Willis: Leisure Industry Proves Irresistible Target for Cyber Pirates
London, UK, August 02, 2011 – The vast quantities of personal, identifiable information collected by the leisure
and hospitality industry has made it a chief target of cyber attacks, according to Willis Group
Holdings (NYSE: WSH), the global insurance broker.
Willis’ Cyber Risk Unit reports that cyber-related insurance claims have spiked by 56 per cent over the
past year alone, with an increasing proportion of victims in the hospitality industry. Citing a recent
survey, the Willis Summer 2011 Leisure Newsletter warns that hotels, resorts, tour companies, and
other leisure and entertainment providers are increasingly vulnerable to hackers seeking to steal personal information. The
Newsletter highlights the major risks posed by the deluge of personal data and explores actions companies
can take to protect themselves against cyber crime.
The Ponemon Institute, a US-based information technology think tank, estimates that the costs of recovering from a
cyber attack –including costs associated with notifying customers and implementing credit monitoring software to help ensure
victims’ credit records are not compromised by the misuse of stolen data -- typically range anywhere
between US$100,000 to US$1 million. However, Willis warns that some of the largest breaches can cost
in excess of US$100 million. More stringent data protection legislation coming into force will only further
increase companies’ financial exposure to cyber crime, both in terms of liabilities to banks and individuals,
to say nothing of the more difficult to quantify reputational damage such attacks can cause.
The main culprits of data breaches include rogue employees, malicious attacks, and innocent mistakes made by outsourcing
firms employed to manage customer data.
Laurie Fraser, Global Markets Leisure Practice Leader for Willis said: “Hackers are getting ever more sophisticated, penetrating
firewalls to drain corporate databases of their customers’ personal details, including credit-card numbers when not encrypted,
medical histories and other personal information. This year has already seen at least three high profile
cyber crime cases where security breaches triggered public outrage and panic over identity theft and fraud.
The incidents badly bruised the reputations of popular consumer brands, as well as exposed firms to
a host of increased costs as well as potential liabilities.”
Jeremy Smith, Practice Leader of Willis’ London Cyber Team, observed: “Companies that hold substantial volumes of personal,
identifiable data are irresistible to web-based pirates.”
In response, Smith said that cyber liability insurance, which has existed for about 10 years, is evolving
to reflect the current environment, helping companies to transfer the risks and costs of data loss
and cyber piracy.
“Willis is working closely with the insurance industry to stress test existing policies’ ability to address the
nature of cyber crime and develop exclusive wordings that assist in the transfer of these risks.
Recent breakthroughs include the introduction of identity theft solutions and Payment Card Industry fines coverage, which
helps to protect companies from penalties linked to the mismanagement of credit card data.”
Willis Group Holdings plc is a leading global insurance broker. Through its subsidiaries, Willis develops and delivers
professional insurance, reinsurance, risk management, financial and human resource consulting and actuarial services to corporations, public
entities and institutions around the world. Willis has more than 400 offices in nearly 120 countries,
with a global team of approximately 17,000 employees serving clients in virtually every part of the
world. Additional information on Willis may be found at www.willis.com.