In the past year, Middle East businesses learned through several high profile instances, that cyber- attacks can target companies both large and small. Recovering from such an attack is time consuming and expensive. Businesses must now take these threats from the virtual world into their risk management strategies. American International Group (AIG), formerly Chartis, has just launched “CyberEdge” in the Middle East. This bespoke product offers business risk and insurance coverage to negate the threat of cyber-attacks to a company. It's a first for the region. “Companies of varying sizes across the world are targets for sophisticated cyber threats seeking to breach their systems and access sensitive data and the Middle East is no different,” explained Juliette Pettit, Head of Professional Indemnity, MEA Region, AIG. “CyberEdge helps protect organizations from the millions in losses that can result from cyber threats. The average cost for crisis services such as IT forensics, legal counsel and notification are $983,000 per event.” A key feature of CyberEdge is the Data Crisis Response Team which provides the policyholder with direct assistance from specialist legal experts and public relations advisors in a data crisis event. This team will look to protect the company's reputation and provide crisis management services. CyberEdge allows AIG to respond swiftly to manage and mitigate a data breach, be it through hackers accessing data, a rogue employee leaking sensitive information, a vendor error putting information at risk or a “hacktivist” looking to use a company's private data to further their cause. “No company is immune to data mining attacks and it does not appear that it is any harder for a cybercriminal to compromise a large organization, as it would be to access a smaller one,” Pettit added. “We advise all companies to be vigilant, make sure they have proper measures in place to deflect threats and also be prepared should the worst happen. CyberEdge provides an extra layer of defense in a fast changing landscape.” CyberEdge covers: • Personal data liability – breach of personal information/data protection. • Corporate data liability – breach of corporate information. • Outsourcing – breach of data protection by an outsourcer, where the data user or policyholder is legally liable. • Data security – damage resulting from any breach of duty that ends in contamination by malicious code of third party data; or improper or wrongful denial of access by an unauthorized third party to data; or theft of an access code from premises, computer systems or employees; or the destruction, modification, corruption, damage or deletion of data stored on any computer system due to a breach of data security. • Defense costs – both civil and criminal claims, including defense costs regarding prosecution brought by a data protection authority.