1. Legal liability to others for computer security breaches
For example, if your business network is compromised and that leads to a hack or attack on a third-party business associate’s systems, you might be liable for contributory negligence in the aftermath of fixing the security flaws and fallout.
2. Legal liability to others for privacy breaches of confidential information
Remember the Ministry of Social Development’s leaky WINZ kiosks back in 2012.
3. Regulatory actions, fines
For example, a privacy breach in New Zealand involving information belonging to an American person or company might bring the liable party within the wide jurisdiction of the USA’s cyber-incident reporting laws.
Recent reports include versions of a “honey-pot” trap, where unwary internet users are duped into accessing questionable files, or engaging in questionable acts, which are then documented and used to hold the often-prepared-to-pay user to ransom, like the Kiwi blokes blackmailed into paying cash to prevent the release of their identifiable details from the Ashley Madison leak.
Have you seen Die Hard 4.0 – Live Free or Die Hard? Internet-terrorism illustrated as only Hollywood knows how.
6. Loss or damage to data or information
Maintenance of certain information is crucial for the operation of any business, for example staff, client and supplier information. If this information is lost or corrupted, getting the business back on track might be impossible.
7. Loss of revenue due to network attack
Related to the above, this peril is on the rise. Determined hackers are able to disable some businesses’ entire operations by denying internet users access to their online interface. Technology not working as it should has recently replaced adverse weather as the biggest cause of disruption to business operations. Denial of service attacks could potentially shut down a business for weeks or months, perhaps permanently, preventing future profits as well as likely creating immediate contractual liabilities to third parties. Imagine a trouble-maker sending 10,000 people to a hotel all at once – no one would be able to squeeze in further than the lobby.
8. Extra expense to recover or respond to an attack
It might be essential to get the company’s data back, which could require teams of digital forensic analysts, auditors, and other experts, who won’t be able to guarantee the return of essential information. There may be ongoing costs associated with identifying and prosecuting the culprits, who usually operate from far-flung under-developed countries that are unlikely to have extradition agreements with New Zealand, nor the wherewithal to apprehend sleeper-cells of cyber criminals growing in numbers and sophistication.
9. Loss or damage to reputation
Potentially the part of an organisation most vulnerable to cyber-attack. Once a going concern’s goodwill is jeopardised, the point of no return may have already passed. And making an outfit look silly is often easier than attempting to extort money or steal data, with “hacktivists” occasionally making their point by “vandalising” corporate websites seemingly with no intention other than to prove themselves worthy of worrying about.