A MASSIVE INCREASE IN CYBERCRIME CLAIMS IS CHANGING THINGS
According to this recent article, claims paid by insurance companies for cybercrimes skyrocketed from 47 cents per premium dollar to 73 cents in 2021.
Think about that for a moment. Imagine your business sold a product that you made 53 cents per dollar in sales of that product. In one year that margin dropped to 27 cents per dollar sold.
What would you do? Stop selling that product? Increase your price for it?
If you carry a cyber liability policy for your business, you have likely already seen the impact this is having on your rates.
By the way, if you don’t carry a cyber liability policy for your business, you are asking for big trouble. More on that in a minute.
COMMON CAUSES OF CYBER LIABILITY CLAIMS
Very few people spend time thinking about cybercrime. We have all seen the headlines about big corporations having their systems hacked and their data stolen.
Do you even pay attention to those stories anymore?
I get it. These incidents rarely ever have a direct impact on you. Because of this, we are callous to the threat of cybercrime. This mindset is now getting businesses in deep trouble.
The most common and damaging types of cybercrime attacks on businesses:
- Business Email Compromise – Example: A cybercriminal gains access to a company email account and redirects payments to themselves.
- Ransomware – A form of malware that encrypts data so it is inaccessible/unusable. A ransom is then demanded to get that data released.
- Data Theft – Example: Information is stolen to be resold to other criminals. This can be passwords, private company information, personal information, etc.
WHAT IS CAUSING SUCH DRAMATIC INCREASES?
- Cybercrime is a lucrative business – Reportedly generating nearly 7 billion dollars in income for the crooks in 2021.
- Ransom demands are way up – According to The Harvard Business Review, the average amount demanded in a ransomware attack shot up 82% from 2020 to 2021.
- Ransomware incidents are common – 1 in 6 businesses reported a Ransomware attack last year, and about half of them ended up paying the ransom to recover their systems.
- Businesses (or insurance companies) are paying – The average ransom paid in 2021 was $570,000!
Remember me saying that you are asking for trouble if you don’t carry cyber liability insurance on your business?
Let this sink in…
The average loss from a bank robbery is $3,000. By comparison, the average loss in a successful Business Email Compromise attack is $130,000.
HOW TO PROTECT YOUR BUSINESS FROM CYBERCRIME LOSSES
Providers of Cyber Liability Insurance are beginning to require that businesses implement specific cybersecurity strategies before they will issue a policy.
These often include:
- Multi-factor Authentication – Adding an additional means, beyond a password, to prove your identity when logging into applications like email or VPN access clients.
- Email Filtering – Basic Spam filters are not enough to detect and block the harmful links and attachments that are used in cyber-attacks.
- Secured, Encrypted, and Tested Back-ups – Secure back-up systems are the best defense against ransomware.
- Endpoint Threat Detection and Response – This system identifies suspicious activity and stops it before it does damage.
- Patch and Vulnerability Management – Security holes in software can be exploited and lead to all sorts of damage from cyber-attacks.
- Security Awareness Training – Humans are the last line of defense against cyber-attacks. They need training to recognize a threat when they see one.
- Privileged Access Management – Giving administrative rights and access to too many users increases the likelihood of the spread of bad stuff like ransomware.
- Updated Anti-Virus Software – “Updated” is the key to this. New viruses are created every day so anti-virus software that is not updated constantly quickly becomes weakened.
- Licensed and Managed Firewalls – Just like anti-virus, new ways to get past a firewall and into your business network are always being developed. Therefore, a licensed firewall is designed to keep your firewall equipped to defend against the latest threats.
- Cyber Incident Response Planning – Does your staff know what to do if they suspect a cyber-attack?
- Replacing End-of-Life Systems – Unsupported software like operating systems, office applications, and even services that run in the background that are no longer supported will likely have security holes.
- Company Information Security Policies – These can range from how you share information to processes for making large financial transactions.
Most insurance companies will not require all these security systems before they will issue a cyber liability insurance policy. However, keep in mind that the industry is changing rapidly. It is likely that the requirements will include more of these strategies in the future.
Consider the steps you have taken to strengthen the physical security of your business like:
- Putting locks on the doors
- Having fire extinguishers in place
- Implementing policies against drug and alcohol use in the business
It only makes sense to strengthen your cybersecurity as well. It is by far the greatest financial risk to business today.
THE THREAT IS CONSTANT
As noted above, there are new threats in development all the time. There is no one-and-done way to keep your business’s cyber security strong.
Cybercriminals are active adversaries, constantly adapting their tactics, techniques, and procedures to cause harm.
Because of this, you must take an ongoing, active approach to cyber security to effectively protect your business.
HELP IS AVAILABLE
If the idea of implementing all these cybersecurity strategies in your business is overwhelming to you, talk with RSPN today.
We will help you build a strategy to protect your business under a single monthly plan.