Cowritten by Roger Kirtley and Jason Bowie
Businesses are faced with liability exposures every day. A growing threat to the overall health of small and medium sized businesses is cyber liability. While conventional theory may be that large, big box stores and global brands would be the best target for cyber and privacy breaches, it is the SMB space that experiences 45% of cyber-attacks. With fewer resources than a large company, this presents a real and growing opportunity for cyber criminals.
The most common attacks impacting businesses are Ransomware and Funds Transfer Fraud. Ransomware is a specific type of malware that locks the files on your computers unless a ransom is paid. Typically, ransomware is downloaded via email attachments and can even be embedded in common documents. When the unsuspecting employee opens the attachment, malware encrypts the user’s files and replaces them with ransom notes. Ransomware events have increased 232% since 2020 and payouts often exceed six figures.
Funds transfer fraud is another common cybercrime where an attacker redirects funds before or during a transfer. This is typically accomplished through social engineering techniques, sometimes stemming from email spoofing or business email compromise. In addition to redirecting funds handled by your employees, attackers will often take advantage of your reputation and relationships to convince your customers or vendors to send them money.
Both claim types are not traditionally covered by a general liability or professional liability insurance policy. Stand-alone cyber liability insurance is a useful tool in safeguarding your business from these emerging risks. Having an active insurance policy that provides network/privacy liability coverage, including sub limits for ransomware and social engineering claims, is paramount to protecting your business. Recent trends from insurance carriers and cyber insurance programs have put a focus on providing businesses with cyber risk assessments to understand the current vulnerabilities along with recommended fixes. In some instances, ongoing threat assessment can be included as a policy benefit.
Here are a few tips in addressing your cyber risk posture:
- Implement Multi-Factor Authentication (MFA) – MFA immediately increases your cyber security by requiring multiple forms of verification to prove identity when signing into an application.
- Maintain Good Data Backups – A good data backup can mean the difference between a full loss in a Ransomware Event and a full recovery. To best protect your business, you’ll need to develop a strategy tailored to your business and make sure it is properly implemented.
- Use A Password Manager – Passwords grant access to the most private information your company deems critical. Unfortunately, hackers have mastered the art of stealing password credentials using sophisticated software of phishing attempts. While it may feel daunting to worry about the length, strength and update frequency of your company passwords, it is necessary. A password manager can help track multiple passwords and generate new ones at random. They are essentially an encrypted vault for storing passwords
- Implement A Security Awareness Training Program – If you ask any IT security professional who is responsible for cyber security, they will probably say, “everyone, including executives, employees, and vendors, is responsible for the overall cyber health of a business.” Proper mitigation of cyber risk isn’t accomplished by one small team. It requires a deliberate culture of cyber risk awareness and preparedness that holds everyone accountable.
- Purchase Cyber Insurance! – This may be the most impactful of all. Having a risk transfer mechanism to not only bears the cost of a breach but also identifies vulnerabilities and prevents future breaches is paramount to achieving a comprehensive risk management program.
As reliance on technology continues to increase, new exposures continue to emerge. As your business grows, make sure your cyber liability coverage grows with it. Seek the advice of a trained professional who can help you analyze your needs and make the right coverage decisions to protect your business from unnecessary risk.
Pro Risk Group is a specialist in providing professional liability and cyber liability insurance solutions. Jason has been providing tailored insurance solutions to businesses for 15 years with exclusive focus on E&O, D&O and Cyber Liability. As a designated cyber professional liability practitioner, Jason can leverage his industry experience along with longstanding carrier partnerships, to bring the best insurance solutions to current and prospective clients.