Cyber Insurance - Protect your organization
Cyber attacks are organizational risks that businesses can be exposed to with just an errant click of a mouse.
Whether your organization is a multinational corporation, a sole proprietorship operating out of your home or a non-profit that uses online tools to support fundraising activities, its operations are susceptible to online attacks from hackers and other criminals lurking online. A corporate website that does not meet best practices for information security could not only compromise proprietary data and information about the company’s clients, it could expose the organization to liability for not protecting its data.
Simply publishing content that contains specific personal or organizational details online can open the door to a multitude of potential exposures such as:
- Electronic security breaches involving the personal and/or commercial information of clients, employees, volunteers, members, suppliers and/or stakeholders.
Organizations should also take special care in securing mobile devices that contain client, employee, volunteer and/or member data. The use of stolen smartphones, laptops, USB flash drives and tablets can provide access to your network when in the wrong hands.
Speciality insurance coverage for cyber risks is relatively new and continually evovling. However, the threats to organizations and the possibility of legal action against them is a reality that business owners should consider.
We live in a time when many organizations do all of their activities electronically, and the majority of their assets are in the data they collect. There have been several high-profile personal information breaches that have compromised tens of millions of records and cost the affected companies millions of dollars.
Organizations that rely on an online presence and use e-commerce as a distribution method or have employees who carry electronics that hold customers’ personal or commercial information should contact their insurance representatives, who can help them find coverage to best protect themselves.
Six questions to consider when buying cyber insurance
- How many records containing personal information does your organization retain or have access to?
- How many records containing sensitive commercial information does your organization retain or have access to?
- What security controls can you put in place to reduce risk of having your system compromised
- Do all portable media and computing devices need to be encrypted?
- What about unencrypted media in the care, custody or control of your third-party service providers?
- Could you make a claim if you were unable to detect an intrusion until several months or years had passed?
Types of cyber attacks
Criminal hackers are devising new techniques all the time to attack organizations. Here are a few of the most common methods.
- Denial of service attack: The hacker floods a website with more traffic than it was built to handle, making it impossible for legitimate visitors to access the site.
- Phishing: An attacker pretends to represent a trusted organization to trick a user into taking an action (such as opening a malicious attachment or clicking on a bogus link) that he or she would normally not take.
- Malware: Harmful software takes control of a machine, monitors user actions and keystrokes, and/or sends confidential data from the infected computer or network to the attacker’s home base.
- Ransomware: This software encrypts files to prevent users from accessing them and then demands payment for their safe recovery. These attacks can occur after clicking on a phishing link or visiting a compromised website.
- Spoofing: A cyber criminal impersonates another user or device to attack network hosts, steal information, spread malware or bypass access controls.
- Brute force: The attacker attempts to decode encrypted data by trying as many password combinations as possible, as quickly as possible.
What can cyber insurance cover?
- Regulatory defence expenses: Civil fines incurred in responding to a regulatory proceeding resulting from a privacy or network security breach
- Legal and civil damages: The cost of legal representation and possible damages related to a privacy or network security breach
- Security breach remediation and notification expenses: The costs to notify affected parties and manage a privacy incident
- Crisis management expenses: Public relations expenses to manage the damage to your organization’s reputation
- Forensic investigations expenses: The costs of hiring a breach response firm
- Computer program and electronic data restoration expenses: Expenses to restore or recover damaged or corrupted data caused by a breach, denial-of-service attack or ransomware
- E-commerce extortion and reward payments coverage: Pays for the cost of a professional negotiator and potential ransom payments to the person or organization extorting you or your organization
- Business interruption and additional expenses: Income your business loses and the costs it incurs due to an interruption in services