Cyber Security Insurance

Posted by David McLeish on Nov 22, 2018 10:15:20 AM

 

shutterstock_1069246475

 

IS YOUR SMALL BUSINESS DATA SECURE? DON’T WAIT TO FIND OUT.

On the back of several high-profile data breaches in recent years, Cybersecurity is increasingly top of mind for executives as well as customers. Hackers are targeting organizations of all sizes with increasing sophistication and persistence. As the risk grows, what is being done?

Experts Say: Not Enough.

Criminal networks are devoting an increasing proportion of their time and attention to Cybercrime because it’s easier and more lucrative than more traditional types of crime, and harder to get caught. Worryingly, businesses seem to be inclined to take a reactive rather than proactive approach.

While 99.8% of Canadian companies fall into the category of small or medium-sized businesses (SMBs), and 43% of Cyberattacks specifically target them, 90% do not have cyber insurance. Costs per incident run from the tens of thousands of dollars in smaller companies, to millions for larger, better-known organizations. Recent research into the topic of Cybersecurity has highlighted the need for improved focus on personnel training and specialized IT staff.

Small businesses spend comparatively less on Cybersecurity, and the impact of Cybercrime on them tends to be more severe when it does happen: many small businesses which have been hacked go out of business shortly after (estimated at 60%) because they are simply unable to deal with the financial and reputational cost.

Typically, an organization’s Cybersecurity budget is a proportion of their IT budget (often around 10%). Most organizations spend more on Cybersecurity after an attack, but mostly on technology such as firewalls and anti-malware software rather than personnel training and governance. Larger organizations seem to take the problem more seriously, but they also tend to be more frequent targets of attacks due to the bigger payoff.

While important, technological safeguards do not address the entire spectrum of cyber risk. Phishing attacks are becoming increasingly sophisticated, and tend to target front-line employees who may be unprepared if they have not received appropriate Cybersecurity training. Employee access to data is itself a risk that organizations need to actively manage: for example, a USB flash drive left in the open with sensitive data on it can present a golden opportunity to the unscrupulous.

Failure to safeguard against Cyberattacks can injure more than just a company’s financial position; the very survival of an organization can be threatened. A successful Cybersecurity strategy will involve adequate spending on training, governance and internal processes to reduce risk as well as technology, and a comprehensive insurance plan to address risks which cannot be adequately reduced or managed.

What Can Be Done?

Front Row Insurance offers a solution called Hackinsure which is designed to provide additional protection for your business against emerging threats in the area of Cybersecurity.

Hackinsure includes:

  1. Third-party cyber liability, which put simply covers you against lawsuits from third parties due to a Cyberattack on your business,
  2. First-party cyber liability, which covers the cost of actions taken to “make right” a Cyberattack for your customers—things such as notifying clients, purchasing credit monitoring services for affected parties, and PR efforts related to the attack.
  3. Data Breach coverage, which protects against destruction or loss of digital data resulting from a criminal or fraudulent cyber event.
  4. Extortion & Ransomware, which covers costs associated with investigating threats of Cyberattack, and payments to those who threaten to obtain and disclose sensitive information.
  5. Business Interruption: Provides coverage for lost income which is due to a Cyberattack or data loss event.

In this technological age, no business is immune to Cybersecurity risks, and the costs of a breach can be crippling. Hackinsure policies from Front Row begin at $300. Contact us today.

Tags: Cyber Incident, cyber event, Fraudlent cyber event, Comprehensive Cyber Liability, cyber insident, cyber crime, cyber security, cyber attacks, cyber attack insurance, cyber risk, online cyber coverage, Cyber Insurance Canada, Canadian Cyber Insurance, Cyber Insurance, Front row Cyber Insurance, buy cyber insurance online, cyber liability

cyber crime insurance for non-profits

Posted by Casey Budden on Nov 12, 2018 5:36:15 PM

shutterstock_420743554

Information Superhighway Robbery? It Pays to be Prepared.

The Internet may be the Wild West, but these days criminals don’t arrive on horseback and tell you to stick ‘em up; it’s more likely that your vulnerable systems containing customer payment data or money will be their target. Why? Because for criminals, they’re easier to hit, the risk of detection is lower, and potential profits are much higher. Thieves can grab your money or customer data and ride off into the sunset before anyone even knows anything’s happened. What’s worse, a data breach or cyberattack can potentially have ramifications that extend far beyond simple economic loss: loss of reputation, inability to continue operations, and identity theft. As a non-profit, you may feel that your organization is not a target for cybercrime, but charitable institutions are no less exposed to these most modern of risks than any other type of organization. Here are some things to consider.

  • “Our website is not commercial.” Even if you’re not set up to take donations or collect membership dues online, you may still have exposures to risk. For example, many organizations do their own web design or have it done by volunteers. Images and music inadvertently used without permission can give rise to claims of copyright infringement. Due to their often unsupervised nature, discussions on chat rooms and message boards can result in controversy which can result in claims for personal injury and defamation of character. Typical general liability policies available from commercial insurers do not cover these sorts of risks, so even if your organization already has a commercial policy, you may not be protected.
  • “We don’t keep sensitive client data.” In fact, organizations often fail to recognize what data truly qualifies as sensitive (it’s broader than you think). Identity thieves are very interested in gaining access to client information such as phone numbers, email addresses, driver’s license information—in short, much of the same data that charitable organizations have on file.
  • “We only store our data in paper files.” Obviously, paper files can still be stolen. While there is specialized coverage available out there, most commonly available insurance policies don’t automatically cover data loss or loss of important papers.
  • “Our computers are only used for email.” Generally, what hackers are looking for when assessing a potential target is twofold: the vulnerability of the target and the potential payoff of a successful attack. Any point of entry into the organization’s computer system is a potential vulnerability, and one of the easiest points of entry is email. These “Phishing” attacks attempt to gain access to secure systems by impersonating trusted third parties in email messages and tricking employees into divulging passwords or other sensitive data in their reply. Phishing attacks have a high rate of success because the target, the front-line employee, may not have had cybersecurity training, may not recognize a specific communication as a phishing attack even when it is, and may not know how to adequately deal with the threat in time even in the event that they are able to recognize it. Municipalities are often targeted by these sorts of attacks.
  • “We have no website or social media.” Even if your organization has no digital footprint, there are still vulnerabilities. An employee or volunteer might open a malicious email attachment, or visit an infected website accidentally. It’s not unusual for organizations to be hit with “ransomware” attacks which lock down affected computers. Thieves then demand a specific sum in exchange for unlocking them, or threaten to release damaging information if the money is not paid.
  • “We’re too small. They wouldn’t be interested in us.” In fact, hackers tend to have an array of potential targets in mind, which they choose based on a number of factors—for example, the target’s level of preparedness, size, potential payoff, and geographic location. Large, well-known organizations may promise a bigger potential score, but as they also tend to train employees better and have more sophisticated systems in place to protect themselves, they pose a harder target. A hacker might want to add a string of low-risk, reliable scores from smaller organizations such as yours to diversify their portfolio (so to speak).

As we’ve attempted to show, all organizations which use digital technology or handle customer data can be vulnerable to cybercrime.

Our Hackinsure policy offers protection against emerging cyberthreats, with a basic policy starting at $300 looking something like this (higher limits are available).

If you think your organization might benefit from the extra peace of mind offered by Hackinsure, please contact us.

Tags: robbery, superhighway robbery, nonprofit, Cyber Incident, cyber event, Comprehensive Cyber Liability, Fraudlent cyber event, cyber insident, cyber crime, cyber security, cyber attacks

Recent Posts

Posts by Topic

see all