The amount of damage caused by cyber-attacks over the last two years has increased by 387% 1. The FBI’s Internet Crime Complaint Center (IC3) reported 466,501 victims of cybercrime in the U.S. for 2021 alone, many of them businesses 2. And due to the nature of cybercrime and the difficulty of recovery, businesses can fail after an attack, with small and medium sized companies being the most vulnerable. This cybercrime comes in many forms, some of the most common types being business email compromise, data breach, ransomware, and funds transfer fraud. Today, a cyber-attack is less of a question of “if” and more a question of “when”. Thus, when your business is the victim of such crimes, is it properly protected by cyber insurance?
Cyber-Attack Examples
Internet criminals are a creative bunch, so keeping up with the latest threats can be difficult. Because the methods of cybercrime change rapidly, many business owners struggle to understand how their company could be affected. Review the following to better understand today’s major cybercrime schemes.
Business Email Compromise
Business email compromise is when a hacker gains access to a business’s email system. Methods of gaining this access are often quite simple, such as sending fraudulent emails which trick employees into clicking harmful links. A single wrong click can eventually provide cyber criminals access to the entire network. In truth, once they gain access to email, the real damage can play out many ways, and several scenarios are discussed below. IC3 reported business email compromise as the leading cyber-crime with losses of $2,395,953,296 (yes, that’s trillion) over the last three years 2.
Data Breach
Though data breaches are no longer the most common type of cyber-attack, they are still prevalent and serve as a tangible example of a cyber threat. In fact, one of the largest security breaches in history was against the department store Target when cybercriminals stole 41 million customer payment card accounts 3. Interestingly, the data breach started by stolen network credentials from an HVAC contractor who had access to monitor Target’s heating systems. In the end, Target paid an $18.5 million settlement to customers, but said the breach cost them $202 million 4. Data breaches can affect any industry and typically target (no pun intended) financial, health, intellectual, and government sectors.
Ransomware
Today, ransomware attacks are commonplace and, unlike data breaches, are not focused on a particular industry. Even non-profits are targets. In this scenario, hackers gain access to a business’s network and encrypt the files, making them inaccessible, then demand a ransom payment to decrypt them. Payment is usually required in bitcoin, making tracing the perpetrators difficult. Ransomware is one of the most common threats to businesses and several of our own clients have fallen victim to these attacks.
Funds Transfer Fraud
Funds transfer fraud attacks have skyrocketed recently as well. Since 2020, many companies shifted to remote work which migrated much of their communications and operations online. Unfortunately, the rushed transition resulted in overlooked security risks. Criminals seized the opportunity and targeted vulnerable new industries and smaller businesses, crafting sophisticated scams. For example, fraudulent payments could be won through well disguised emails and a subject line such as “Due to COVID-19, we are changing our payment procedures.”
Cyber Insurance Coverage
Based on these threats, some of the main coverages offered by cyber insurance are:
- Breach Response Costs – covers costs for legal fees, forensics, public relations, credit monitoring, etc.
- Ransomware – pays the ransom or costs to recover data. Palo Alto’s Unit 42 security consulting group reports the average ransomware claim last year grew 82% to $570,000! The easiest way to recover from an attack is to pay the ransom. However, insurance companies first attempt to recover systems and data from backups before paying.
- Funds Transfer Fraud – covers unauthorized electronic funds transfer plus theft of money or other financial assets by electronic means. The average funds transfer fraud claim jumped to $367,500 for 2021 5.
- Payment Card Industry Data Security Standard Assessment – protects against the cost of an assessed penalty for breach of credit card security standards. This coverage can include related claim and audit expenses.
- Media Liability – guards against liability for libel, slander, defamation, copyright infringement, or invasion of privacy in electronic (and sometimes non-electronic) communications.
Due to an increase in the number of claims, cyber insurance cost rose greatly the last few years, and obtaining the coverage is more stringent. For example, many insurance companies no longer cover businesses that do not employ multi-factor authentication on various systems. Maintaining secure offline backups is also important due to the physical separation it imposes, reducing the likelihood of the backups becoming infected by a breach.
Our View
The best way to protect a business from cyber-attacks is to implement appropriate policies and procedures. However, each business should perform a cyber risk analysis and obtain appropriate cyber insurance in case of a successful attack. Commercial insurance packages often offer cyber liability add-ons, but these generally provide smaller limits and narrow coverage. The best protection is found in a dedicated cyber insurance policy from a company specializing in this protection.
In addition, every client of Bankers Insurance is offered a complimentary subscription to MyWave, an online business resource containing information on cyber threats, risk analysis, mitigation and response plans, and more. We recommend each client log in to MyWave and familiarize themselves with the resources located there. A quick search for “cyber” and “cyber risk management” will yield many valuable tools to reduce cyber risk. Adjust your MyWave Settings to include all the topics of interest to you, and ensure you are subscribed to email alerts. Not set up on MyWave? Request Access. We also offer access to MyWave for your entire HR staff, supervisors, insurance managers, or other employees who may benefit. Simply complete the Request Access form for each and we’ll get them added.
Questions on insurance considerations for cyber liability insurance? Contact your Bankers Insurance agent. Not a client of ours? Let us earn your business! Each of our clients is assigned a personal insurance agent and provided their email address as well as a phone number that rings right on their desk.