The cost of an average computer raid for a small-to-medium-sized business has been estimated at GB pound 90,000. The equipment itself accounts for GB pound 42,000, while loss of trading (due to computer downtime) totals approximately GB pound 44,000. ‘Incidentals’ account for the rest. The longer the downtime, of course, the greater the loss of trading.
In the past few months the Association of British Insurers (ABI) has come up with some interesting trends. Initially, the Association noticed that the actual machines were the main targets. Then the thieves turned their attentions to software. Lately, there has been a spate of laptop thefts (‘Caught by the cage’, SMT, December 2001, pp33-34).
Five years ago, the ABI estimated the overall cost of computer thefts in the UK – including the loss of business – to be a staggering GB pound 1 billion. Although there haven’t been any further estimates from the insurance sector of late, the total annual figure is now likely to have passed that threshold.
Some companies experience an insult added to their not-inconsiderable injuries as a result of being robbed twice in succession. The smart thief knows that his or her victim will replace the stolen computers within a week or two, often upgrading to better software and hardware in the process. Potentially, a second visit would then lead to even richer pickings.
Without doubt, end users are facing a considerable crime wave in this area. A crime wave that, in all honesty, is only likely to worsen – due to four main factors. First, there are simply more computers in use now. Just as car crime rises because there are more vehicles on the road, so computer theft increases with the march of technology. Second, the workforce in Britain is far more mobile than before. Employees often develop sticky fingers when they know they’re going to a new job, particularly if they have any sort of grievance against their former employee.
Third, open-plan offices – which are becoming more and more popular all the time – make it much easier to carry a machine out of a building without being challenged. Even today’s mainframes can be lifted up and carried off without too much trouble. Last, but by no means least, portable computers (nothing less than a soft target) are being used by many more individuals.
Office raids and casual thefts are usually the handiwork of opportunists. For the most part they will pick up the entire computer, but occasionally someone just rips out the memory board. There are also the professionals who know exactly what they want, and are not easily deterred. In one particular robbery in the United States, the thieves cut up the desk to which the computer was anchored and walked off with many chunks of woodwork as well as the machine!
Sadly, those companies that are least well equipped to deal with losses are the ones hit most often. Generally speaking, the big corporate concerns can afford to secure their premises in the right way. Computer crime is largely concentrated on the small-to-medium-sized business – exactly the type of business which skimps on security measures, and for which protection would represent a much larger proportion of the budget.
Taking protective measures
The obvious protection for the end user organisation is some solid insurance. Blackfriars Insurance, a brokerage based in Sandbach, Cheshire recommends that firms include computer cover in their overall contents insurance. One of the Blackfriars specialists points out that individual insurance cover has jumped from GB pound 100 per computer in the 1990s to today’s figure of GB pound 315 for a machine valued at up to GB pound 12,500. Hence the advice to ‘lump it in’ with the other office contents.
Many companies will add on insurance for the increased cost of working after a loss. This covers them for the expenses incurred in bringing in extra staff, or renting temporary office space in the event of fire or other damage. However, a large number don’t buy business interruption insurance, which costs only GB pound 100 or GB pound 150 in most cases and compensates for loss of trading – and, therefore, turnover and profit.
Jim Fresson, a consultant with Homeworkers’ Services (a Kent company that specialises in packages for home-based enterprises) has been concerned for some time about the low take-up of cover for business interruption caused by theft. Meantime, his managing director – Nick Fresson – reports that a huge number of home workers don’t realise the need for interruption cover, while many aren’t even aware that it exists.
Another warning has been sounded by Andrew James who runs Active Information, a small business services firm. James is concerned that people operating from home may not be covered for computer theft because they haven’t told their insurers that they are ‘in business’. One of James’ members suffered a domestic robbery in which his computer was stolen. The insurers had not been informed that the client had a business computer, and he said (reluctantly) that he’d be prepared to bear the loss. Unfortunately, the insurers said that the client’s oversight had invalidated the entire policy, and no payment was made. Be warned.
Security marking techniques
Security marking is a procedure that insurers advise you to adopt. A study by the Forum of Private Business has shown that only 18% of businesses are bothering with product marking, although it is an obvious step to take.
Security ‘kits’ are another useful deterrent. Research by Esselte discovered that only 11% of those companies surveyed physically secured their computers to the desk or some other piece of heavy furniture. Simple cabling for portables and personal computers only costs about GB pound 30 per machine, while systems that lock-in data to prevent unauthorised use are similarly priced. Even a steel plate providing 1,500 lb of holding strength – the weight of a small car – costs little more than GB pound 100.
Solutions are also available that physically stick the hard drive to the desk (with solvents supplied to release the machines during office moves, either internally or to another headquarters building).
The sensibility of securing your machines is evidenced by a recent break-in at Global Business Information, a central London financial publishing company. During the course of a weekend burglary, the company was relieved of all its computers. The cost of re-entering data was estimated at thousands of pounds. The company took the “never again” attitude, and cabled down its replacement machines. A week later the thieves paid a return visit, but this time they were thwarted.
The only cost to Global Business Information was some slight damage to the building fabric. Peanuts when compared with the cost of lost IT infrastructures and business-related data.
