Introduction

Here’s what organizations need to know about the threat that cybercrime poses to their balance sheets and strategies they can use to protect their assets as criminals launch increasingly sophisticated attacks.

Why This Matter

More and more mid-size companies are looking to protect their assets against cyber-attacks. Most of these organizations are not aware of what can happen until it does happen, a network breach, a ransomware demand, business interruption, or social engineering event are often accompanied with unforeseen expenses that can bring a company to its knees or worse put them out of business. These expenses materialize in the form of lost income from interrupting business operations, hiring IT forensics and crisis management firms, and regulatory fines.

Carrying stand-alone Cyber Insurance transfers these potential risks and expenses to the Cyber Insurance carrier and reduces the financial burden of being un-insured or under-insured with the traditional packaged policy. Working with a Cyber Insurance Advocate ensures your organization has a partner that assesses all aspects of risk to include Breach Preparedness, Consultative Customized Policies, and Post Breach Representation.

Protect your company against the potential for seven figure plus financial losses – start your Free Cyber Risk Assessment today with Cyber Armada Insurance.

What We Can Predict

Last year, cybercrime generated $1.5 trillion in revenue. And 2020 will, without doubt, be even more profitable for the “companies” engaged in the cybercrime industry. Cyber threats morph almost daily, making risk management decisions tough to pin down and concrete predictions about the future an educated guess. Hackers focused on bringing down the IT infrastructures of entire cities with ransomware attacks one day could be phishing for personal financial information the next and then quickly setting their sights on a new denial-of-service attack right after that.

What we can predict is that as more cyber threats emerge in 2020, many—but not all—of them will be more sophisticated, nefarious than their predecessors and unstoppable by current security countermeasures. For as the Greek philosopher Heraclitus once famously said, “the only constant in life is change.” Knowing this, the cyber risk insurance strives to stay as up to date as possible with the newest threats and cover the organizations that could fall prey to these hazards.

For example, three years ago the highest ransomware demands were in the $10,000-$15,000 range. Today, that number has surpassed $1 million. That’s a giant leap, and a potential $1 million exposure for the targeted company.

Cyber criminals’ attacks are focused on financial gain. “Invoice manipulation,” for instance, attempts to dupe companies into sending false payments to suppliers. Invoices are altered to change bank account and routing numbers, sending payments to cybercriminals instead of a company’s vendor. These and other cybercrimes are happening on a daily basis, and they represent a major shift in the level of exposure that companies across all industries are dealing with right now.

Protecting Their Assets

To protect their assets, more and more companies are looking to standalone cyber insurance coverage. Not always aware of what can happen until it does happen, a network breach, a ransomware demand, business interruption, or a social engineering event (whereby hackers manipulate employees into divulging information that can be used to compromise an organization’s network), can all bring a company to its knees and even put it out of business.

The good news is that, along with having ample cyber insurance coverage, there are strategies that companies can use to reduce the risk of a cyberattack in 2020 (and beyond). Here are eight steps that all organizations can take to shield themselves and their customers, business partners, and employees from these ever-evolving risks:

1. Use disk encryption on all hard disks, or at least for the most sensitive data that your organization collects, generates, and stores. Password-protected disk encryption will put the walls up for criminals that want to gain access to your firm’s sensitive data. Make sure mobile devices can be wiped clean remotely. If an employee loses a phone or tablet, he or she can just log into the service provider’s website and literally “nuke” the phone to make sure it doesn’t fall into the wrong hands
2. Use two-person authentication for big money transfers. If you’re dealing with more than $25,000, make sure two people must sign off on them. This will make it harder for a criminal to social engineer his or her way into a fraudulent transaction.
3. Use multi-factor authentication (at a minimum) for remote access to Office 365 and related. When fraudulently seeking credentials, most hackers go directly to Office 365.
4. Perform full backups of critical data on a daily basis. When ransomware is installed, many companies with good backups simply “wipe” their systems to remove the malware and restore their data. It can be as simple as that, with no need to pay a ransom.
5. Protect social media accounts with 2-factor authentication. We don’t always think of our Facebook accounts as potential breach points, but they are. If a hacker gets ahold of someone’s Facebook account, it’s pretty easy to start impersonating the victim.
6. Train staff on the potential threats (and what to do about them). Past experience tells us that people are often the “make or break” points in the cybercrime world. In fact, 61% of breaches at companies involve employees. Human error is a potent variable that can be impossible to completely control. For example, the vast majority of breaches and events come through email. If employees don’t know how to spot threat attempts in their inboxes, then they might inadvertently expose the whole company to a problem.
7. Use strong password management. We live in a world where phrases like “password123” are still commonly used to access accounts that contain sensitive information. Hackers know this, and they know how to exploit this oversight. Avoid breaches by using one long, random password (i.e., single sign-on or SSO) for all sites that employees are accessing. Then, make sure the system reminds users to change those passwords every two weeks.
8. Work with an insurance carrier that offers a full menu of pre- and post-breach support. Find one that has a good track record of providing claims coverage (or, that’s backed by a larger company that has good experience handling cyber claims). Ultimately, your provider should offer both pre-breach (i.e., coaching on security preparedness, business continuity recommendations, disaster recovery plans) and post-breach support.

As the need for regulatory compliance increases, organizations are going to find themselves in a position where they have to take out cyber insurance policies. We’re going to see a bigger push for this, but based on the unpredictability of the crimes themselves, exactly how this is going to play out is somewhat of a guessing game at this point. Just a year ago, for example, we would have never even predicted a 7-figured ransomware demand, but it happened. As the pace and sophistication of these attacks increase, the need for insurance coverage that keeps companies in business both before and after the attacks will grow exponentially.  

Protect your company against the potential for significant financial losses – start your Free Cyber Risk Assessment today or contact one of our Cyber Insurance Advisors at 888.727.6232.