The most common attacks are wiperware, malware, ransomware, phishing, and social engineering.
Think you know about cyber liability insurance?
The Cost of Cyber Attacks
Cybercrime is predicted to cost us $10.5 trillion by 2025 globally.
According to Verizon’s Data Breach Investigation Report, 43% of cyber-attacks are aimed at small to medium sized businesses and only 17% are prepared. Part of the reason is because cyber criminals are not always attacking one specific company, but, instead, are attacking vulnerable networks. And small to medium businesses tend to have vulnerable networks because owners naively believe that they would not be a victim to a cyber attack.
From hackers to coding failures to government regulations, your company faces dire financial straits if you do not have the right protection against the ever-evolving risks to your digital data and operations. On average, a cyber-attack costs a company $133,000.
At this point, you are probably already doubting the need to brush up on your cyber awareness and cyber security. We are here to tell you, if you haven't created a cyber plan yet now is the time.
A few years ago when we first really started selling cyber policies we'd have a claim every several months. Now cyber claims are much more common.
When it comes to cyber attacks having a great cyber liability policy is imperative, and so is knowing common attack and the best practices to avert an attack.
Common attacks
Know they enemy...or something like that...Understanding how you can be attacked is the first step in prevention.
Cyberattacks can take many forms. Some target large corporations and government organizations, while others focus on individuals and smaller businesses. Some seek data; others take down your operational systems or use cracks in your structure to invade your partners’ networks.
Wiperware
This code burrows into computer systems and completely (sometimes permanently) deletes everything it finds, rendering computer systems unbootable.
How would you deal with a total loss of your software and data stores? Do you have access to backup systems so your business can recover quickly? Are those backups hardened against wiper viruses? These are just a few questions to address in your business cyber incident response plan. The good news is that many cyber liability policies help with data restoration if you are wiped out.
Malware
Short for “malicious software,” it is designed to damage and destroy computers and computer systems. Malware can take many forms, but it is typically used to:
- Provide remote control for an attacker to use an infected machine.
- Send spam from the infected machine to unsuspecting targets.
- Investigate the infected user’s local network.
- Steal sensitive data.
Ransomware
A type of malware. A hacker group gains access to your computer system and locks it. A ransom payment is demanded (often in bitcoin, a cybercurrency that can be extremely difficult to track) before the data is released back to you. Some cyber liability policies will help with the ransom demands but make sure you are clear on the policy language.
Phishing
Emails and text messages are often forged to appear to be sent by a legitimate source, like a bank, government agency, or even a friend or work superior, and are designed to trick the recipient into surrendering personal information or clicking on links. Train your employees in how to recognize these scams. A good prevention program is a fantastic way to keep hackers at bay, and it might reduce your cyber liability insurance rates.
Social engineering fraud
Employees and managers who have access to funds or who can authorize the transfer of funds are prime targets for ongoing attacks by scammers and hackers. So-called social engineering schemes present what look like legitimate instructions from someone in authority for the transfer of funds or crucial company information to the email or text sender. Often these messages look almost identical to those of the organization or person they are meant to mimic, and their message conveys a sense of urgency that inspires the victim to act immediately. One error can cost a company thousands of dollars in direct losses and liability expenses. Cyber liability insurance helps with replacing funds that are lost due to a social engineering scam.
Depending on how deep the hack goes, you might have to worry about identity theft and spoofs. If a hacker hijacks your business email or social media and starts sending questionable content, you might need to restore your public image or respond to lawsuits. Cyber insurance helps with that, too.
Company cybersecurity failures
It’s not always a hacker attack that causes cyber losses. As government regulations develop (such as the European Union’s General Data Protection Regulation and California’s Consumer Privacy Act), all companies that use the internet face serious compliance issues. Collecting data, using cookies, and sharing information are all potential sinkholes for businesses that do not assiduously follow the rules—rules which are in a constant state of development and expansion. Non-compliance can be expensive.
Your own systems could be the source of serious losses at your company. This is especially of concern for those companies that do in-house systems control but may be applicable even for outsourced work. Your insurance professional can explain this in more detail, but some cyber insurance policies cover first-party losses due to human or system error (or both) that cause an unintentional or unplanned outage of your network. Ask about coverage for physical damage and business interruption losses resulting from a cyber failure as well.
How To Prevent
It is wise for employees and companies to adopt the best practices, like cyber hygiene, to stay vigilant against cyberattacks. In a previous post, our Chief Insurance and Acquisitions Officer, Adam Dyer, shared way to prevent cyber attacks.
- Keep assets clean and tidy by securing personal information with strong passwords, employing a high-quality firewall, and keeping an offline or cloud backup of all essential data.
- Use authentication verification software and identity controls.
- Create a cyber incident response plan that outlines how to respond to a potential cyberbreach, including assigning a dedicated team to coordinate efforts to combat the attack.
- Install security updates and software patches promptly.
On a corporate level, strong security software is a good basic step, but it is not infallible, especially if the software is old. In many cases of cyberattacks, patches were available, but the victim companies did not update their systems or install fixes promptly. Either their network was not capable of a software update, or they simply did not have the staff to keep up with patches. Smaller businesses tend to have fewer resources to devote to cybersecurity and are increasingly victimized.
To help prevent your losses cyber liability insurance is necessary.
How does cyber insurance help my business?
To put in quite frankly, if your business is a victim of a cyber attack and you do not have cyber insurance it could cost you your business. It is a necessity.
Cyber insurance coverage helps your business recover from financial losses caused by cyberattacks and data breaches. It can pay for credit monitoring, attorney's fees, fines, and other costly expenses.
What does cyber liability insurance cover?
Most cyber insurance uses a customized approach to coverage — a collection of endorsements specifically tailored around your coverage needs.
Cyber liability insurance often covers costs relating to:
- Lost income caused by a cyberattack
- Customer notification of a data breach
- Reputational damage and public relations support
- Legal defense related to a breach
- Civil damages and settlement awards
- Repairing damage to computer systems and networks
- Free credit monitoring for affected customers
- Recovering encrypted data
- Cyber extortion and ransom demands, as well as ransom negotiations
- State and federal fines and penalties
- Extortions paid to recover locked files in a ransomware attack
- Computer fraud
- Loss of transferred funds
- Loss of revenue and business interruption due to a cyberattack
- Dependent business interruption system failures
- System failures of outsourced providers
- Strengthening and improving your system to make it more resistant to a future breach (this may be called "betterments" coverage)
Does my business need cyber insurance?
If you are storing any data, have a large customer base, or a business high in revenue you need cyber insurance.
If you would like us to review your current cyber policy or need a cyber liability policy, please reach out to us. We can create a customized plan to meet your business’s needs.
Review your cyber incident plan and your cyber liability policy with your insurance professional to ensure you have a solid plan and place or appropriate coverage. Or you can contact us and we can review with you.
Blue Ridge Risk Partners is a top 75 independent insurance agency in the United States. With 21 offices throughout Maryland, Pennsylvania, and West Virginia and access to hundreds of carriers, we are able to meet your unique insurance needs.