Professional Documents
Culture Documents
Information risk management is recognised as being one But where is the greatest risk coming from?
of the fastest emerging risks facing all organisations today. One of the greatest risks is the lack of clarity and understanding
Unlike IT (hardware, systems etc.) this most commonly relates of the term, ‘information risk’. There is a misconception that it is
to the platforms in which information is held and exchanged. purely an IT issue with organisations trusting in technology to
Exposure to Information Risk will vary depending on an mitigate this risk, when in fact, in broad terms, over 70% of an
organisation’s business. Some of the potential costs incurred are organisation’s information risk exposure comes from their own
tangible, such as fines or penalties whilst others are reputational, employees, be it by negligence or malice.
both of which can result in considerable financial costs:
2
What is Information Risk Management?
We think of Information Risk Management as being:
3
The following sections provide examples of scenarios where a loss could happen as well as highlighting what
consequences it could lead to, as well as identifying the remedies that are currently available under your Zurich policy.
Data Breach
INTRODUCTION CONSEQUENCES
CONSEQUENCES ZURICH POLICY RESPONSE
Private information
you hold about a Third
Party is made public.
Affected people suffer a loss and a If the Claim relates to bodily injury,
Examples of how this Claim is bought against you for a illness or financial loss suffered
can occur include: breach of the Human Rights Act by a member of the public, Public
a lost laptop or hard Liability cover will protect against
copies of data, an legal costs and damages awarded
attack from hackers or Affected people suffer a loss and a against you. If the Claim relates to
malicious persons and Claim is bought against you for a injury to an employee then your
information sent to breach of confidence Employers’ Liability cover will apply
the incorrect recipient
If the Claim relates to compensation
Affected people suffer a loss and a
under Section 13 of the Data
Claim is bought against you for
Protection Act, Legal Expenses
breach of the Data Protection Act
will protect against this
4
Business Interruption
INTRODUCTION CONSEQUENCES
CONSEQUENCES ZURICH POLICY RESPONSE
5
Wrongful Publishing
INTRODUCTION CONSEQUENCES
CONSEQUENCES ZURICH POLICY RESPONSE
Content that is
published on your
website infringes the Our Libel and Slander section
rights of a Third Party. will cover defence costs and
Content published on your website
The content may be is accused of being libellous and a
indemnify against legal costs and
libellous or may damages awarded as a result of
Third Party sues for damages
represent a breach of libellous publications on the
organisation’s website
intellectual property
such as plagiarism,
breach of copyright Content published on your website is
or trademark Claims made against you for
accused of breaching a Third Party’s
financial losses arising from
intellectual property (plagiarism,
breaches of intellectual property
breach of copyright or trademark) and
will be covered under our Public
a Third Party suffers a financial
Liability section under the financial
loss and sues for damages which
loss extension
they claim against you
6
Damage to Computer Records
INTRODUCTION CONSEQUENCES
CONSEQUENCES ZURICH POLICY RESPONSE
7
Risk Management Services
How can Zurich support you? The end-to-end information lifecycle consists of six interlinked
components, visually represented in the diagram, all of which
As this diagram illustrates, the key is for organisations need to be understood and given the appropriate level of
to take a holistic approach to the management of ownership. An organisation needs to risk assess each element to:
information-related risk.
The results of the Corporate Diagnostic will help us work with you to draw up an action plan for future development, consisting of the following elements:
9
Why Zurich?
Because we speak from experience. As a wider organisation
we faced an incident which incurred a large penalty,
For more information on how we
leading to us greatly improving and refining our internal
can help you, or to arrange for a
information security arrangements. This, combined with
free consultation, please contact
our in-depth knowledge of our customers’ issues and
your Risk & Insurance Consultant.
experiences, gives us unique insight into information risk
and we have developed bespoke tools to mitigate it.
10
11
Zurich Insurance plc
A public limited company incorporated in Ireland. Registration No. 13460.
Registered Office: Zurich House, Ballsbridge Park, Dublin 4, Ireland.
UK Branch registered in England and Wales Registration No. BR7985.
UK Branch Head Office: The Zurich Centre, 3000 Parkway, Whiteley, Fareham, Hampshire PO15 7JZ.
Zurich Insurance plc is authorised by the Central Bank of Ireland and subject to limited regulation by the Financial Conduct Authority.
Details about the extent of our regulation by the Financial Conduct Authority are available from us on request. These details can be
checked on the FCA’s Financial Services Register via their website www.fca.org.uk or by contacting them on 0800 111 6768.
Our FCA Firm Reference Number is 203093.
716401001 (03/14) RRD
Communications may be monitored or recorded to improve our service and for security and regulatory purposes.
© Copyright – Zurich Insurance plc 2014. All rights reserved. Reproduction, adaptation, or translation without prior written permission
is prohibited except as allowed under copyright laws.
The pulp used in the manufacture of this paper is from renewable timber produced on a fully sustainable basis. The pulp used in the
manufacture of this paper is bleached without the use of chlorine gas (ECF – Elemental Chlorine Free). The paper is suitable for recycling.