercrime. Solutions to protect data networks and servers continue to become more sophisticated and harder to breach. Cybersecurity resources are being enriched; more than 200 cybersecurity specialists will be contracted with, for example, to protect public and private sites during the upcoming 2016 Olympics. Still, the surge in cybercrime is not expected to abate – even as defenses are strengthened, criminals will still find ways to exploit vulnerabilities residing in obscure corners of the Internet. With this type of ongoing risk, companies should take some prudent, common sense precautions to minimize the threat, and consider the option of transferring some of this risk via insurance.First published in Latam Insurance Review in February 2016.

To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.