Tag Archive | Cyber Liability Insurance
September 26, 2024  

Cyber Risks Lead 2024 Business Concerns in Travelers Survey

For 11 years, Travelers has posted an annual Risk Index. The Risk Index is a survey that looks at the top concerns of U.S. businesses, and how they manage them.

Their 2024 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.

Some of these risks involve well-known issues, like rising medical costs, broad economic uncertainty, and the ability to attract and retain talent.

Cyber risks are the #1 business concern in 2024 per the survey. 62% of the 1,200 or so respondents cited cyber as a top concern.

Cyber ranked higher as a concern than medical cost inflation (59%), increasing employee benefits costs (59%), broad economic uncertainty (59%), and the ability to attract and retain talent (54%). Medical cost inflation was the highest concern last year.

I included a link to the 2024 Risk Index above but here’s the LINK again for reference.

If you have questions about cyber insurance coverage or would like to see what the cost would be for a cyber insurance policy for your company, please contact me to discuss.

-JK

September 29, 2023  

Cyber Risks Remain a Top Business Concern

The 2023 Travelers Risk Index reveals that in an ever-changing world filled with fluctuating and emerging threats, cyber risks remain a top overall business concern.

The Travelers Risk Index provides an annual snapshot of risk viewpoints from over 1,200 business decision makers across the country. The 2023 survey looks at the top concerns of U.S. businesses and how companies are dealing with the risks they face every day. The survey participants represent small, mid-sized and large businesses from a variety of industries including construction, real estate, healthcare, technology, retail, transportation, wholesalers, professional services, manufacturing, banking/financial services, publicly traded, nonprofit and public sector.

Notably, 58% of survey participants say they worry about cyber risks.

The cyber concerns facing organizations include unauthorized access to financial accounts, a security breach/someone hacking into a system, system glitches, ransomware and someone using a phishing email to fool employees into transferring funds out of an organization.

See the results of the 2023 Travelers Risk Index and tips HERE.

September 13, 2023  

MGM Cyber Hack Has its Las Vegas Hotels Resorting to Cash Bars, Paper Vouchers

MGM Resorts International is a large publicly traded company with billions of dollars of annual revenues. So, reading the news about the cyber attack they’re currently facing might have you thinking that something like this only happens to those large, multi-billion publicly traded companies.

The reality, however, is that ALL businesses in today’s world, large and small, are exposed to cyber attacks in some way, shape of form.

First, a quick update to what’s going on here:

News like this takes center stage do to the notoriety of MGM Resorts International. However, let this be a lesson that the issues that MGM is facing are the same issues everyday main street businesses face from a cyber attack, just on a smaller scale.

Think about the repercussions of this cyber attack. Here’s a list to get you thinking:

First Party Damages

  • Loss of electronic data: the cost to repair damaged software or replace lost or stolen data from the cyber attack.
  • Cyber extortion: cyber criminals holding data and/or information hostage for a ransom; cost to help pay for the ransom.
  • Business interruption/loss of income: a data breach or cyber attack leaves you unable to operate your business. The lost income and expenses add up fast here.
  • Security fixes and cyber forensics: Costs of upgrading your security and investigating the data breach.
  • Notification and identity protection for affected customers: Cost of notifying customers impacted by data breaches and paying for identity protection.
  • Fraud and credit monitoring services: Cost of credit monitoring for any customers impacted by a data breach.
  • The impact on your business reputation: Costs of handling public relations and repairing the damage to your business reputation. Libel, copyright infringement, defamation.

Third-Party Liability

  • Damage to a third-party system (in case of an accidental virus transmission, for example)
  • Network Security and Privacy Liability: Liability for alleged negligence or that you failed to properly protect customer information.
  • Media Liability Claims: This includes accusations of libel, slander, fraud, etc.
  • Regulatory proceedings and or fines form regulatory bodies
  • Legal costs, settlements, and damage awards

So, what if this happened to your business tomorrow? You come to work in the morning and realize that you’re locked out of your entire network and not a single employee can get a single task done.

You have a ransom demand of $400,000 from a hacker.

Where do you start? Are you capable of doing this all alone? To pay the costs out of pocket? To deal with the IT forensics and loss of data? The network fixes and trying to get back to where you were before you shut down the night before?

If this reality hits you hard in the face, cyber liability/data breach insurance coverage is something you should consider to address these very circumstances.

Cyber insurance programs can team up with your managed IT provider to help with the list of costs and expenses to navigate through the mess caused by a cyber attack. And carriers have deep resources to help fix the mess and get you back to business much faster and more efficiently than trying to deal with this sort of mess alone.

There are many cyber insurance options out there. No two are the same. It’s important to work with a provider who knows the ins and outs of cyber insurance coverage.

Contact me today if you have questions about cyber insurance or would like to look at coverage and cost options.

Let’s hope that MGM gets this settled as quickly as possible for all involved.

February 28, 2023  

3 Most Costly Types of Cyber Insurance Claims

A good cyber insurance policy starts with two core coverage components. These are:

  1. Data Breach coverage
  2. Cyber Liability coverage

Data Breach coverage is also referred to as 1st party coverage. This helps your business respond to a breach if PII (personally identifiable information) gets lost or stolen, whether it’s from a hacker breaking into your network, or an employee accidentally getting their laptop stolen at a coffee shop.

Data Breach insurance coverage can help pay the [expensive] costs for such things as:

  • Notifying affected customers, patients, or employees;
  • Hiring a public relations firm for damage control;
  • Offering ongoing credit monitoring services to data breach victims;
  • Business income coverage to help replace lost income if you can’t run your business because of a data breach;
  • Extortion Coverage helps cover the amount you paid if someone takes your business’ data and demands a ransom.

Between data breach coverage and cyber liability coverage, more than 95% of cyber insurance claims costs come from data breach losses! And these data breach losses fall into three broad categories:

Theft of funds

This is the straightforward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Instead of stealing physical funds, criminals are increasingly stealing electronic funds through social engineering scams. And if a business has somehow been negligent in allowing this to happen, their bank may not reimburse them.

Theft of data

Data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels around the world and in order to commit identity theft, criminals need data. Seemingly harmless information such as names and addresses stored on a computer network can be worth more money than you think

Damage to digital assets

In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a company’s digital assets, attackers know that they can extort money from their victims who might prefer to pay a ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix. Your cyber insurance policy will help do this too…..fix and patch your system.

So, when contemplating the purchase of a cyber insurance policy, data breach coverage (1st party coverage) is the heavyweight coverage you must incorporate into your policy. Cyber liability (3rd party coverage) is just as important, but that’s not where the bulk of the claim dollars are paid in the event of a data breach.

Regardless, make sure both of these coverages are included in your cyber insurance policy. And then drill down even further into the data breach coverage section to make sure the line item coverages such as Incident Response Expenses, Cyber Extortion Loss, Network Restoration Expenses, and Business Interruption are included as well.

No two carrier policies are the same and cyber insurance is absolutely not one size fits all!

January 16, 2023  

Is the Cyber Insurance Market Stabilizing?

I just wrapped up a sizable Cyber insurance policy renewal and based on the results of our marketing efforts, I think it’s a good indication that the market is beginning to stabilize.

The cyber insurance market has been in a hard market for the past several years.

This particular cyber insurance renewal is for a middle market company that works with Fortune 500 companies. They’re required to carry $50,000,000 in coverage by contract.

The insured’s services are viewed as a higher risk for the cyber market. It is a technology-based business that holds a lot of third-party sensitive data. They do about $75M – $80M in annual revenues. Cyber liability and data breach are definitely their primary risk exposures.

This policy renewal took 10 carriers to quota share the risk and the year-over-year premium is down in 2023 by 4-5%.

I had a feeling the renewal premium wouldn’t spike as hard as it did last year, but I was pleasantly surprised there was actually a slight DECREASE for this renewal.

The cyber insurance market is a lot like the mortgage industry prior to 2008.

Up until a few years ago, you could buy cyber insurance by providing very little information and carriers practically gave away quotes. And not very expensive ones relative to the risk.

Then hackers decimated the cyber insurance market with ransomware and social engineering attacks. Millions upon millions of claims dollars were being paid by carriers as a result.

Underwriting ultimately tightened and those looking to secure cyber insurance coverage must now show preventative measures are in place for their organizations such as data encryption, multi-factor authentication (MFA), data backups, etc.

Underwriters won’t even think twice about insuring a business if these types of measures are not in place.

Cyber insurance pricing and trends vary by company. However, in this particular case where we have a sizable middle market company with above-average cyber risk, a decrease in premium this year is a positive sign.

Let’s hope the cyber insurance market continues trending in this direction.

Each and every company/policyholder will see different outcomes with their cyber coverage and rates based on their own unique makeup. However, if you can show that your organization takes preventative measures to help mitigate cyber risk up front, you’re in a favorable spot.

-JK

October 26, 2016  

Be Careful of Those ATM Card Skimmers

Are you like me where you get paranoid using public ATM’s and paying for gas with your card at the pump? I am sketched out about ATM / credit card skimmers that scammer’s place on public machines to trace your personal information. I stumbled across this video on Facebook. This is in Europe, but it doesn’t matter, this can happen anywhere. Be vigilant my friends!

-JK

October 1, 2016  

Educate Your Employees During National Cyber Security Awareness Month

This October is Cyber Security Awareness Month, an event co-sponsored by the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) in order to raise awareness of the importance of cyber security issues. While the event is designed to highlight some of the nation’s cyber security precautions, as well as how to be prepared in the event of a national cyber security incident, much of the focus is on good cyber security practices for the average individual.

Specifically, the groups are trying to promote their “Stop. Think. Connect.” and Stay Safe Online campaigns—efforts that teach good cyber security in terms everyone can understand. In order to encourage your employees to practice good cyber security, review the following lessons with them:

  • Password Security: More powerful computers have given criminals the ability to crack passwords easily. Passwords with a mix of capitalized and lowercase letters—as well as numbers, symbols and other special characters—are much harder to crack. And, though it should go without saying, make sure your employees don’t write their passwords down in plain sight in their work spaces.
  • Phishing Scams: A number of different scams could fall into this category, but they all have commonalities that your employees should be aware of. Never open an email from an unknown source, and never click on a link in an email unless both the sender and the link can be trusted.
  • Software Updates: Security patches are designed to fix known vulnerabilities. Make sure your employees download the latest security patches when they become available.

Those wishing to participate in this year’s activities can find a number of resources available online, or contact me  for further cyber security materials.

-JK

May 2, 2016  

Participating On A Panel for Cyber Crime

This past Wednesday I was part of a panel for an educational workshop to discuss innovative ways to protect small businesses from cyber crime.

On the panel was an FBI Special Agent who shared FBI insights on fighting cyber crime. Akilah Kamaria from Blue Fields Digital Intelligence shared strategies organizations can use to prepare for and respond to a cyber incident. I shared information on cyber liability and data breach insurance and its role in helping to protect companies from cyber crime losses.

Special thanks to Akilah Kamaria for allowing inviting me to participate. Also, to Gal-A Photography for the professional photos:

Thank you for putting on such an important and great event!

-JK

 

February 22, 2016  

Cyber Security: Anatomy of a Main Street Hack

Two former FBI agents from Travelers Insurance Investigative Services hack into a typical business website and download sensitive data in a matter of minutes to demonstrate how quickly a cyber attack can happen:

https://youtu.be/ZJ9Q2cAnwnc

Research shows that cyber criminals and hackers are attacking smaller “Main Street” companies who are often less prepared to prevent and respond to an attack.

Cyber insurance can protect companies before an event takes place by helping supply them with risk management tools and advice and access to other professionals in the data security community that can help with their information security.

Check out the full story: http://travl.rs/1WvPHQq

Have questions about cyber insurance? Interested in learning more about the various coverage’s included within a cyber insurance policy? Want to see what it would cost you to pick up cyber insurance for your business? Contact your insurance broker or me today to talk more.

-JK

February 8, 2016  

25 Most Commonly Stolen Passwords

How clever is your password? If it’s on the list below, your password is just as easily stolen as it is remembered. Protect yourself by making sure you’re not using one of the top 25 most commonly stolen passwords of 2015, as determined by IT security firm SplashData.

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 11111115
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

To create a more secure password, make sure you are not relying only on numbers, and try to avoid simple keyboard patterns. You may also want to avoid easy-to-find information such as birthdays, favorite sports teams and addresses. Attempt to create a password that is eight or more letters long, and avoid using the same password for multiple access points.

-JK

« Older Posts