NU Online News Service, Dec. 3, 12:39 p.m. EST

Many companies are unknowingly vulnerable to data leakage,phishing attacks, trojans or advance persistent threats, accordingto a new report from Lloyd's and technology company HP.

Digital risk management must be a board-level concern forbusiness as the range, frequency and scale of cyber attacksincreases, said the report, "Managing digital risks: trends, issues and implications forbusiness."

The report warns that as businesses become more reliant ontechnology, they will face more complex and damaging digitalattacks as sophisticated attackers quickly adapt their methods tosteal from, disrupt and spy on businesses.

Lloyd's Chairman Lord Peter Levene said in a statement: "Adiscussion of digital risks should be on the agenda of boardmeetings everywhere as cyber attacks become more frequent, morecreative and more disruptive. Cybercrime is an internationalbusiness aided by those countries without the legislative frameworkto tackle it."

While most of the digital risks that companies face, such asextortion and stolen information, are similar to risks they havealways known, technology has increased the speed at which theserisks can occur and amplified their impact, the report said.

Lord Levene said in a forward to the report that "attacks oncompanies in one country can emanate from the other side of theworld, while some countries are effectively 'cyber sanctuaries,'where criminals can operate free from cybercrime legislation."

The study points out that as part of the overall digital riskmanagement strategy, companies should consider the growing numberof cyber-risk insurance products and solutions that can transferthese risks to third parties. Although difficult to measure, thecurrent market for cyber insurance is estimated to be about $600million, a 16-25 percent increase from 2009.

Most digital risk mitigation typically happens within the ITdepartment. However, risk managers, technology experts and otherstakeholders need to be more involved in the process in order tobring broader business perspectives to the decisions that aremade.

Prith Banerjee, senior vice president of research at HP anddirector of HP Labs, said the real challenge for risk managers "isto determine how to effectively monitor digital risks in order todecide how seriously they should be considered."

Specifically, for risk managers, the report recommends:

o Setting up a working group of technology experts and keystakeholders across the business to monitor and review businessrisk exposure.

o Becoming more involved in IT governance and strategy.

o Ensuring applicable standards are used to manage digitalrisks.

o Considering risk transfer solutions as part of an overalldigital risk management strategy.