We hear it all the time. “I think my IT company protects me” or “That only happens to the big corporations. I’m not a target”. Business owners across the country are either too confident that their company is protected or convinced that they could never be a subject to a cyber attack because they are too small. The fact is, if you work or house data on a computer, you are a target in today’s cyber world.
According to one of our cyber underwriting partners that we use for many of our current clients, 55% of all ransomware attacks in 2020 were on businesses with less than 100 employees. Small to medium sized businesses are seen as easy targets due to their perceived lack of cybersecurity in place and the top 2 claims that arise from these attacks are Ransomware and Social Engineering.
Ransomware is what you think of when you think of hacking. It’s a form of malware that renders the files and systems of the victim unusable. Social Engineering is a little trickier. In the context of cybersecurity, Social Engineering is the manipulation of people to perform certain acts and give up confidential information. An example of this is a phishing email where the attacker easily poses as a trusted person to initiate a wire transfer to a third party, whereas the third party is the attacker, in this case.
These types of attacks are only increasing and growing at an exponential rate. The FBI’s 2020 Internet Crime Report says that attacks have increased more than 900% since 2018. The threat is clear and present, and many businesses are completely exposed either with Cyber Insurance that doesn’t cover what they think it covers or with no Cyber Insurance at all.
At McGowan Insurance Group, providing comprehensive Cyber policies is one of our core focuses. We strive to educate potential and current clients about the dangers of the absence of coverage and the protections of putting a program in place. That education includes the fact that these types of risks are typically excluded from a traditional General Liability policy. The Cyber Insurance policy is a one-of-a-kind form of coverage and there are 3 main components that are critical to understand:
· First-Party Coverage: This is insurance for losses such as data destruction, theft, hacking, extortion, etc. Included would be most expenses incurred to remediate a breach such as breach coaching, forensics, credit monitoring, etc.
· Third-Party Coverage: This is liability coverage for losses caused to others by your own negligence, defamation, etc. This piece refers specifically to financial or economic damages of others.
· Risk Mitigation Services: These are ancillary services typically provided by the Cyber Insurance company and can include 24/7 Dark Web monitoring, employee trainings, pre/post-incident response teams, trained negotiators, etc. These services can vary by company and is something that McGowan looks at deeply. These services can bring extreme value in decreasing your liability and payment or preventing the incident altogether.
Even with the most robust Cyber policy, the threat of attack remains and there are a plethora of things you can do to enhance your security. Most Cyber Insurance providers are now requiring MFA (Multi-FactorAuthentication) to obtain a quote for Cyber Insurance. Many providers will also perform regular security-audits to ensure that your systems and data are well protected.
Other criteria that insurance providers look for:
· Do you train your employees to detect social engineering and phishing scams?
· Do you have a formal cyber security recovery plan in place?
· Do you maintain daily offline backups of all critical data?
· Who has the authorization to initiation funds or securities transfers?
· Do you use a separate communication channel for verification prior to initiating an electronic financial transaction with customers, clients, or vendors?
The Cyber threat is real and increasing every day. McGowan Insurance Group has the expertise and access to quality programs to protect your business and data as well as the tools to assist in creating the criteria above. Make sure you aren’t the next business in the news that suffered a CyberAttack that hadn’t invested in Cyber Insurance. It may very well save your company.
Contact McGowan Insurance Group to secure a cyber quote.