Big businesses are not the only targets for hackers…
While widely-reported hack attacks often involve big companies, small companies are also very much at risk, and generally do not have the financial resources to get back on track after an attack. In the aftermath of these incidents, these companies spent an average of $850,000 because of damage or theft of IT assets and in addition, disruption to normal operations cost an average of $955,000
The fact is that every business big or small, needs Cyber Liability Insurance. If you ever come across a computer, which you use for your business, or just take credit card payments from your customers, or simply just send a happy birthday email to a client, you need Cyber Liability Insurance and we, at American US Insurance are here to help you with some useful information that will let you see the big picture from a better angle.
To help put things in perspective:
- Almost 55 percent of small businesses have experienced a cyber-attack.
- More than 70 percent of hackers target small businesses.
- 50 percent report they had data breaches involving customer and employee information in the past
- As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.
- 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
- Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
- Cyber-attack damages exceeded $5 Billion in 2017
- Every 40 seconds a new business in United States is attacked.
The implementation of small-business cyber security measures is far less complex than that of a larger organization, making it much easier for a hacker to infiltrate their systems. Companies with tight cyber security measures are still susceptible to attacks via social engineering and employee phishing. These tactics account for the top 2 most common cyber claims: ransomware and funds transfer fraud via social engineering.
Ransomware Attacks, Funds Transfer Fraud & Cyber Crime Attacks
What happens in an attack?
Hackers get businesses to download Ransomware viruses by tricking employees into clicking on phishing emails or exploiting software security vulnerabilities. Once the virus is downloaded, Ransomware’s objective is to look up proprietary data, including backups, unlock the data within a time or destroy all the data. The hacker then demands a crypto-currency payment to unlock the data within a time window or destroy it all. In addition, hackers manipulate senior executive officers, employees or clients, with the intention of tricking the business or their clients into wiring money into the hacker’s bank account. Successful unauthorized Funds Transfer Fraud hacking methods consist of stealing login credentials via phishing or key-logging malware, financial data manipulation and corporate identity theft. Wire transfer fraud attacks continue to rise over time because it is the quickest payday in a hacker’s world and human error is eminent.
Depending on the severity of the incident, the cost associated with ransom attacks it is extremely high, here is a sample of costs related with these incidents.
Forensic Experts: $350/hr - $500/hr
Data Breach Attorney: $350/hr - $500/hr
Notification Cost: $3 - $5/ individual
Credit Monitoring: $3 - $5/ individual
Public Relations Firm: $350/hr - $500/hr
IT services, software, and other recovery-related costs
Costs related to lost revenues
Other indirect costs
How to keep your business safe from cyber crime
Apply software updates when necessary.
Apple, Google, and Microsoft typically include security bug fixes and patches in their most recent software updates. So, don't ignore those annoying prompts and keep your software up-to-date. One of the simplest strategies to use immediately, is ensuring that your entire network is up to date. This means paying attention to all notifications regarding updates to your operating systems, anti-virus software, web browsers and firewalls. Ignoring any of these essentially leaves gaps in your defense system.
Increase employee awareness
This is one of the most cost-effective methods of preventing cyber-attacks. It is critical to understand that cyber-attacks can occur just by a cyber-criminal having access to an employee laptop. Therefore, it’s imperative for your company to implement privacy training.
Avoid inserting unknown external drives you don't trust into your computer
If you find a random USB drive, don't follow the temptation to plugging it in. Someone could have loaded source, you are better off not putting your computer at risk.
Use strong passwords and enable two-factor authentications
Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or "crack" them. A good method is to rely on a series of words and use memory techniques or mnemonics, to help you remember how to decode it. Using both lowercase and capital letters adds another layer of obscurity. Your best defense, though, is to use a combination of numbers, special characters, and both lowercase and capital letters. Also, many services including Google, offer two-factor authentication for logging into your account. Instead of simply entering a username and password to log in, the website will prompt you to enter a code sent to your smartphone to verify your identity.
Do not give out personal information
When someone calls you or send you an email requesting information, DO NOT PROVIDE your details over the phone or in an email unless completely sure. Social engineering is a process of deceiving individuals into providing personal information to seemingly trusted agents who turn out to be malicious actors. If contacted over the phone by someone claiming to be a retailer or collection agency, do not give out your personal information. Ask them to provide you their name and a call-back number. If you are asked to provide personal information via email, you can independently contact the company directly to verify this request. Just because they may have some of your information does not mean they are legitimate!
Be suspicious of unknown links or requests sent through email or text message
Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
Pay close attention to website URLs.
Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
Have a well-structured Cyber Liability Insurance Policy in effect
Even though the damage may have already taken place, what happens after the fact? A well written Cyber Liability Insurance policy will help you to cover all expenses associated with the incident. Risks like the ones explained below, are some of the many coverages available for your business.
- Theft and fraud. Covers destruction or loss of the policyholder’s data as the result of a criminal or fraudulent cyber event, including theft and transfer of funds.
- Forensic investigation. Covers the legal, technical or forensic services necessary to assess whether a cyber attack has occurred, to assess the impact of the attack and to stop an attack.
- Business interruption. Covers lost income and related costs where a policyholder is unable to conduct business due to a cyber event or data loss.
- Extortion. Provides coverage for the costs associated with the investigation of threats to commit cyber attacks against the policyholder’s systems and for payments to extortionists who threaten to obtain and disclose sensitive information.
- Reputation: Insurance against reputation attacks and cyber defamation.
- Computer data loss and restoration. Covers physical damage to, or loss of use of, computer-related assets, including the costs of retrieving and restoring data, hardware, software or other information destroyed or damaged as the result of a cyber attack.
10 Reasons why cyber liability insurance
- Cyber crime is the fastest growing crime in the world, but most attacks are not covered by standard property or crime insurance policies
New crimes are emerging every day. The internet means that your business is now exposed to the world’s criminals and is vulnerable to attack at any time of the day or night. Phishing scams, identity theft, and telephone hacking are all crimes that traditional insurance policies do not address. Cyber insurance can provide comprehensive crime cover for a wide range of electronic perils that are increasingly threatening the financial resources of today’s businesses.
- Systems are critical to operating your day to day business, but their downtime is not covered by standard business interruption insurance
All businesses rely on systems to conduct their core business, from electronic point of sales software to hotel room reservation systems. In the event that a hack attack, computer virus or malicious employee brings down these systems, a traditional business interruption policy would not respond. Cyber insurance can provide cover for loss of profits associated with a systems outage that is caused by a “non physical” peril like a computer virus or denial of service attack.
Data is one of your most important assets, yet it is not covered by standard property insurance policies
Most businesses would agree that data or information is one of their most important assets. It is almost certainly worth many times more than the physical equipment that it is stored upon. Yet most business owners do not realize that a standard property policy would not respond if this data is damaged or destroyed. A cyber policy can provide comprehensive cover for data restoration and rectification in the event of a loss up to the full policy limits.
Third party data is valuable and you can be held liable if you lose it
We all hold more data than ever before and often this data belongs to our customers and suppliers. Non-disclosure agreements and commercial contracts often contain warranties and indemnities in relation to the security of this data that can trigger expensive damages claims if you experience a breach. Increasingly, consumers are also seeking legal redress in the event that a business loses their data. This risk is further heightened if you hold any data on US consumers.
Retailers face severe penalties if they lose credit card data
Global credit card crime is worth over $7.5bn and increasingly this risk is being transferred to the retailers that lose the data*. Under merchant service agreements, compromised retailers can be held liable for forensic investigation costs, payment card reissuance costs and the actual fraud conducted on stolen cards. These losses can run into hundreds of thousands of dollars for even a small retailer. Cyber insurance can help protect against all of these costs.
Complying with breach notification laws costs time and money
Breach notification laws are slowly being introduced across many different countries. These generally require businesses that lose sensitive personal data to provide written notification to those individuals that were potentially affected. Even though a legal obligation to notify only currently exists in some countries, this is changing and there is a growing trend towards voluntary notification in order to protect your brand and reputation. Customers who have had their data compromised expect openness and transparency from the businesses they entrusted it with. Cyber policies can provide cover for the costs associated with providing a breach notice even if it is not legally required.
Your reputation is your number one asset, so why not insure it?
Any business lives and dies by its reputation. Although there are certain reputational risks that can’t be insured, you can insure your reputation in the event of a security breach. When your systems have been compromised, you run a risk of losing the trust of your loyal customers which can harm your business far more than the immediate financial loss. Cyber insurance can not only help pay for the costs of engaging a PR firm to help restore this, but also for the loss of future sales that arise as a direct result of customers switching to your competitors.
Social media usage is at an all-time high and claims are on the rise
Social media is the fastest growing entertainment channel in the world. Information is exchanged at lightning speed and exposed to the world. But often there is little control exercised over what is said and how it is presented, and this can give rise to liability for businesses who are responsible for the actions of their employees on sites such as LinkedIn, Twitter and Facebook. Cyber insurance can help provide cover for claims arising from leaked information, defamatory statements or copyright infringement.
Portable devices increase the risk of a loss or theft
The advent of portable devices and the ability to work away from the office has made life a lot easier for many of us. However, this new style of working also means that important and confidential data can be stolen or lost much more easily. A laptop left on a train, an iPad stolen in a restaurant, or a USB stick going missing are all good examples. In addition, the devices themselves are being targeted with a growing number of viruses being built just for them. Cyber insurance can help cover the costs associated with a data breach should a portable device be lost, stolen or fall victim to a virus.
It’s not just big businesses being targeted by hackers, but lots of small ones too
While the large-scale hack attacks on the news often involve big companies, small companies are also at risk and often don’t have the financial resources to get back on track after a hacking attack or other kind of data loss.
As hackers and cyber criminals continue to target small businesses, owners and employees need to know how to protect both their customers and them-selves and we at American US Insurance, can help you do just that.
Source: Wikipedia - https://en.wikipedia.org
Department of Homeland Security - https://www.dsh.gov
Evolve - evolvemga.com