Can Cybercrime Sink Your Business?

The business environment is roiling with data breach threats on the heavily pirated cyber seas. From hackers to coding failures to government regulations, your company faces dire financial straits if you don’t have the right protection against the ever-evolving risks to your digital data and operations. Know the most common attacks, the best practices to avert an attack, and the most reliable means of recovery.

Common Cyberattacks

Cyberattacks can take many forms. Some target large corporations and government organizations, while others focus on individuals and smaller businesses. Some seek data; others take down your operational systems or use cracks in your structure to invade your partners’ networks.

Ransomware

A hacker group gains access to your computer system and locks it. They demand a ransom payment (often in bitcoin, a cryptocurrency that can be extremely difficult to track) to release the data back to you.

Some cyber liability policies help with ransom demands, but make sure you’re clear on the policy language.

Wiperware

This code burrows into computer systems and completely (sometimes permanently) deletes everything it finds, rendering computer systems unbootable. How would you deal with a total loss of your software and data stores? Do you have access to backup systems so your business can recover quickly? Are those backups hardened against wiper viruses? 

These are just a few questions to address in your business cyber incident response plan. The good news is many cyber liability policies help with data restoration if you’re wiped out.

Malware

This attack is activated by clicking on a pop-up ad or link that unleashes a virus into the computer browser. It can infiltrate a shared server, where it can gather personal information. Cyber liability insurance can’t keep you from clicking the link (that’s what your cyber incident response plan is for), but it can help you with ridding your system of the data.

Phishing

Emails and text messages are often forged so they appear to have been sent by a legitimate source, like a bank, government agency, friend or work superior. Phishing messages are designed to trick the recipient into surrendering personal information or clicking on links. Train your employees on how to recognize these scams. A good prevention program can help keep the hackers at bay, and it might reduce your cyber liability insurance rates.

Social engineering fraud

Line employees and managers who have access to funds or can authorize funds transfers are prime targets for ongoing attacks by scammers and hackers. Social engineering schemes present seemingly legitimate instructions from someone in authority to transfer funds or crucial company information. Often these messages look almost identical to those of the organization or person they are meant to mimic, and they convey a sense of urgency that inspires the victim to take action immediately. One error can cost a company thousands of dollars in direct losses and liability expenses. 

Cyber liability insurance helps out with replacing funds that are lost due to social engineering scams.

Depending on how deep the hack goes, you might have to worry about identity theft and spoofs. If a hacker hijacks your business email or social media account and starts sending questionable content, you might need to restore your public image or respond to lawsuits. Cyber insurance helps with that, too.

Company cybersecurity failures

Hackers aren't the only cause of cyber losses. Government regulations such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act pose serious compliance issues for companies. Collecting data, using cookies and sharing information are all potential sinkholes for businesses that don’t follow the rules — rules that are constantly evolving. Noncompliance can be very expensive.

Your own systems could be the source of serious losses at your company. This is especially concerning for companies that do in-house system control but may apply to outsourced work as well. Some cyber insurance policies cover first-party losses if a human or system error (or both) causes an unplanned outage of your network. Your insurance professional can explain this in more detail. Ask about coverage for physical damage and business interruption losses resulting from a cyber failure as well.

Prevention never ceases

Avoiding such attacks is a never-ending effort. Individuals and companies should practice “cyber hygiene.” 

• Keep assets clean and tidy by securing personal information with strong passwords, employing a high-quality firewall, and keeping an offline or cloud backup of all essential data.

• Use authentication verification software and identity controls.

• Create a cyber incident response plan that outlines how you will respond to a cyber breach. Include a dedicated team that will coordinate efforts to combat the attack.

• Install security updates and software patches promptly.

On a corporate level, strong security software is a good basic step. However, it's not infallible, especially if the software is old. After a cyberattack, it's often discovered that patches were available but the company didn’t update its systems or install fixes promptly. Either the network wasn’t capable of a software update or they didn’t have the staff to keep up with patches. Smaller businesses tend to have fewer resources to devote to cybersecurity and are increasingly victimized.

Backstop your losses with cyber insurance

Cyber (or data breach) insurance covers losses caused by a breach of privacy controls or network security failure. These policies can cover your company for first-party as well as third-party losses.

First-party and third-party coverage

First-party losses are those your company sustains directly. Policies may cover fees incurred in the notification process and costs to combat damage to your corporate reputation. Policies may also include recovery costs, physical damage to related systems and business income loss.

Third-party coverage helps with expenses associated with lawsuits, settlements and judgments against the company by those who claim to have been injured by the cybercrime. It may also help pay for your company’s response to the breach.

Social engineering and other fraud endorsements

You may be able to get endorsements that cover social engineering fraud, deception fraud and payment-instruction fraud. These endorsements can insure against the impersonation of those in a company’s supervisory chain, as well as phony representation of vendors, suppliers and clients. Often the endorsement’s payment for these losses is limited to a percentage of the total coverage offered by the primary policy (usually 25%). A maximum dollar amount is usually also stipulated. You may be required to implement certain risk management measures to demonstrate you are actively preventing such internal errors (such as employee training and an incident response plan).

A note on crime or employee theft insurance

Your insurance professional may also help you find relief in other noncyber policies. Corporate crime policies (crime or employee theft insurance) cover loss of cash, merchandise and property assets caused by theft, fraud or embezzlement. However, they often don’t include social engineering fraud losses, as there may be a clause in the crime policy that excludes information voluntarily surrendered by an employee.

Sail to your insurance agency for a quote

The importance of cyber insurance and endorsements to other pertinent coverages cannot be overstated. Even the best cybersecurity protocols can fail, especially in the turbulent and ever-changing world of cyber risk. Your insurance agent or broker can help you navigate the risky cyber seas. Having that financial backstop in place could keep your company from failing after an attack.