Cyber Insurance: A Digital Necessity

All businesses, large or small operate digitally in one form or another. They need to protect themselves against their cybersecurity risk.

The costs of a breach can be enormous. (Imagine losing a major bank transfer or assuming a loss of $10,000 for each cyber-security infraction.) By the way, your attacker can come from the outside or inside, as 70 percent of breaches are initiated by employees or former employees.

So what this thing called cyber insurance? Cyber insurance arose out of the traditional Errors and Omissions (E&O) coverage known to most businesses. Over time coverage was extended to viruses, data corruption to connected client systems, or damage affecting customers. Generally, early adopters were technology-based companies.

More than a decade ago, network security policies expanded to include breaches of confidential information. At that point, the retail segment adopted cyber insurance on a wide scale.

Coverage for any business could be simple or complex. The determining factor is an employer’s decision on degree of acceptable risk. Let’s take the simple first.

The Bank of Tucson, through Grandpoint Insurance Services, now offers cyber insurance coverage for its customers at a nominal cost. The coverage for business accounts protects against losses for funds transfer fraud (when someone impersonates your company for a funds transfer) and cyber deception (when a criminal pretends to be your vendor employee or client and gets you to transfer money to them). Mike Hannley, president of Bank of Tucson, announced the new product in the last month. Mike commented, “Internet criminals do not use guns for illicit gain, but they gladly use your computer and network for paydays!”

Let’s take a look at broader, more complex cyber insurance. That kind of cyber insurance may have several parts:

  • Network Security: Your network has failed in some form. It could be that someone is trying to shut down your network to in an effort to stop you from conducting business. Or, you’ve just experienced a data breach, some form of extortion, or tapped your system to advance a virus to all of your connected transmissions.
  • Privacy: Privacy is huge and does not necessarily have to be connected to a system failure. There are many known cases of information of physical records that are not properly disposed of, including human errors (think of a lost laptop with an easily penetrated passcode) or a hard drive with customer records that somehow got into the wrong hands.
  • Media Liability:  This aspect covers advertising injury claims like copyright, libel and slander. Coverage may extend to offline content as well.

Digging deeper, network security and privacy liability policies covers first and third party liabilities. First party means the direct costs of responding to a breach; third party means it applies when people sue or make claims against you.

First party inclusions:

  • Costs of notifying anyone attached to the breach
  • Loss of profits and business interruption
  • Legal advice and regulatory obligations
  • Public relations expenses
  • Third party inclusions:
  • Regulatory fines and penalties
  • Damage and judgments related to the breach
  • Legal expenses
  • Costs of responding to regulatory inquiries

According to Jack Clements, CPA at the Clements Agency, “Every company, large or small, should at least consider cyber Insurance. There are so many examples of exposure to loss that it is difficult to list them all; some exposures are unique to certain types of businesses.”

“And don’t forget about controls; they are critical,” Jack continued. “In broad policies, premiums are based upon the quality of your controls. Many companies believe that their controls are so strong, that it can never happen to them. Believe me, it can and it will.”
 
Another aspect of this discussion is commonly known as “Social Engineering” or “Duping.” This is a scheme where a seemingly legitimate email is sent to you asking for money or confidential information. It happens all the time. Jack added, “In fact, an attempt was made on our office this week. We received a business email from my brother, with whom we do business, asking for a wire transfer. When we called him, we learned that it was completely fraudulent. Had we complied, the transaction would not have been covered by our Cyber Policy, since we willingly sent the money. We would, however, have been covered by the Social Engineering endorsement that we have on our package policy. Just another area to think about.”

Insidetucsonbuimess: http://bit.ly/2aeacm4

 

« Too Much Information: Making Sense Of Big Data
Solutions To Automotive Cyber Hacking Risks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

National Cyber-Forensics & Training Alliance (NCFTA)

National Cyber-Forensics & Training Alliance (NCFTA)

NCFTA is a trusted alliance of private industry and law enforcement partners dedicated to information sharing and disrupting cyber-related threats.

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

IDnow

IDnow

IDnow is the world’s fastest, most flexible and most secure identity verification platform, delivering instant verification of the identity documents used by 7 billion people.

NSO Group

NSO Group

NSO Group develops technology that enables government intelligence and law enforcement agencies to prevent and investigate terrorism and crime.

Flipside

Flipside

Information Security training provider specialized in personalized training and security awareness campaigns.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

Vambrace Cybersecurity

Vambrace Cybersecurity

Vambrace is an experienced cybersecurity consultancy and operations outsourcer helping you to secure your business in an increasingly-hostile cyber environment.

Relyance AI

Relyance AI

Relyance AI - One unified platform for privacy, security, & governance.