Transcript Chapter 16 - HCC Learning Web

Forensic and Investigative Accounting
Chapter 16
Cybercrime Loss Valuations
© 2011 CCH. All Rights Reserved.
4025 W. Peterson Ave.
Chicago, IL 60646-6085
1 800 248 3248
www.CCHGroup.com
Reasons to Quantify Loss
To report the crime to law enforcement.
 To recover damages under an insurance
policy.
 To record for internal purposes.

Chapter 16
Forensic and Investigative Accounting
2
Extent of the Problem
In 2006, the annual Computer Crime and Security Survey
of high-tech and financial corporations found:
– $241,150 was the average loss with the largest loss
set at $40M.
– The most detectable crimes noted by the respondents
were insider abuse, laptop theft, and virus or worm
infections.
– Twenty percent of respondents experienced rootkit or
Trojan infections.
(continued on next slide)
Chapter 16
Forensic and Investigative Accounting
3
Extent of the Problem
– Eighty-three percent of the attacks originated
from outside the organization.
– Financial losses from breach of confidential
information averaged $2M.
– Over the previous year, there had been a
doubling in the percent of attacks launched for
“illicit financial gain.”
(continued on next slide)
Chapter 16
Forensic and Investigative Accounting
4
Extent of the Problem
– A notable change in 2006 was the increase in
Trojan and rootkit attacks used to steal Internet
banking and other passwords, or other personal
information.
– The source point for these attacks are the
companies' point of Internet access.
– A large percentage of the attacks in 2006 were
conducted to simply create malicious damage.
Chapter 16
Forensic and Investigative Accounting
5
State Statutes Describing Losses
The following factors are shown as remediable
activities and loss classifications:
– Verification costs to check systems
(diagnosis–remediation).
– Restoration costs to put systems back online
(testing).
– Market value or replacement value of the
property destroyed or services.
(continued on next slide)
Chapter 16
Forensic and Investigative Accounting
6
State Statutes Describing Losses
– Lost profits.
– Reasonable value of loss caused by
“unavailability.”
– Investigation costs.
– Past or future losses.
– Injury suffered.
– Loss of computer time (lost productivity).
– Cost of replacing lost data.
Chapter 16
Forensic and Investigative Accounting
7
Federal Identification of
Damage Losses
The federal government identifies the
following damage losses in cyber attacks:
– Responding to an attack.
– Costs of making a damage assessment.
– Time and costs of restoring the system.
– Loss of revenues from the interruption.
– “Other damages” related to an interruption
of service.
Chapter 16
Forensic and Investigative Accounting
8
Examples of Tangible Losses
Market value or replacement cost of
property destroyed in attack.
 External investigation costs.
 Lost worker productivity.
 Cost of replacing lost data.

Chapter 16
Forensic and Investigative Accounting
9
Productivity Losses
Productivity losses arise from the reduction of
efficient, “normal” production of work due to
an event such as a cyber attack.
Chapter 16
Forensic and Investigative Accounting
10
Examples of Intangible Losses
Unavailability of a website.
 Lost profits.
 General injury.
 Destroyed or lost information contained on
compromised PCs.
 Loss of optioned opportunities.

Chapter 16
Forensic and Investigative Accounting
11
Costs and Types of
Insurance Coverage



First-party liability coverage is for direct damage
to the insured from a cyber attack.
Third-party liability provides coverage from the
negligent acts of the insured as, for example,
when the insured’s computers are unknowingly
used to launch an attack against a primary target.
Premiums for these policies can cost $20,000 to
$40,000 annually for coverage up to $50 million
each.
Chapter 16
Forensic and Investigative Accounting
12
First-Party Cyber Insurance
First-party cyber insurance usually includes
coverage of losses from:
– Malicious destruction or alteration of
information.
– Theft of data such as credit card numbers.
– Lost business income up to 12 months after
the attack.
– Extortion from threats such as introducing
viruses into a network.
(continued on next slide)
Chapter 16
Forensic and Investigative Accounting
13
First-Party Cyber Insurance
– Introducing fraudulent information into a
network.
– Defamation.
– Cost to repair and replace data.
– Unintentional virus transmission.
– Denial of service attacks.
– IP infringement from website squatters.
– Illegitimate use of network.
– Defacement of a website and related losses.
(continued on next slide)
Chapter 16
Forensic and Investigative Accounting
14
First-Party Cyber Insurance
– Coverage of extra expense incurred during a
disruption.
– External consultant fees.
– Intellectual property infringement from the
disclosure of trade secrets.
– Rehabilitation expenses to reestablish the
insured’s reputation and market share.
– Crisis communication expenses with clients to
provide assurances the system is reliable and
safe.
Chapter 16
Forensic and Investigative Accounting
15
Seeking Insurance Coverage
Qualifying for coverage
– Risk survey
– Security audit
 What insureds should know about coverage
– Third-party lawsuits
– Intangible losses

Chapter 16
Forensic and Investigative Accounting
16