Tag Archive | Cyber Extortion
November 4, 2024  

POV: The Incredible Anxiety of a Cyber Attack

As someone who helps businesses with the placement of their insurance policies and with risk management advice, this video from Travelers Insurance hits powerfully when I watch it.

I’ve experienced this exact situation first-hand at least several times. A client calls in terror because their computer network was breached. They are either shut down to a point where not a single employee can get on the network to function. Alternatively, a hacker breaches their network and steals hundreds of thousands of dollars from their accounts.

The incredible fear and anxiety it creates is off the charts. This video is a true personification of this very circumstance.

My biggest piece of advice is please don’t think that your business is invincible to these types of circumstances. This CAN happen to any business, large or small.

The most crucial step a business can take to avoid a cyber attack is to establish a robust cyber security culture. This culture should include consistent employee training. Educate all team members on cyber hygiene practices. Teach them to recognize phishing emails. Encourage them to use strong, unique passwords. Additionally, ensure they secure their devices. Human error is one of the leading causes of data breaches. Employees who are aware of and actively follow security best practices can significantly reduce the risk of an attack.

Whether you have an internal IT team managing your computer network, or utilize a MSP (Managed Service Provider), ensure they have the proper protocols in place. These protocols should mitigate breaches within your computer network.

Also, don’t overlook a cyber insurance policy. It can help manage the costs of a cyber attack with both “1st Party Coverage.” This coverage focuses on your own losses and expenses directly resulting from a cyber incident. It also includes “3rd Party Coverage” to focus on liability to third parties affected by the cyber incident. This includes legal and regulatory costs.

The cyber insurance market is competitive as of the date of this post. This means rates are low for the coverage offered. Underwriting is also relatively soft. It’s not difficult to secure a robust policy with a low annual premium.

If you have questions about the above, reach out today. You might want to know about a recommended MSP (Managed Service Provider) for your business. Or you may have questions about the cost and terms of a cyber insurance policy.

-JK

September 29, 2023  

Cyber Risks Remain a Top Business Concern

The 2023 Travelers Risk Index reveals that in an ever-changing world filled with fluctuating and emerging threats, cyber risks remain a top overall business concern.

The Travelers Risk Index provides an annual snapshot of risk viewpoints from over 1,200 business decision makers across the country. The 2023 survey looks at the top concerns of U.S. businesses and how companies are dealing with the risks they face every day. The survey participants represent small, mid-sized and large businesses from a variety of industries including construction, real estate, healthcare, technology, retail, transportation, wholesalers, professional services, manufacturing, banking/financial services, publicly traded, nonprofit and public sector.

Notably, 58% of survey participants say they worry about cyber risks.

The cyber concerns facing organizations include unauthorized access to financial accounts, a security breach/someone hacking into a system, system glitches, ransomware and someone using a phishing email to fool employees into transferring funds out of an organization.

See the results of the 2023 Travelers Risk Index and tips HERE.

September 13, 2023  

MGM Cyber Hack Has its Las Vegas Hotels Resorting to Cash Bars, Paper Vouchers

MGM Resorts International is a large publicly traded company with billions of dollars of annual revenues. So, reading the news about the cyber attack they’re currently facing might have you thinking that something like this only happens to those large, multi-billion publicly traded companies.

The reality, however, is that ALL businesses in today’s world, large and small, are exposed to cyber attacks in some way, shape of form.

First, a quick update to what’s going on here:

News like this takes center stage do to the notoriety of MGM Resorts International. However, let this be a lesson that the issues that MGM is facing are the same issues everyday main street businesses face from a cyber attack, just on a smaller scale.

Think about the repercussions of this cyber attack. Here’s a list to get you thinking:

First Party Damages

  • Loss of electronic data: the cost to repair damaged software or replace lost or stolen data from the cyber attack.
  • Cyber extortion: cyber criminals holding data and/or information hostage for a ransom; cost to help pay for the ransom.
  • Business interruption/loss of income: a data breach or cyber attack leaves you unable to operate your business. The lost income and expenses add up fast here.
  • Security fixes and cyber forensics: Costs of upgrading your security and investigating the data breach.
  • Notification and identity protection for affected customers: Cost of notifying customers impacted by data breaches and paying for identity protection.
  • Fraud and credit monitoring services: Cost of credit monitoring for any customers impacted by a data breach.
  • The impact on your business reputation: Costs of handling public relations and repairing the damage to your business reputation. Libel, copyright infringement, defamation.

Third-Party Liability

  • Damage to a third-party system (in case of an accidental virus transmission, for example)
  • Network Security and Privacy Liability: Liability for alleged negligence or that you failed to properly protect customer information.
  • Media Liability Claims: This includes accusations of libel, slander, fraud, etc.
  • Regulatory proceedings and or fines form regulatory bodies
  • Legal costs, settlements, and damage awards

So, what if this happened to your business tomorrow? You come to work in the morning and realize that you’re locked out of your entire network and not a single employee can get a single task done.

You have a ransom demand of $400,000 from a hacker.

Where do you start? Are you capable of doing this all alone? To pay the costs out of pocket? To deal with the IT forensics and loss of data? The network fixes and trying to get back to where you were before you shut down the night before?

If this reality hits you hard in the face, cyber liability/data breach insurance coverage is something you should consider to address these very circumstances.

Cyber insurance programs can team up with your managed IT provider to help with the list of costs and expenses to navigate through the mess caused by a cyber attack. And carriers have deep resources to help fix the mess and get you back to business much faster and more efficiently than trying to deal with this sort of mess alone.

There are many cyber insurance options out there. No two are the same. It’s important to work with a provider who knows the ins and outs of cyber insurance coverage.

Contact me today if you have questions about cyber insurance or would like to look at coverage and cost options.

Let’s hope that MGM gets this settled as quickly as possible for all involved.

May 24, 2023  

Top 9 Industries Vulnerable to Ransomware Attacks

Some industries are more vulnerable to ransomware attacks than others, both because of inherent vulnerabilities in some industries and because hackers historically have targeted these industries more often.

Looking at it from a top-down risk perspective, the industries subject to ransomware attacks the most in 2021 according to BlackFog (in descending order) were:

  1. Government
  2. Education
  3. Healthcare
  4. Technology
  5. Services
  6. Manufacturing
  7. Retail
  8. Utility
  9. Finance

This list can give a general idea of where your business or industry may fall for big-picture risk.

Ransomware is a type of malicious software (malware) designed to encrypt files on a victim’s computer or network, making them inaccessible and unusable. The attackers behind ransomware demand a ransom, typically in the form of cryptocurrency, in exchange for providing the decryption key to restore the files.

Ransomware attacks can have severe consequences for businesses, and organizations. They can result in data loss, financial losses, operational disruptions, reputational damage, and legal implications.

It is crucial to have strong cybersecurity measures in place, including regular data backups, up-to-date software, strong passwords, and security awareness training, to help prevent and mitigate the impact of ransomware attacks.

If you are looking for a reputable cybersecurity company, outsourced IT provider, or cyber insurance options, contact me and I can connect you with local trusted providers to help your business to help prevent ransomware losses from affecting your daily business operations.

Sources: “The State of Ransomware in 2021” BlackFog; Risk Placement Services, Inc

April 4, 2023  

Do Manufacturers Need Cyber Insurance?

Although ALL industries are at risk of cyber attacks now more than ever, did you know that manufacturers make the top 5 list of industries being targeted the most by cyber criminals according to Forbes?

That’s because digital systems such as IoT, shop floor controllers, and monitoring platforms have enabled the interoperability of different teams in the manufacturing industry to streamline processes.

Unfortunately, this convenience has also drawn the attention of cybercriminals for data theft or ransom demands capable of disrupting operations on a massive scale with global repercussions.

Here are five notable [and extremely costly] cyber risk exposures manufacturers face:

  1. Extortion: An organization’s security is only as strong as the judgment of its employees. All it takes is one employee clicking on what appears to be an innocent link, but it is actually malware, for all of the company’s data to be encrypted within seconds. A hacker will then contact the organization asking for a “ransom” ranging from a few thousand dollars to millions to decrypt the files.
  2. Forensic and Notification Costs: Should there be a cyber attack, the Manufacturer will need to engage a forensic investigator ($250-$500/hr) to determine the scope of the attack and if any sensitive data such as employee records or confidential corporate information was breached.
  3. System Damage: Manufacturers rely heavily on their computer systems to properly fill orders. Damage to a manufacturer’s computer system could be devastating and lead to defective products or a complete halt in production.
  4. Business Interruption: Manufacturers will experience a direct financial loss every hour that their systems are down. They will incur unexpected additional costs such as sourcing products by alternative means and paying staff overtime to meet deadlines.
  5. Social Engineering: Believe it or not, Cyber Crime (aka Social Engineering) is one of the most frequent claims in cyber insurance to date. Cybercriminals will trick financially responsible employees of the manufacturer to send money to a fraudulent bank account. Hackers have become patent and will open sit in the system undetected monitoring and intercepting email activity before executing their scam. Their tactics range from posing as the CEO, a vendor, or a client to simply creating fake employee profiles in the payroll system to siphon money out.

There are simple and effective measures that manufacturing businesses can put in place to be better prepared for emerging cybersecurity threats. These include having a formal incident response plan, effective backup strategy and testing, multi-factor authentication (MFA), Data Retention Policies, and endpoint Detection and Response (EDR) to name a few.

I won’t go into the weeds with technical IT details. That’s for the IT professionals to decide such as your in-house IT team, managed IT provider, or cyber security consultants to help develop. I suggest having your IT provider work in union with a quality cyber insurance policy so that you are prepared in the event of a data breach.

I work with some quality IT professionals and cyber security companies that I can recommend if you need help with this. Just reach out and ask if you need it.

Remember, there’s a reason why manufacturers make the top 5 list of industries being targeted the most by cybercriminals. You don’t just need to hold personally identifiable information to have a cyber exposure. The world is basically run on the cloud now and there’s no hiding from the cyber risk exposures prevalent in today’s technology-driven world.

Credit: Evolve MGA

February 28, 2023  

3 Most Costly Types of Cyber Insurance Claims

A good cyber insurance policy starts with two core coverage components. These are:

  1. Data Breach coverage
  2. Cyber Liability coverage

Data Breach coverage is also referred to as 1st party coverage. This helps your business respond to a breach if PII (personally identifiable information) gets lost or stolen, whether it’s from a hacker breaking into your network, or an employee accidentally getting their laptop stolen at a coffee shop.

Data Breach insurance coverage can help pay the [expensive] costs for such things as:

  • Notifying affected customers, patients, or employees;
  • Hiring a public relations firm for damage control;
  • Offering ongoing credit monitoring services to data breach victims;
  • Business income coverage to help replace lost income if you can’t run your business because of a data breach;
  • Extortion Coverage helps cover the amount you paid if someone takes your business’ data and demands a ransom.

Between data breach coverage and cyber liability coverage, more than 95% of cyber insurance claims costs come from data breach losses! And these data breach losses fall into three broad categories:

Theft of funds

This is the straightforward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Instead of stealing physical funds, criminals are increasingly stealing electronic funds through social engineering scams. And if a business has somehow been negligent in allowing this to happen, their bank may not reimburse them.

Theft of data

Data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels around the world and in order to commit identity theft, criminals need data. Seemingly harmless information such as names and addresses stored on a computer network can be worth more money than you think

Damage to digital assets

In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a company’s digital assets, attackers know that they can extort money from their victims who might prefer to pay a ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix. Your cyber insurance policy will help do this too…..fix and patch your system.

So, when contemplating the purchase of a cyber insurance policy, data breach coverage (1st party coverage) is the heavyweight coverage you must incorporate into your policy. Cyber liability (3rd party coverage) is just as important, but that’s not where the bulk of the claim dollars are paid in the event of a data breach.

Regardless, make sure both of these coverages are included in your cyber insurance policy. And then drill down even further into the data breach coverage section to make sure the line item coverages such as Incident Response Expenses, Cyber Extortion Loss, Network Restoration Expenses, and Business Interruption are included as well.

No two carrier policies are the same and cyber insurance is absolutely not one size fits all!

August 10, 2017  

Hackers Are Shutting Down Factories

A growing number of cyber criminals are targeting factories for ransom, knowing that the industry’s time-sensitive nature puts pressure on companies to pay up. “if we don’t make our product in time, that means Toyota doesn’t make their product in time, which means they don’t have a car to sell on the lot that next day. It’s that tight,” says John Peterson, AW North Carolina’s IT manager. The factory was hit with malware last year, with the potential to lose $270,000 in revenue, plus employee wages, for every hour it was out of commission.

Source: LinkedIn

Manufacturers: do you carry Cyber Liability / Data Breach insurance? Cyber extortion coverage protects your business against losses caused by ransomware and other types of cyber extortion. Many cyber liability policies cover three types of costs.

-JK