Unformatted text preview: Forensic and Investigative Accounting Forensic Chapter 16 Cybercrime Loss Valuations © 2009 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085 1 800 248 3248 www.CCHGroup.com Reasons to Quantify Loss
To report the crime to law enforcement. To recover damages under an insurance To policy. policy. To record for internal purposes. Chapter 16 Forensic and Investigative Accounting 2 Extent of the Problem
In 2006, the annual Computer Crime and Security Survey In Computer of high-tech and financial corporations found: of – $241,150 was the average loss with the largest loss $241,150 set at $40M. set – The most detectable crimes noted by the respondents The were insider abuse, laptop theft, and virus or worm infections. – Twenty percent of respondents experienced rootkit or Twenty Trojan infections. Trojan
(continued on next slide)
Chapter 16 Forensic and Investigative Accounting 3 Extent of the Problem
– Eighty-three percent of the attacks originated Eighty-three from outside the organization. – Financial losses from breach of confidential Financial information averaged $2M. information – Over the previous year, there had been a Over doubling in the percent of attacks launched for “illicit financial gain.”
(continued on next slide) (continued Chapter 16 Forensic and Investigative Accounting 4 Extent of the Problem
– A notable change in 2006 was the increase in notable Trojan and rootkit attacks used to steal Internet banking and other passwords, or other personal information. – The source point for these attacks are the The companies' point of Internet access. – A large percentage of the attacks in 2006 were large conducted to simply create malicious damage. conducted Chapter 16 Forensic and Investigative Accounting 5 State Statutes Describing Losses
The following factors are shown as remediable The activities and loss classifications: activities – Verification costs to check systems Verification (diagnosis–remediation). (diagnosis – Restoration costs to put systems back online Restoration (testing). (testing). – Market value or replacement value of the Market property destroyed or services. property (continued on next slide)
Chapter 16 Forensic and Investigative Accounting 6 State Statutes Describing Losses
– Lost profits. – Reasonable value of loss caused by Reasonable “unavailability.” “unavailability.” – Investigation costs. – Past or future losses. – Injury suffered. – Loss of computer time (lost productivity). – Cost of replacing lost data.
Chapter 16 Forensic and Investigative Accounting 7 Federal Identification of Federal Damage Losses Damage
The federal government identifies the The following damage losses in cyber attacks: following – Responding to an attack. – Costs of making a damage assessment. – Time and costs of restoring the system. – Loss of revenues from the interruption. – “Other damages” related to an interruption Other of service. of
Chapter 16 Forensic and Investigative Accounting 8 Examples of Tangible Losses
Market value or replacement cost of Market property destroyed in attack. property External investigation costs. Lost worker productivity. Cost of replacing lost data. Chapter 16 Forensic and Investigative Accounting 9 Productivity Losses
Productivity losses arise from the reduction of Productivity efficient, “normal” production of work due to an event such as a cyber attack. an Chapter 16 Forensic and Investigative Accounting 10 Examples of Intangible Losses
Unavailability of a website. Lost profits. General injury. Destroyed or lost information contained on Destroyed compromised PCs. compromised Loss of optioned opportunities. Chapter 16 Forensic and Investigative Accounting 11 Costs and Types of Costs Insurance Coverage Insurance First-party liability coverage is for direct damage First-party to the insured from a cyber attack. to Third-party liability provides coverage from the Third-party negligent acts of the insured as, for example, when the insured’s computers are unknowingly used to launch an attack against a primary target. used Premiums for these policies can cost $20,000 to Premiums $40,000 annually for coverage up to $50 million each. each.
Forensic and Investigative Accounting 12 Chapter 16 First-Party Cyber Insurance
First-party cyber insurance usually includes First-party coverage of losses from: coverage – Malicious destruction or alteration of Malicious information. information. – Theft of data such as credit card numbers. – Lost business income up to 12 months after Lost the attack. the – Extortion from threats such as introducing Extortion viruses into a network. viruses (continued on next slide)
Chapter 16 Forensic and Investigative Accounting 13 First-Party Cyber Insurance
– Introducing fraudulent information into a Introducing network. network. – Defamation. – Cost to repair and replace data. – Unintentional virus transmission. – Denial of service attacks. – IP infringement from website squatters. – Illegitimate use of network. – Defacement of a website and related losses. (continued on next slide)
Chapter 16 Forensic and Investigative Accounting 14 First-Party Cyber Insurance
– Coverage of extra expense incurred during a Coverage disruption. disruption. – External consultant fees. – Intellectual property infringement from the Intellectual disclosure of trade secrets. disclosure – Rehabilitation expenses to reestablish the Rehabilitation insured’s reputation and market share. insured’s – Crisis communication expenses with clients to Crisis provide assurances the system is reliable and safe. safe.
Chapter 16 Forensic and Investigative Accounting 15 Seeking Insurance Coverage
Qualifying for coverage – Risk survey – Security audit What insureds should know about coverage – Third-party lawsuits – Intangible losses Chapter 16 Forensic and Investigative Accounting 16 ...
View Full Document