Contrary to popular belief, most cyber attacks or data breaches don't come from outside a company. The majority are the result of mistake, for example, when an employee loses a laptop computer containing customer data. But a number of attacks are by former employees who may still have access to the company's sensitive data or systems. In one such case, an IT engineer has been convicted on criminal charges of hacking the internal computer network of Locke Lord after he stopped working for the global law firm four years ago.

A federal jury in Dallas found the former employee, Anastasio N. Laoutaris, guilty of two counts of knowingly accessing a computer network without authorization and intentionally issuing commands and codes that caused damage to the network.

According to the federal prosecutor, Laoutaris, who was an IT engineer for Locke Lord LLP from 2006 to August 2011, accessed the firm's computer network without authorization on Dec. 1, 2011, and Dec. 5, 2011, and on both occasions, issued instructions and commands that caused significant damage to the network, including deleting or disabling hundreds of user accounts, desktop and laptop accounts, and user e-mail accounts.

Laoutaris faces a maximum statutory penalty of 10 years in federal prison and a $250,000 fine on each count. A sentencing date hasn't been set.

Cyber coverage

It's not clear whether Locke Lord had Cyber coverage, and if so what the limits are. According to a new report from Timetric, the cyber risk insurance market is experiencing rapid development, with global gross written premiums going from $850 million in 2012 to an estimated $2.5 billion in 2014. A growing number of cyber attacks and the increasing reliance of businesses upon technology for operational capabilities and storing data are responsible for the traction the cyber risk insurance market is gaining.

Businesses of all sizes in all industries need to assess their cyber risk and speak with their insurance agents or brokers about the appropriate coverage for their situation. Agents who haven't met with their clients—especially small to mid-sized businesses—have a great opportunity to raise awareness of cyber threats. Small businesses are the most vulnerable, and they are also the least prepared and least likely to be able to recover from a data breach. For some small businesses, one cyber attack can put them out of business.

 

How can you transform your risk management preparedness and response strategy into a competitive advantage?
 
Introducing ALM's cyberSecure — A two-day event designed to provide the insights and connections necessary to implement a preparedness and response strategy that changes the conversation from financial risk to competitive advantage.  Learn more about how this inaugural event can help you reduce risk and add business value.
NOT FOR REPRINT

© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.