Cyber Insurance: A Digital Necessity

Uploaded on 2016-08-25 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Financial

All businesses, large or small operate digitally in one form or another. They need to protect themselves against their cybersecurity risk.

The costs of a breach can be enormous. (Imagine losing a major bank transfer or assuming a loss of $10,000 for each cyber-security infraction.) By the way, your attacker can come from the outside or inside, as 70 percent of breaches are initiated by employees or former employees.

So what this thing called cyber insurance? Cyber insurance arose out of the traditional Errors and Omissions (E&O) coverage known to most businesses. Over time coverage was extended to viruses, data corruption to connected client systems, or damage affecting customers. Generally, early adopters were technology-based companies.

More than a decade ago, network security policies expanded to include breaches of confidential information. At that point, the retail segment adopted cyber insurance on a wide scale.

Coverage for any business could be simple or complex. The determining factor is an employer’s decision on degree of acceptable risk. Let’s take the simple first.

The Bank of Tucson, through Grandpoint Insurance Services, now offers cyber insurance coverage for its customers at a nominal cost. The coverage for business accounts protects against losses for funds transfer fraud (when someone impersonates your company for a funds transfer) and cyber deception (when a criminal pretends to be your vendor employee or client and gets you to transfer money to them). Mike Hannley, president of Bank of Tucson, announced the new product in the last month. Mike commented, “Internet criminals do not use guns for illicit gain, but they gladly use your computer and network for paydays!”

Let’s take a look at broader, more complex cyber insurance. That kind of cyber insurance may have several parts:

  • Network Security: Your network has failed in some form. It could be that someone is trying to shut down your network to in an effort to stop you from conducting business. Or, you’ve just experienced a data breach, some form of extortion, or tapped your system to advance a virus to all of your connected transmissions.
  • Privacy: Privacy is huge and does not necessarily have to be connected to a system failure. There are many known cases of information of physical records that are not properly disposed of, including human errors (think of a lost laptop with an easily penetrated passcode) or a hard drive with customer records that somehow got into the wrong hands.
  • Media Liability:  This aspect covers advertising injury claims like copyright, libel and slander. Coverage may extend to offline content as well.

Digging deeper, network security and privacy liability policies covers first and third party liabilities. First party means the direct costs of responding to a breach; third party means it applies when people sue or make claims against you.

First party inclusions:

  • Costs of notifying anyone attached to the breach
  • Loss of profits and business interruption
  • Legal advice and regulatory obligations
  • Public relations expenses
  • Third party inclusions:
  • Regulatory fines and penalties
  • Damage and judgments related to the breach
  • Legal expenses
  • Costs of responding to regulatory inquiries

According to Jack Clements, CPA at the Clements Agency, “Every company, large or small, should at least consider cyber Insurance. There are so many examples of exposure to loss that it is difficult to list them all; some exposures are unique to certain types of businesses.”

“And don’t forget about controls; they are critical,” Jack continued. “In broad policies, premiums are based upon the quality of your controls. Many companies believe that their controls are so strong, that it can never happen to them. Believe me, it can and it will.”
 
Another aspect of this discussion is commonly known as “Social Engineering” or “Duping.” This is a scheme where a seemingly legitimate email is sent to you asking for money or confidential information. It happens all the time. Jack added, “In fact, an attempt was made on our office this week. We received a business email from my brother, with whom we do business, asking for a wire transfer. When we called him, we learned that it was completely fraudulent. Had we complied, the transaction would not have been covered by our Cyber Policy, since we willingly sent the money. We would, however, have been covered by the Social Engineering endorsement that we have on our package policy. Just another area to think about.”

Insidetucsonbuimess: http://bit.ly/2aeacm4

 

« Too Much Information: Making Sense Of Big Data
Solutions To Automotive Cyber Hacking Risks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Blue Solutions

Blue Solutions

Blue Solutions is a consultancy-led, accredited software distributor who provides IT solutions and support to small and medium enterprises.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

Cast Software

Cast Software

CAST is a pioneer in Software Analysis and Measurement (SAM) to capture and quantify the reliability and security of business applications.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

FileWave

FileWave

FileWave offers a single solution for managing apps, devices, and more for Mac, Windows, and mobile devices.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Arcanna.ai

Arcanna.ai

Using a wide range of out-of-the box integrations, Arcanna.ai continuously learns from existing enterprise cybersecurity experts and scales your team’s capacity to deal with threats.

White Tuque

White Tuque

A new way to protect your organization. White Tuque is your partner in identifying threats, understanding your risk, and ensuring your business remains resilient.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.