When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.
Cyber liability insurance policies are tailored to meet your company’s specific needs and can offer a number of important benefits, including the following:
Data breach coverage.
In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for these exposures, thus safeguarding your data from cyber criminals.
Business interruption loss reimbursement.
A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.
Cyber extortion defense.
Ransomware and similar malicious software are designed to steal and withhold key data from organization until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup loses related to cyber extortion.
Forensic support.
Following a cyber attack, your organization will have to investigate to determine the extent of the breach and what led to it. The right policy can reimburse the insured for costs related to forensics and seeking out expert advice. Additionally, some policies can provide 24/7 support from cyber specialists, which is especially useful following a hack or data breach.
Legal support.
In the wake of a cyber incident, businesses often seek legal assistance. This assistance can be costly, Cyber liability insurance can help businesses afford proper legal work following a cyber attack.
Coverage beyond a general liability policy.
General liability policies don’t always protect organizations from losses related to data breaches. What’s more, data is generally worth far more than physical assets, and it’s important to have the right protection in place when you need it most. Supplementing your insurance with cyber coverage can provide you with peace of mind that, in even of an attack, your organization’s financial and reputational well-being is protected.
To learn more about cyber liability insurance, contact us today.
Read more
When a data breach or other cyber event occurs, the damages can be significant, often resulting in lawsuits, fines and serious financial losses. What’s more, cyber exposures impact businesses of all kinds, regardless of their size, area of focus, or status as a private or public entity.
In order for organizations to truly protect themselves from cyber risks, corporate boards must play an active role. Not only does involvement from leadership improve cyber security, it can also reduce liability for board members.
To help oversee their organization’s cyber risk management, boards should ask the following questions:
Does the organization utilize technology to prevent data breaches?
Every company must have robust cyber security tools and anti-virus systems in place. These systems act as a first line of defense for detecting and preventing potentially debilitating breaches.
While it may sound obvious, many organizations fail to take cyber threats seriously and implement even the simplest protections. Boards can help highlight the importance of cyber security, ensuring that basic, preventive measures are in place.
These preventive measures must be reviewed on a regular basis, as cyber threats can evolve quickly. Boards should ensure that the management team reviews company technology at least annually, ensuring that cyber security tools are up to date and effective.
Has the board or the company’s management team identified a senior member to be responsible for organizational cyber security preparedness?
Organizations that fail to create cyber-specific leadership roles could end up paying more for a data breach than organizations that do. This is because, in the event of a cyber incident, a fast response and clear guidance is needed to contain a breach and limit damages.
When establishing a chief information security officer or similar cyber leadership role, boards need to be involved in the process. Cyber leaders should have a good mix of technical and business experience. This individual should also be able to explain cyber risks and mitigation tactics at a high level so they are easy to understand for those who are not well-versed in technical terminology.
It should be noted that hiring a chief information security officer or creating a new cyber leadership role is not practical for every organization. In these instances, organizations should identify a qualified, in-house team member and roll cyber security responsibilities into their current job requirements. At a minimum, boards need to ensure that their company has a go-to resource for managing cyber security.
Does the organization have a comprehensive cyber security program? Does it include specific policies and procedures?
It is essential for companies to create comprehensive data privacy and cyber security programs. These programs help organizations build a framework for detecting threats, remain informed on emerging risks and establish a cyber response plan.
Corporate boards should ensure that cyber security programs align with industry standards. These programs should be audited on a regular basis to ensure effectiveness and internal compliance.
Does the organization have a breach response plan in place?
Even the most secure organizations can be impacted by a data breach. What’s more, it can often take days or even months for a company to notice its data has been compromised.
While cyber security programs help secure an organization’s digital assets, breach response plans provide clear steps for companies to follow when a cyber event occurs. Breach response plans allow organizations to notify impacted customers and partners quickly and efficiently, limiting financial and reputational damage.
Board members should ensure that crisis management and breach response plans are documented. Specific actions noted in breach response plans should also be rehearsed through simulations and team interactions to evaluate effectiveness.
In addition, response plans should clearly identify key individuals and their responsibilities. This ensures that there is no confusion in the event of a breach and your organization’s response plan runs as smoothly as possible.
Has the organization discussed and formalized a cyber risk budget? How engaged is the board in terms of providing guidance related to cyber exposures?
Both overpaying and underpaying for cyber security services can negatively affect an organization. Creating a budget based on informed decisions and research helps companies invest in the right tools.
Boards can help oversee investments and ensure that they are directed toward baseline security controls that address common threats. Boards, with guidance from the chief security officer or a similar cyber leader, should also prioritize funding. That way, an organization’s most vulnerable and important assets are protected.
Has the management team provided adequate employee training to ensure sensitive data is handled correctly?
While employees can be a company’s greatest asset, they also represent one of their biggest cyber liabilities. This is because hackers commonly exploit employees through spear phishing and similar scams. When this happens, employees can unknowingly give criminals access to their employer’s entire system.
In order to ensure data security, organizations must provide thorough employee training. Boards can help oversee this process and instruct management to make training programs meaningful and based on more than just written policies.
In addition, boards should see to it that education programs are properly designed and foster a culture of cyber security awareness.
Has management taken the appropriate steps to reduce cyber risks when working with third parties?
Working alongside third-party vendors is common for many businesses. However, whenever an organization entrusts its data to an outside source, there’s a chance that it could be compromised.
Boards can help ensure that vendors and other partners are aware of their organization’s cyber security expectations. Boards should work with the company’s management team to draw up a standard third-party agreement that identifies how the vendor will protect sensitive data, whether or not the vendor will subcontract any services and how it intends to inform the organization if data is compromised.
Does the organization have a system in place for staying current on cyber trends, news, and federal, state, industry and international data security regulations?
Cyber-related legislation can change with little warning, often having a sprawling impact on the way organizations do business. If organizations do not keep up with federal, state, industry and international data security regulations, they could face serious fines or other penalties.
Boards should ensure that the chief information security officer or similar leader is aware of his or her role in upholding cyber compliance. In addition, boards should ensure that there is a system in place for identifying, evaluating and implementing compliance-related legislation.
Additionally, boards should constantly seek opportunities to bring expert perspectives into boardroom discussions. Often, authorities from government, law enforcement and cyber security agencies can provide invaluable advice. Building a relationship with these types of entities can help organizations evaluate their cyber strengths, weaknesses and critical needs.
Has the organization conducted a thorough risk assessment? Has the organization purchased or considered purchasing cyber liability insurance?
Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.
The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. As such, boards, alongside the company’s management team, need to conduct a cyber risk assessment and identify potential gaps. From there, organizations can work with their insurance broker to customize a policy that meets their specific needs.
Asking thoughtful questions can help boards better understand the strategies management uses to prevent, detect and respond to data breaches. When it comes to cyber threats, organizations need to be diligent and thorough in their risk prevention tactics, and boards can help move the cyber conversation in the right direction.
Cyber exposures impact organizations from top to bottom, and all team members play a role in maintaining a secure environment. However, managing personnel and technology can be a challenge, particularly for organizations that don’t know where to start.
That’s where Scurich Insurance can help. Contact us today to learn more about cyber risk mitigation strategies you can implement today to secure your business.
Read more
No industry is exempt from cyber crime, and the real estate industry has become a common target. As hackers devise plans to obtain sensitive information about real estate transactions, real estate professionals need to take particular interest in cyber security to protect their clients and themselves from wire fraud.
What is Wire Fraud?
In instances of wire fraud, a common ploy involves hackers breaking into a real estate agent’s email account to obtain details about upcoming transactions. Once the hackers have all the information they need, they send an email to the buyer, pretending to be the agent or a representative of the title company.
In an email to the buyer, the hackers state that there has been a change in the closing instructions and that the buyer needs to follow new wire instructions listed in the email. If a buyer falls victim to the scam and wires money to the fraudulent account, they’re unlikely to see the money again.
Red Flags
A potential indicator of wire fraud is an email that makes any reference to a Society for Worldwide Interbank Financial Telecommunication (SWIFT) wire transfer, which is sent via the SWIFT international payment network and indicates an overseas destination for the funds.
However, since the emails tend to include detailed information pertaining to the transaction—due to the perpetrator having access to the agent’s email account—many people make the mistake of assuming the email is from a legitimate source. The email addresses often appear to be legitimate, either because the hacker has managed to create a fake email account using the name of the real estate company or because they’ve hacked the agent’s actual email account.
How to Avoid It
Wire fraud is one of many types of online fraud targeting real estate professionals and their clients. To prevent cyber crime from occurring, every party involved in a real estate transaction needs to implement and follow a series of security measures that include the following:
- Never send wire transfer information, or any type of sensitive information, via email. This includes all types of financial information, not just wire instructions.
- If you’re a real estate professional, inform clients about your email and communication practices, and explain that you will never expect them to send sensitive information via email.
- If wiring funds, first contact the recipient using a verified phone number to confirm that the wiring information is accurate. The phone number should be obtained by a reliable source—email is not one of them.
- If email is the only method available for sending information about a transaction, make sure it is encrypted.
- Delete old emails regularly, as they may reveal information that hackers can use.
- Change usernames and passwords on a regular basis, and make sure that they’re difficult to guess.
- Make sure anti-virus technology is up to date, and that firewalls are installed and working.
- Never open suspicious emails. If the email has already been opened, never click on any links in the email, open any attachments or reply to the email.
If You’ve Been Hacked
Take the following steps if you suspect that your email, or any type of account, has been hacked:
- Immediately change all usernames and passwords associated with any account that may have been compromised.
- Contact anyone who may have been exposed to the attack so they too can change their usernames and passwords. Remind them to avoid complying with any requests for financial information that come from an unverified source.
- Report fraudulent activity to the FBI via the Internet Crime Complaint Center at www.ic3.gov/default.aspx. Also contact the state or local realtor association, which will alert others to the suspicious activity.
Contact Scurich Insurance today for more information on avoiding real estate fraud and other types of cyber crime.
Read more
Another global cyber attack was activated on Tuesday, leaving companies across Europe, Australia and even the United States struggling to respond.
This outbreak may be the most sophisticated of a series of attacks initiated after hacking tools were stolen from the National Security Agency and leaked online in April. Similar to the WannaCry attacks in May, the most recent hack involves taking control of computer systems and asking users for digital ransom in order to regain access.
According to a spokesperson from Microsoft, the latest software update used to patch EternalBlue—the Windows software vulnerability that caused previous attacks—should protect against this attack. However, the companies affected may have failed to properly install it. As of Wednesday morning, the following companies had been affected:
- Ukrainian institutions that include the Infrastructure Ministry, postal service, central bank and the country’s largest telephone company
- Russian oil company Rosneft
- The world’s largest container-shipping company A.P. Moller-Maersk
- U.S. pharmaceutical giant Merck
- U.S. food company Mondelez International
- French bank BNP Paribas
- French construction materials company Saint-Gobain
- British marketing company WPP
- German railway company Deutsche Bahn
Although the perpetrators of this outbreak are still unknown, computer specialists have noticed similarities between the ransomware used in this attack and last year’s Petya attack. Like WannaCry, Petya is a quickly spreading worm that affects vulnerable systems. Unlike WannaCry, Petya has multiple ways to spread. This could explain why even victims who applied the EternalBlue patch were affected.
If the most recent attack is related to Petya, it could be far more damaging than WannaCry. Unlike WannaCry, Petya lacks a kill switch to prevent it from spreading. Also, Petya locks and encrypts entire hard drives, while WannaCry only locked individual files.
At the time of this news brief, 30 victims had paid the bitcoin ransom of $300, according to online records, but it isn’t yet clear whether they’ve regained access to their systems. Complicating matters, German email provider Poseo shut down the email account of the hackers in a move that could make it impossible for hackers to restore their victims’ computer access once ransom is paid.
Scurich Insurance will continue to monitor the situation. Contact us if you have any further questions regarding how you can avoid disruptive business interruptions from cyber attacks.
Read more
DHS Warns of Utilities Malware
Two cyber security firms have uncovered malicious software that they believe caused a Ukraine power outage last December. The software was recently uncovered by two cyber security firms—ESET, a Slovakian anti-virus software maker, and Dragos Inc., a U.S. critical-infrastructure security firm.
The two firms released details of the malware, which goes by two different names, Industroyer and Crash Override. They also issued alerts to governments and infrastructure operators to help them defend against the malware, warning that it could be easily modified to harm critical infrastructure operations around the globe.
The U.S. Department of Homeland Security (DHS) hasn’t seen any evidence to suggest that its critical infrastructure has been affected, but it will continue to investigate, as there is the possibility of more attacks using the same approach. In an alert posted on its website, the agency stated that “the tactics, techniques and procedures described as part of the Crash Override malware could be modified to target U.S. critical information networks and systems.”
In the same alert, the DHS posted a list of technical indicators that a system had been compromised by Crash Override and asked firms to contact the agency if malware was suspected.
Power firms are concerned that there could be more attacks, especially considering the malware could attack other types of infrastructure, such as transportation, water and gas providers.
The two companies do not yet know who masterminded the attack, although Ukraine blames Russia. Officials in Moscow have denied the claims.
Microsoft Warns of Cyber Attacks
Citing an elevated risk of cyber attacks, Microsoft has released several security updates during its June “Patch Tuesday” in an effort to protect against widespread hacking. A recent blog post by Adrienne Hall, General Manager of Microsoft’s Cyber Defense Operations Center, stated, “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations.”
WannaCry
In May 2017—after the WannaCry ransomware locked hundreds of thousands of machines around the world and demanded that victims paid a ransom in bitcoin—Microsoft was prompted to release updates for software that it no longer supports. This was an unexpected move that preceded more updates for old, outdated systems.
Microsoft’s motives for June’s most recent security updates are speculative, and it is unclear whether the company has been warned of another cyber attack using exploits similar to those of WannaCry. A Microsoft spokesperson stated that the decision to release the most recent updates is “an exception based on the current threat landscape and the potential impact to customers and their businesses.”
WannaCry Came from North Korea
According to British security officials, the May 2017 global ransomware attack that affected over 200,000 computer systems came from North Korea. The hackers are believed to be a hacking group known as Lazarus—the same group that targeted Sony Pictures in 2014.
In the wake of increasing tensions resulting from North Korea’s missile tests, the DHS and the FBI have issued an alert to businesses about another possible cyber attack led by North Korea, warning people to update old software
Recent Findings
British security officials have recently linked the North Korean government to the creation of WannaCry, based on tactics, techniques and targets. The ransomware was originally built around a hacking tool belonging to the National Security Agency and spread through a flaw in Windows.
The Importance of Performing Updates
WannaCry is believed to be a flawed attempt to raise revenue for the North Korean regime, considering the hackers have not yet cashed in the $140,000 in bitcoin they stole. That is likely because the transactions are easy to track. Despite the failed attempt, one of the reasons why WannaCry was so powerful was because many of the facilities attacked hadn’t updated their software to patch holes in security.
The most recent security update includes patches to its Windows XP, Windows Vista and Server 2003 products, which are all unsupported but still widely used. Microsoft suggests customers enable Windows Update if they haven’t already.
Target to Pay Settlement from 2013 Data Breach
Target has agreed to pay $18.5 million to settle claims made by 47 states and the District of Columbia as well as to resolve an investigation into the retailer’s massive data breach in 2013.
The investigation found that Target’s gateway server was accessed by cyber hackers through credentials stolen from a third-party vendor. As a result, data from up to 40 million credit and debit cards were stolen during the 2013 holiday season.
The total cost of the data breach was $202 million, according to Target. The state receiving the largest share of the settlement is California, which will receive more than $1.4 million.
Michigan Utility Company Loses Employees After Cyber Attack
A Lansing utility company is still recovering from a 2016 cyber attack that temporarily disabled its internal network and asked for a $25,000 ransom. According to officials, an employee unsuspectingly clicked on an infected email attachment, which shut down the company’s accounting and email systems.
Since the cyber attack, 14 employees have voluntarily left the company—13 of which were IT employees. The company is devoting its resources to minimize the odds of an attack and to quickly recover in the event it is hit again.
Read more
Employee Drug Use Reaches 12-year High
The positive drug test rate for the U.S. workforce was 4.2 percent in 2016, according to the Drug Testing Index (DTI) released by Quest Diagnostics. This represents a 5 percent increase over the positive rate in 2015, and the largest single-year positive rate since 2004.
The DTI analyzed over 10 million workforce drug test results from 2016 and categorized employees into three categories, including employees with federally mandated drug tests, the general workforce and the combined U.S. workforce. Here are additional details about the DTI’s findings for specific drug types:
- Marijuana—The positive test rate for marijuana increased nearly 75 percent in oral fluid testing, which is used in the general workforce. Federally mandated marijuana tests only utilize urine tests, and the positive test rate increased 10 percent in 2016.
- Cocaine—Positive test rates for cocaine in post-accident drug tests were more than twice as high as pre-employment screenings.
- Amphetamines—Positive test rates for amphetamines have risen 64 percent between 2012 and 2016 for the general workforce. Quest Diagnostics attributes this increase to the prevalence of prescription drugs, including Adderall.
In order to create a safe, productive workplace, you need to watch out for potential drug use at your business.
Political Discussions Hurt Job Performance
Many people can get worked up about politics, but a new survey from the American Psychological Association (APA) has shown that political discussions in the workplace can have a big impact on your employees’ job performance.
The APA surveyed U.S. employees about the impact of political discussions after the 2016 presidential election, and found that these discussions have a detrimental effect on job performance and relationships with co-workers. The survey found that 40 percent of employees have experienced a negative outcome following a workplace political discussion, such as reduced productivity or difficulty getting work done. Additionally, 24 percent of employees said they avoid some co-workers solely because of their politics.
According to the APA, social networks and constant news reports can cause individuals to adopt an “us versus them” political mentality, which can lead to conflict. As a result, it’s important to encourage respect, collaboration and courtesy in your workplace to ensure that your employees feel supported and remain productive.
New Executive Order Aims to Improve Cyber Security
President Donald Trump recently signed an executive order to improve the country’s cyber security and protect key infrastructure from cyber attacks. The order also emphasized the importance of strengthening the cyber security of federal agencies. According to a survey from Thales Group, a cyber security company, 34 percent of federal agencies experienced a data breach in the last year, and 95 percent of agencies consider themselves vulnerable to cyber attacks.
The executive order did not create any ongoing cyber security requirements, but instead laid out goals to assess the current state of cyber defenses and develop deterrence strategies. Here are some of the requirements of the executive order:
- Federal agencies must draft reports on their ability to defend themselves against cyber threats.
- The departments of Energy and Homeland Security must assess potential vulnerabilities to the country’s electrical grids. The executive order specifically mentions that prolonged power outages could pose a threat to national security or damage the economy.
- Various federal agencies must review the cyber defense plans of U.S. allies in order to cooperate during international cyber attacks.
Apple Creates $1 Billion Fund to Support U.S. Manufacturing
Apple, the world’s largest technology company, recently announced that it will create a $1 billion fund to support U.S. manufacturing. Although the company is based in the United States, it has faced criticism for outsourcing most of its manufacturing and taking jobs from U.S. workers.
Apple’s CEO stated that one goal of the fund was to support smart manufacturing and to create a ripple effect in industries that support smart manufacturers. For more information on the manufacturing fund, visit Apple’s website.
DID YOU KNOW?
A U.S. Court of Appeals recently barred the Federal Aviation Administration (FAA) from requiring recreational drone owners to register their unmanned aircraft. The FAA had originally required recreational drones to be registered in order to help identify aircraft that posed a hazard, and to pass on safety information to operators. However, the court’s ruling will not impact the use of drones for commercial use, as these aircraft must still be registered with the FAA before they are used.
Read more
