Cyber & Privacy Coverage
Advances in information technology over the past two decades have radically transformed the way we conduct business. This transformation has also lead to unintended consequences. Most notably, new risks associated with network and information security.
If not properly managed, these new and emerging risks can lead to catastrophe. Data security events are not only expensive to manage (according to Experian, the average costs for a breached company total $9.4 million over a 24-month period), they also significantly impact brand equity and morale.
Cyber FAQ
Find Answers to frequently asked questions about cyber incident response plans.
Losses can arise from a number of sources
Losses can arise from malicious insiders, negligent insiders, hacktivists, criminal hackers and cloud or third-party compromise. Click here to read more in detail.
Will my Property & Casualty insurance cover cyber issues?
Most likely not. Traditional Property & Casualty insurance was not designed to address cyber perils and now commonly contains cyber exclusions. Standard insurance policies were designed for tangible risks and do not address perils such as hacking and denial of service attacks.
The insurance industry has recognized the need for a distinct insurance solution based on this new risk paradigm and policies can include both tailored coverage but also loss control services. IMA has access to over thirty domestic and international markets providing this specialized coverage, which can be customized specifically to your operations and areas of concern.
What are some of the available coverages?
- Data Breach Expenses: Costs associated with the actual or suspected breach of confidential information. Customary expenses include legal counsel, forensic examination, public relations, notification to impacted parties, call center and credit/identity monitoring.
- Security & Privacy Liability: Defense costs and legal liability due to lawsuits or contractual obligations due to a failure of security or safeguarding confidential information.
- Network Business Interruption: Loss of income due to downtime or degradation resulting from a failure of network security. Coverage extends to internal and external costs (extra expense) to get operations back in order.
- Cyber Extortion: Covers expenses to respond to a threat to harm or release your data as well as cover ransom payments, if necessary.
- Regulatory Expense: Defense costs related to privacy regulatory actions, including coverage for assessed fines and penalties (where insurable).
It’s not a matter of if a cyber breach will happen to your company, it’s a matter of when.
In addition to gap analysis and cyber risk loss modeling, IMA offers a cyber loss control website to clients that includes the latest in best practices and industry news.
Preventing a Ramsomware Incident
+ Does the network require two-factor authentication for all remote access?
+ Is there a secure data backup solution in the event of a ransomware attack?
+ Are the right email spam filters in place?
+ Is there a behavior-based antivirus software to help recognize malware?
What is Business Email Compromise?
Business email compromise (BEC) or “phishing” is a cyber-crime used to gain access to company email. This allows criminals to steal sensitive data and money by impersonating a coworker, manager or other trusted business partner through fraudulent wire transfer requests, fake invoices, or diverting payrolls. BEC emails are default to detect because they usually contain no malware.
Cyber criminals obtain email credentials through social engineering.
Social engineering involves a class of attacks using manipulation to gain access to confidential information or assets. Cyber criminals use this data by deploying malware or holding information in a system hostage.
Here’s How the Threat Actors Work:
Phishing pages: Cyber criminals send a link to a fake login page for a false Office 365 or Google page requesting your credentials that looks identical to the real O365 or Google login page.
- O365 example: An email is received stating Jane Doe shared a file with you. When the link is clicked, it opens a fake O365 login page. When credentials are entered, information is compromised.
- Google example: An email is received that appears to be from Google warning compromised account and passwords need to be changed. The website will provide a link to a fake Google login page where credentials are entered.
Another common way to steal credentials is via “Keyloggers”,” which is a malicious software that secretly captures keyboard strokes. A phishing email may contain an innocent-looking link, but the link is clicked, a keylogger is instantly downloaded and installed. Now, all keystrokes (including passwords and information like personal bank accounts, social media logins, etc.,) are sent to threat actors, including usernames and passwords.
This whitepaper will continue to dive into:
- Protection for businesses and employees
- Email Spoofing and how to best avoid
- BEC attack prevention
- And more ways to help thwart sneaky cyber solicitations