Fortify Your Cyber Resilience
Cyber and privacy insurance, once thought to be designed for large corporations or niche businesses (such as tech companies) that specifically deal with a lot of data, is must-have coverage today for all types of firms – small, mid-size, and large. Over the last several years, cyberattacks have increased significantly. From malware to phishing, Distributed Denial of Service Attacks (DDOS), and ransomware, businesses of all sizes are vulnerable to the increasingly sophisticated methods being utilized by criminals and hackers to gain access to valuable data and disrupt operations for profit. In addition, with more people working remotely post-2020, the FBI reports that cybercriminals have quadrupled the number of cyberattacks they use to disrupt online activities.
Ransomware, phishing on the rise
The frequency of ransomware attacks has dramatically increased this year with more than 93% attacks being carried out so far in 2021 over last year. Ransomware is a form of malware that encrypts a victim's files or network. The attacker then demands a ransom from the victim to restore access to the data. Payment is typically in the form of cryptocurrency. Today, not only do cyberattackers hold your data for ransomware and threaten to release it unless a payment is made, they also target an organization’s customers, vendors, or business partners in the same way.
There are several ways to access a computer for ransomware. One of the most common delivery systems is a phishing spam. This is when an email with an attachment is sent to the target, masquerading as a file the individual should trust. Once the email and attachment is downloaded and opened, the cybercriminal can take over the target’s computer, especially if there are built-in social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware exploit security holes to infect computers without needing to trick users.
Other types of cyberattacks
Fraudsters also use business email compromise – messages that appear to come from trusted sources – to scam the target into making a fraudulent wire transfer or payment. For example, a cybercriminal may pose as a vendor that a company regularly deals with and send an invoice with an updated mailing address.
The fallout from a cyberattack
A cyberattack can be quite costly for a business that goes without insurance coverage. There is the cost to determine the extent of the attack and how it occurred in the first place (forensics). There is also the cost to notify all those affected by the data breach. If it’s a data breach where confidential employee, customer, and/or vendor information was compromised, each individual must be notified. Notification regulations differ in each state. A business may also have to pay for credit-monitoring services. Depending on the industry, regulatory fines may apply. An organization will also have to spend the money to restore the network security. The cyberattack may have caused operational disruption and loss of income. Then, of course, there is the crisis management involved in handling the incident and to restore consumers’ confidence in the organization.
Protecting your business: what does cyber liability insurance cover?
Cyber and privacy insurance can be designed to provide you with several key coverages, including:
- Network and Information Security Liability: This coverage applies if there is a privacy/data breach such as the loss or theft, or unauthorized access to or disclosure of, confidential information. Personally identifiable information includes names, addresses, Social Security numbers, credit card numbers, and medical information, which put you at risk of violating privacy laws or a data breach.
- Communication and Media Liability: Provides coverage for liability claims arising from unauthorized use of copyright, title, slogan, trademarks, etc., violation of right of privacy, defamation, libel, slander, misappropriation of ideas under an implied contract.
- Regulatory Defense Expenses: Provides coverage for legal defense fees as a result of a regulatory proceeding against the business.
- Crisis Management & Event Expense: Provides the cost for PR to help mitigate or prevent the fallout from a cyber event.
- Security Breach Remediation & Notification Expenses: Pays to restore or recover damaged or destroyed computer systems, software, and/or data within a computer system that is lost due to a covered cyberattack.
- Computer Fraud:Provides coverage for loss of money, securities, or other property due to unauthorized system access.
- Funds Transfer Fraud: Coverage is available for loss of money or securities due to fraudulent transfer instructions to a financial institution.
- Social Engineering Fraud: Provides coverage for loss of money or securities due to transferring funds as a result of a phishing scam, for example.
- E-Commerce Extortion/Cyber Extortion: Coverage is available for ransom and related costs associated with responding to threats made to attack a system or to disclose confidential information.
- Business Interruption/Additional Expenses: Provides coverage for loss of income and extra expenses as a result of a covered cyberattack or system failure that interrupts business operations.
As with all insurance policies, it’s important to review the insurance coverages provided along with any exclusions that may apply. It's also important to remember that general liability insurance typically does not cover cyber.
What does cyber and privacy insurance cost?
Cyber and privacy insurance costs have risen over the last few years, driven mostly by the rise in the frequency of and severity of ransomware attacks. For U.S. companies that opted to pay a ransom in the first quarter of 2021, the average payment was up more than 400% from FY2019. The average cost of ransomware remediation has also increased, rising to US$1.85 million this year from US$700,000 in 2020. These types of losses are driving up premiums for both small business and large entities. But even so: a cyber insurance policy with $1 million in limits can be purchased for $6,400 (depending on the risk) – worth every penny to protect against cyber risk.
Why choose VANTREO for cyber insurance?
The VANTREO team brings the cyber and privacy expertise needed to help protect both your organization and its people. Not only can we provide you with a customized insurance policy to respond should a cyber loss occur, such as data breaches, ransomware, and other types of attacks, we will also help you to reduce and mitigate your exposure with preventative practices and measures. We partner with carriers who provide cybersecurity coaching, risk management, and other tools to manage cyber risks pre- and post-breach.
Every business today should be carrying cyber insurance. We’re available to evaluate your current coverage and provide solutions on where you can improve your insurance program. If you don’t already have coverage, now’s the time to purchase it.
Discover the VANTREO difference.