Cyber-crime can take a variety of forms — and we know that no company is too small to be an enticing financial opportunity for threat actors. Common types of cyber-crime today include hacking, social engineering, fund transfer fraud, and ransomware. According to Coalition’s H1 2021 Cyber Insurance Claims Report, the frequency of these types of incidents reported for organizations with under 250 employees increased 57% from the first half of 2020 to early 2021, and this trend has only continued.
Also, as more businesses support hybrid work models and businesses move more of their operations to the cloud, cyber criminals are finding additional and unique ways of infiltrating company networks — easily.
That’s why it’s more important than ever for businesses to take the time to understand and evaluate cyber risk and secure the right cyber insurance coverage to protect their business assets.
Your cyber risk coverage checklist
Cyber insurance is not designed as a one-size-fits-all, unlike other standard business risk policies, such as General Liability (GL) and Property. For example, Coalition offers a menu of different coverages that can be chosen to address an insured’s unique risks and exposures. Having coverage that addresses your company’s specific risks is the key to smart and effective coverage.
Whether you are evaluating the adequacy of your current cyber coverage or in the market to add cyber coverage insurance, you should keep in mind the following five key cyber risks:
1. Cyber extortion (i.e. ransomware remediation)
The impact of ransomware on businesses has grown significantly since the onset of the pandemic. The average ransom demand is up 71% for 2022 approaching $1 Million. Paying such an exorbitant fee often proves untenable for many businesses.
2. Funds transfer fraud
One of the easier ways to monetize cyber-crime is through funds transfer fraud (FTF), which is often perpetuated through social engineering techniques like phishing or business email compromise (BEC). Once criminals have access to your business mailbox, they can manipulate your contacts and modify payment instructions, sometimes without even triggering any security alerts.
Fund Transfer Fraud made up 36% of company’s cyber claims in Q3 202, hitting an all-time high and outpacing ransomware for the first time in a long time.
3. Cloud vendor risk
Businesses that rely on cloud vendors to store company documents often provide these vendors with access to sensitive customer and employee data, including personal information. In many cases, they also rely on these vendor platforms to conduct critical functions, including processing the company’s accounts receivable, storing critical data (e.g., medical or financial records), and facilitating employee data.
Should one of these cloud vendors experience a cyber incident, it can be costly to all of the businesses that rely upon the vendor’s platform. Specifically, companies could be exposed to privacy claims, regulatory fines, and other business interruption costs, including lost income and extra expenses to get their operation back up and running.
As many as 30% of businesses say they consider their platform and system vendors a risk in the event of a data breach, as reported by Riskrecon. Even if your third-party vendor has cyber insurance, your contract with them may limit their liability to you.
4. Emerging digital risks
Two of the latest emerging digital risks include service fraud (also known as crypto jacking) and bricking. These tactics can be devastating for businesses and are usually not covered by a general cyber policy. Service Fraud endorsement covers the direct financial losses an insured faces when charged for fraudulent use of cloud-and internet-based services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Network as a Service (NaaS), IP Telephony and more.
Cyber insurance coverage offers Computer Replacement (also known as bricking) coverage, addressing the growing gap between a business’s general cyber coverage and property policy.
5. Cyber incidents that impact physical risk
As digital infrastructure becomes more advanced and integrated into your business operations, the boundary between cyber and physical security has become increasingly blurred. For example, a cyberattack on a medical organization’s network could impact the health and safety of patients undergoing treatment by disrupting the connected medical devices.
Likewise, a manufacturing company’s operations could be shut down entirely if connected machinery is attacked and cannot be accessed, such as in a ransomware attack, or destroyed with malicious commands sent to the machinery, causing it to perform unwanted actions. General liability (GL) policies typically do not cover physical or non-physical risks arising from cyber-attacks.
Three key cyber coverage endorsements can help bridge the gap between your GL and cyber coverage when it comes to physical security. First-party Bodily Injury and Property, Third-party liability for Bodily Injury and Property, and Third-party Pollution coverage all protect your organization from cyber threats that translate to physical impacts.
Protect your business: Get insured
Cyber insurance is a key factor in addressing and mitigating these new and ever increasing cyber risks and can really save your business time and money if it’s ever the target of a cyber-attack.
For questions about Cyber Insurance get connected to a broker, reach out to our team.
Comentarios