Keeping up with Technology: The Importance of Cyber Insurance

Keeping up with Technology: The Importance of Cyber Insurance

By Sara Ametrano

 

The more we rely on technology in both our professional and personal lives, the more at risk we, as individuals and companies, are to be targeted by hackers.

Cyber-attacks can come in a variety of forms and steal all kinds of information if successful. Through panel discussions and presentations, April’s NetDiligence conference explored what the evolving nature of cyber can mean for the specialty insurance industry.

A peril:

When cyber coverage first emerged, it centered around liability. As time passed, the cyber risk area expanded, and it included possible scenarios such as social engineering and extortion. And today, clients are at a higher risk than ever before.

Where property and casualty policies are created based on hundreds of years’ worth of information, cyber threats are new in comparison. Creating a sustainable cyber policy plan is proving to be a challenge for underwriters today due to the lack of data available and the ever-evolving nature of the industry.

Ransomware:

One of the cyber areas seeing an increase in attack frequency and severity is ransomware. Beazley Breach Response Services reported that, in 2018, average ransomware demands were $116,000, compared to $15,000 just the year before. The report also revealed that the main targets of ransomware attacks are small to medium-sized business, absorbing 71% of the crimes.

These numbers stress the importance of the need of expertise in the field. Hackers have sharpened their skills to learn their target’s financial position so that they may determine the sum they will demand.

Silent cyber:

Where standalone cyber coverage does not exist, cyber and data breaches may fall under other policies, unbeknownst to insurers. This is what the industry refers to as “silent cyber.” Companies might not take these types of exposures into consideration, which can potentially expose their other policies that do not specifically exclude cyber/data breaches. At a glance, only 10% of silent cyber situations are clearly priced and defined, 40% have definitions but are not priced and the remaining 50% are neither defined nor priced.

So, now what?

The growing nature of technology and lack of data surrounding cyber makes it difficult to create a plan in the event an attack occurs. The conference provided tips on how to mitigate risk and minimize the confusion non-affirmative risk management can bring:

  • Analyze policy language and claims;
  • Collaborate with ethical hackers (the good guys) to better understand the motives behind these attacks and how they might appear in different scenarios;
  • Continue to update policy wording as need be.

 

 

If you have any questions or would like to request a quote, please contact Trisura’s underwriting specialists.

Is your business protected against fraud?

Is your business protected against fraud?

By Sara Ametrano

 

Fraud isn’t a crime that only targets individuals. Some scammers set their sights on businesses. Is yours prepared for a potential attack?

Is your business protected against fraud?As technology continues to evolve and our reliance on it grows, so does our vulnerability to being hacked. In fact, the FBI reports that there are roughly 4000 cyber-attack attempts in the US every day.

On a global scale, 2018 saw the creation of 245 million new viruses, with over 680,000 created each day. The Ponemom Institute reported that 54 per cent of companies experienced one or more successful attack last year. The year before, the Canadian economy took a hit of 3.1 billion, as recorded by the Canadian Chamber of Commerce.

To truly grasp the magnitude of cyber fraud, Trisura Guarantee spoke with IT Weapons’ director of marketing and communications, Jeremy MacBean.

We asked MacBean what the most common error leading to these costly attacks is. “It’s in between the keyboard and chair – the people,” he revealed. “User awareness is the primary threat vector. That represents the biggest risks. It’s safe to say the majority of cyber-attacks begin with people clicking things they shouldn’t.”

Let’s take a look at some of the main types of scams that can impact businesses:

 

CEO scams:

Who’s at risk? Employees who work closely with a CEO or whose jobs include financial responsibilities are most at risk.

In this type of scam, someone is impersonating the CEO through email. These messages typically have a sense of urgency to them and are labelled “confidential.”

A CEO scam can cost businesses anywhere from tens of thousands to millions of dollars.

 

Business scams:

Who’s at risk? Company size doesn’t matter; any organization can find itself on the receiving end of a potential scam.

For these scams, there are a few different approaches the fraudster can take.

Directory: Here, the attacker sends your company a proposal for an advertising opportunity. First, the fraudster gathers the details needed to execute the crime. Then, he or she sends an invoice to the accounting department, who are unaware that the service was never approved.

Health and safety products: In this type of scam, you may receive a telephone call from the scammer. He or she impersonates a government official, informing you to quickly update your first-aid kits and health and safety training.

Office supplies: For this scam, the attacker will send over items the company didn’t order and then bill the business for them.

 

Phishing and smishing scams:

Who’s at risk? All employees. Phishing emails and smishing text messages appear to be sent from an authorized organization. They often use a similar tone and the logo of organizations you trust to trick you into providing personal information.

Fraud is an ongoing issue with new cyber viruses created and spreading daily, and different angles for attack. MacBean offers some helpful tips for individuals and businesses to protect themselves and their company as much as possible:

 

Individual:
  • Identifying the sender of an email is critical. To do this, hover your mouse over an email or URL to see what it links to;
  • Think before you click;
  • Do not click any attachments;
  • Installing antivirus and antimalware can help pre-scan.
Businesses:
  • Regular user awareness training;
  • Regularly reminding staff to be vigilant;
  • Regular training and possibly issuing a test phishing email quarterly or bi-annually.

 

To learn more about protecting your business against cyber fraud, click here.