DIG Insurance & Business Magazine Spring 2023 | Page 30

CYBERSECURITY

What If An Employee Clicks On A Dangerous Link ?

Cyberattacks Are On The Rise , And Online Criminals Are Crafting Complex Digital Heists . Here ’ s How To Protect Your Business , Clients , And Reputation .
BY : BRITTANY MEADOWS , MBA , CLCS CLIENT ADVISOR

Cybercriminals are getting more sophisticated with strategies to steal data , capture personally identifiable information , and hack into your systems . In some cases , the tactics are evolving faster than security tools and measures to prevent attacks .

The evolution of cybercrime has given way to a new tactic known as triple extortion ransomware . In a triple extortion attack , a cyber thief demands payment not only from the compromised company , but also those who could be negatively impacted by the disclosure of the stolen data . Social engineering cases are evolving every day , outwitting even the most detail-oriented and tuned-in employees . Social engineering involves “ bad actors ” tricking you into giving out sensitive data over the phone or by clicking a link in an email . They go to extreme lengths to make their ploys believable , including hacking systems to tailor phone calls and emails based on your past purchases or internet browsing history .
With increasing and more frequent threats comes higher cyber insurance rates and coverage restrictions . ( Read more about the Hard Market on page 8 .) Then there ’ s the financial damage that businesses and those who are compromised suffer . The average cost of a malware attack is $ 1.5 million according to the World Economic Forum , and ransomware attacks are steeper . In 2018 , the City of Atlanta received a ransomware demand for $ 51,000 in bitcoin and spent $ 17 million in actual recovery costs .
We know that insurance does not prevent cyberattacks , and employee education and security are paramount for preventing incidents . But without a cyber policy , you could be on the hook for a staggering out-ofpocket expense . Be prepared by asking some important what-ifs related to cybercriminal acts and the protection you need .
WHAT IF I HAVE A CYBER POLICY IN PLACE ?
A cyber insurance policy won ’ t stop cybercriminals , but it will afford you 24 / 7 support , forensic support , and potential business income loss . Generally , these policies help with legal fees and expenses , notifying customers about a data breach , restoring the personal identities of compromised individuals , recovering data , and repairing computer systems . But every policy is a little different , so make sure you are working with an agent who understands your business .
Talk to your insurance advisor about what is included in an existing cyber policy if you have one . Because of the dynamic IT and cybersecurity landscape and high-cost claims , policies are ever-evolving , too . For example , some do not provide coverage for social engineering attacks because those are considered first-party crimes . And keep in mind , your general liability policy typically excludes cyber incidents .
WHAT IF MY BUSINESS HAS REMOTE WORKERS ?
With more employees working hybrid schedules or based at home , this creates opportunities for cyber thieves to hack into networks . Even using a Virtual Private Network ( VPN ) may not protect you from an attack . We recommend consulting with an IT professional if you do not have an in-house IT department as well as working your what-if strategies into your business continuity plan .
Whether your workforce is remote or hybrid , education and awareness are just as important as implementing security measures . Clicking on one bad link can take down a business . All it takes is one employee on an off day — one team member who is distracted or in a hurry .
It can happen to any of us . So hold regular trainings to share the latest cyber tactics and put internet safety communications on repeat .
WHAT IF I WANT TO GET THE MOST COMPETITIVE RATE FOR CYBER INSURANCE ?
This should be a question you ask for every insurance policy . Today , to secure cyber coverage , you need more security measures in place than ever before . There are tighter underwriting restrictions and carriers are requiring businesses to meet a detailed set of guidelines that go beyond having multifactor authentication ( MFA ) in place . We advise clients who do not have in-house IT departments to consult with a professional — we can provide referrals . That way , you can be sure you have the necessary security framework in place and demonstrate to carriers you ’ re serious about cybersecurity .
There is no “ one size fits all ” cyber policy , but we ’ ll develop a plan that fits your unique business model . Whether you need a standalone cyber policy or crime policy , you can Be Sure you ’ re protected . Let ’ s talk about it . +
Ask The Questions
• Am I securely storing my clients ’ personally identifiable information and financial information ?
• Is the process for responding to a cyberattack included in my business continuity plan ?
• Can I afford to self-insure even one attack ?
Brittany Meadows joined Deeley Insurance Group in 2019 and is a third-generation insurance agent . She enjoys spending time with family and being outside . 410.213.5633 • bmeadows @ deeleyinsurance . com
30