11 months ago ·
by Erin Carlson ·
As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy continues to grow. The continued rise in the amount of information stored and transferred electronically has resulted in a remarkable increase in the potential exposures facing businesses.
In an age where a stolen laptop or data breach can instantly compromise the personal data of thousands of customers, protecting your business from cyber liability is just as important as some of the more traditional exposures businesses account for in their commercial general liability policies.
Claims Scenario: Outsourcing Gone Wrong
The company: A national construction company that outsources some of its cyber security protections
The challenge: A construction firm partnered with a third-party cloud service provider in order to store customer information. While this service helped the company save on server costs, the third-party firm suffered a data breach.
As a result, the construction firm had to notify 10,000 of its customers and was forced to pay nearly $200,000 in incident investigation costs. The incident was made worse by the fact that the firm did not have a document retention procedure, which complicated the incident response process.
Cyber liability insurance in action: Following a data breach or other cyber event, the right policy can help organizations recoup a number of key costs. Specifically, cyber liability policies often cover investigation and forensics expenses—expenses that can easily bankrupt smaller firms who forgo coverage.
What’s more, when third parties are involved, managing litigation concerns can be a challenge. By using cyber liability insurance, organizations have access to legal professionals well-versed in cyber lawsuits and response.
Claims Scenario: Pardon the Interruption
The company: An online retail store that relies heavily on e-commerce
The challenge: A small-sized, online retailer partnered with a data centre to host its website and store its data. This is not uncommon, as many small businesses don’t have the IT infrastructure to host products, process payments and fulfil orders on-site.
Unfortunately, the data centre was targeted in a distributed denial-of-service (DDoS) attack. As a result of this attack, the retailer’s website went down for several days. While functionality was eventually restored, business interruption costs from lost sales and website downtime was over $165,000.
Cyber liability insurance in action: DDoS attacks are one of many weapons cyber criminals use to infiltrate and disrupt businesses. These attacks can impact any organization that owns a website, regardless of where it’s hosted.
Cyber liability insurance is one of the only protections organizations have against costly DDoS attacks and similar disruptions. This is because cyber policies offer business interruption loss reimbursement. Following a disruption caused by a cyber event, policies kick in and help organizations recover from any financial losses.
Benefits of Cyber Liability Insurance
- Data breach coverage—In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
- Business interruption loss reimbursement—A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
- Cyber extortion defence—Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup losses related to cyber extortion.
- Legal support—In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.
When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.
Cyber exposures aren’t going away and, in fact, continue to escalate. Businesses need to be prepared in the event that a cyber attack strikes. To learn more about cyber liability insurance, contact Scurich Insurance today.
One of the first things hackers do when they attempt to infiltrate computer systems is to try using any common or stolen passwords. And, if your employees aren’t careful to use effective passwords and change them regularly, both they and your business can be exposed to data breaches, phishing schemes and other costly cyber attacks.
Most people don’t manage their passwords effectively because of the misconception that strong passwords need to be long and difficult to remember. However, there are a few simple steps you can relay to your employees in order to ensure that passwords are both hard for hackers to figure out and easy to manage:
Build passwords around familiar phrases. Long passwords are harder for computer programs to guess, so using a long but familiar phrase, like a favorite song lyric or quote, is a great start to making a password.
Use a password management service. Many people write their passwords down on paper or in a word processor, but keeping them anywhere insecure makes it easier for hackers to access them. Instead, encourage your employees to use a reputable password management service to keep all of their login credentials safe. Contact us today for more resources that can help improve your cyber security, including our new “Employee Cyber Training – Passwords” video.
Technology can be a risk, especially when it involves your password. You hear about all of the hack attempts on the large corporations, but you don’t hear about the every day person that get’s targeted by a cyber attack. Simply visiting a website could enable your attacker access to your computer. This should push you to protect your most valuable asset, your password! Don’t give the hackers an easy target by not following the simple tips on improving your password.
Improve Your Password
- Change your password every 30-45 days.
- Choose a password between 8-16 characters.
- Use at least two special characters (!@#$%^&*) randomly within your password
- Avoid using family or pet names, dates or common phrases within your password.
- Never reuse or repeat a password across accounts.
Stay Away from COMMON Passwords
Protect yourself (and your company) by making sure you’re not using one of the top 25 most commonly stolen passwords of 2017, as determined by IT security firm SplashData.
DHS Warns of Utilities Malware
Two cyber security firms have uncovered malicious software that they believe caused a Ukraine power outage last December. The software was recently uncovered by two cyber security firms—ESET, a Slovakian anti-virus software maker, and Dragos Inc., a U.S. critical-infrastructure security firm.
The two firms released details of the malware, which goes by two different names, Industroyer and Crash Override. They also issued alerts to governments and infrastructure operators to help them defend against the malware, warning that it could be easily modified to harm critical infrastructure operations around the globe.
The U.S. Department of Homeland Security (DHS) hasn’t seen any evidence to suggest that its critical infrastructure has been affected, but it will continue to investigate, as there is the possibility of more attacks using the same approach. In an alert posted on its website, the agency stated that “the tactics, techniques and procedures described as part of the Crash Override malware could be modified to target U.S. critical information networks and systems.”
In the same alert, the DHS posted a list of technical indicators that a system had been compromised by Crash Override and asked firms to contact the agency if malware was suspected.
Power firms are concerned that there could be more attacks, especially considering the malware could attack other types of infrastructure, such as transportation, water and gas providers.
The two companies do not yet know who masterminded the attack, although Ukraine blames Russia. Officials in Moscow have denied the claims.
Microsoft Warns of Cyber Attacks
Citing an elevated risk of cyber attacks, Microsoft has released several security updates during its June “Patch Tuesday” in an effort to protect against widespread hacking. A recent blog post by Adrienne Hall, General Manager of Microsoft’s Cyber Defense Operations Center, stated, “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations.”
In May 2017—after the WannaCry ransomware locked hundreds of thousands of machines around the world and demanded that victims paid a ransom in bitcoin—Microsoft was prompted to release updates for software that it no longer supports. This was an unexpected move that preceded more updates for old, outdated systems.
Microsoft’s motives for June’s most recent security updates are speculative, and it is unclear whether the company has been warned of another cyber attack using exploits similar to those of WannaCry. A Microsoft spokesperson stated that the decision to release the most recent updates is “an exception based on the current threat landscape and the potential impact to customers and their businesses.”
WannaCry Came from North Korea
According to British security officials, the May 2017 global ransomware attack that affected over 200,000 computer systems came from North Korea. The hackers are believed to be a hacking group known as Lazarus—the same group that targeted Sony Pictures in 2014.
In the wake of increasing tensions resulting from North Korea’s missile tests, the DHS and the FBI have issued an alert to businesses about another possible cyber attack led by North Korea, warning people to update old software
British security officials have recently linked the North Korean government to the creation of WannaCry, based on tactics, techniques and targets. The ransomware was originally built around a hacking tool belonging to the National Security Agency and spread through a flaw in Windows.
The Importance of Performing Updates
WannaCry is believed to be a flawed attempt to raise revenue for the North Korean regime, considering the hackers have not yet cashed in the $140,000 in bitcoin they stole. That is likely because the transactions are easy to track. Despite the failed attempt, one of the reasons why WannaCry was so powerful was because many of the facilities attacked hadn’t updated their software to patch holes in security.
The most recent security update includes patches to its Windows XP, Windows Vista and Server 2003 products, which are all unsupported but still widely used. Microsoft suggests customers enable Windows Update if they haven’t already.
Target to Pay Settlement from 2013 Data Breach
Target has agreed to pay $18.5 million to settle claims made by 47 states and the District of Columbia as well as to resolve an investigation into the retailer’s massive data breach in 2013.
The investigation found that Target’s gateway server was accessed by cyber hackers through credentials stolen from a third-party vendor. As a result, data from up to 40 million credit and debit cards were stolen during the 2013 holiday season.
The total cost of the data breach was $202 million, according to Target. The state receiving the largest share of the settlement is California, which will receive more than $1.4 million.
Michigan Utility Company Loses Employees After Cyber Attack
A Lansing utility company is still recovering from a 2016 cyber attack that temporarily disabled its internal network and asked for a $25,000 ransom. According to officials, an employee unsuspectingly clicked on an infected email attachment, which shut down the company’s accounting and email systems.
Since the cyber attack, 14 employees have voluntarily left the company—13 of which were IT employees. The company is devoting its resources to minimize the odds of an attack and to quickly recover in the event it is hit again.
In today’s high-tech world, individuals can carry thousands of client files on flash drives in their pockets or purses. People are conducting business on the go and sensitive information is accessible at the click of a button. Managers are using their laptops or tablets through “hot spots” at local coffee shops to access customer databases. Healthcare professionals shopping at supermarkets can get patient files on their smartphones.
If you think of information security breaches primarily in terms of malicious hackers cracking the networks of big corporations from thousands of miles away, think again.
The hacking of such corporate giants as Global Payments, Epsilon, and Sony prove that size and sophistication can’t stop data thieves. However any company that stores customer information in electronic format is vulnerable to cyber privacy liability exposures than can cost megabucks – or even put a firm out of business – which means they need insurance against these risks.
Cyber Liability coverage can protect your business against breaches of privacy from unauthorized access, physical taking, or the mysterious disappearance of confidential information that leads to third-party losses resulting from identity theft.
Depending on your needs, the policy can also provide a variety of coverages, such as:
- Business Interruption
- Cyber Extortion
- Systems and Data Recovery
Other options can cover the cost of contacting those affected by the data breach, computer forensics to analyze the breach, fines and penalties, potential HIPAA (client medical records) exposures, and online activities on your company site.
The development and expansion of Cyber Liability coverage during the past two decades has paralleled the explosive growth of computer technology: Today’s policies are increasingly comprehensive – and inexpensive. Contact us today to discuss your Cyber Liability Insurance needs.
Going online has become part of everyday life, whether it is for everyday activities such as shopping, sending email or paying bills, and managing your accounts. But data breaches, in all their forms, can potentially expose the personal information that we share online, putting consumers at risk of identity theft.
According to the 2015 Travelers Consumer Risk Index, 59% of Americans worry about online identity theft. Fortunately, there are steps that consumers can take, including not opening unsolicited emails and avoiding unsecure websites, to protect their personal information while online.
The following tips can help you learn how to help stay safe online:
- Research potential retailers to make sure they are reputable and have a secure network and website. Try to avoid buying from a site that does not have a secure socket layer (SSL) encryption installed. In order to do this, look for the ‘s’ at the beginning of a URL – HTTPS:// instead of HTTP:// – to help determine if a site is SSL secured.
- Use only one credit card for online purchases. Be sure to read statements when received to check for fraudulent or unknown charges or activity.
- If you receive an email regarding sales or discounts from a particular retailer, log on directly to the official website for the business. Avoid linking to it from an unsolicited email.
Emails and Attachments
- Do not send personal information in email or instant messages. Emails are out of your control once sent, and can be easily intercepted.
- Do not click on links you receive by email or encounter online that are suspicious or from unknown sources. Only accept and click if it:
- Comes from someone you know.
- Comes from someone you have received mail from before.
- Is something you were expecting.
- Does not look odd with unusual spellings or characters.
- Passes your anti-virus program test.
- Be cautious of emails you receive regarding your financial accounts. If you are not sure of the email’s validity, contact your financial institution directly.
General Online Safety
- Try to limit the personal information you put on the Internet. Social media sites can be good for networking, but identity thieves can use the information you share.
- Remember to keep your Web browser up to date. This can help ensure the latest security features are installed.
- Avoid storing personal information, account numbers and personal identification numbers on your computer.
- Install firewall and anti-virus software. This can help protect you from exposure to malicious cyber attacks.
- Choose strong passwords and keep them private.