Cybersecurity is applicable for most businesses. Austbrokers Countrywide share 3 cyber scenarios that have created risk and exposure. If you want to learn more, get in touch with Austbrokers Countrywide.
“I don’t have cyber exposures”
“My business is too small”
“I haven’t got a website”.
These are common responses when contemplating the effect of Cyber Privacy and Crime on a small to medium enterprise. However, these three claims scenarios provided by the largest team of dedicated cyber underwriters, CFC underwriting Pty Ltd (Lloyds of London) may surprise you and demonstrate the types of exposures we all face even as a small business not operating on-line point of sale portals or advice on-line.
Three factual claims scenarios
1. Malware Theft
Hackers sent a phishing e-mail with a bogus word document attachment to a member of the accounts team within a small firm of accountants. Upon opening the attachment, a piece of key logging software was automatically installed which allowed the hackers to gather crucial access data and then log into the firm’s bank portal with the credentials of one of their users.
The insured was contacted by the bank after the hackers had initiated several wire transfers and ACH batches from the insured’s account to accounts located in Nigeria. After checking with the user whose credentials had been used to instruct the transactions, the firm instructed an IT forensics company to establish what had happened and to remove the malware from the system.
After managing to recall some of the wire transfers, the firm were left with $164,000 lost in theft of electronic funds and costs of $15,000 for IT forensics work.
The head GP at a private doctor’s surgery switched on his computer on a Monday morning to be greeted with a message stating that every single patient record on the network had been encrypted and that a sum of $30,000 was to be paid in bitcoin in exchange for the decryption key.
The insured contacted an IT forensics firm who confirmed that the level of encryption meant that it was going to be almost impossible to access the data without the encryption key and that the only other alternative was wiping the network of the ransomware which could lead to all data files being deleted. It had been a week since the last software back up, meaning critical patient data would be lost – and so the ransom was paid. Forensics were then engaged to remove any remaining malware from the network at a cost of $10,000.
3. CEO Fraud
A fraudulent yet almost identical looking e-mail address for the Managing Director of a medium sized building contractor was created by fraudsters who used it to instruct an individual in the accounts department to make a wire transfer payment of $50,000 to a new materials supplier. The e-mail stated that the new supplier was being used to source additional materials for a crucial job and that payment had to be made urgently to secure delivery of the goods.
The e-mail was sent whilst the MD was on holiday so that no face to face verification could be made. The account to which the funds were transferred actually belonged to the fraudsters who were able to retrieve the money before the transaction could be recalled.
Cyber liability insurance policies (also known as “data breach” insurance) and their coverage vary dramatically by insurance carriers. For a business, choosing the right cyber liability insurance policy can be a challenge. Working with a knowledgeable insurance broker who has experience with cyber liability insurance policies can reduce the challenges.
Before you start shopping, though, there are a few things you need to do to get ready:
1) Assess your cyber hygiene
Before applying for cyber liability insurance, your company should have policies and procedures in place that show they are protecting and securing their data as well as enforcing their security and privacy policies. While cyber liability insurance can help businesses mitigate risks, it cannot replace good cyber hygiene.
2) Evaluate your needs and priorities
Has your business assessed its risks for a data breach? Depending on your industry, your risk for a data breach may be considered anywhere from minimal to very high.
Has your business conducted a risk assessment? Evaluate, identify and mitigate any gaps in your privacy and security programs prior to applying for a cyber liability insurance policy. The risk assessment can help you assess your needs for cyber liability policy coverage matched to your business vulnerabilities.
3) Predict your data breach
Once you have assessed your risks, you will want to think of as many possible data breach scenarios as you can that could happen to your business. The purpose of this exercise is to arm you with potential data breach scenarios and prepare you to go on a search, with a knowledgeable insurance broker, for a cyber liability policy that fits your needs. While this may seem like a time-consuming process, it could help ensure that you’re covered in the event one of these scenarios happens. The whole purpose of purchasing cyber liability insurance, after all, is to ensure that you are protected from potential risk.
After these three steps, you are ready to compare different cyber liability insurance policies.
*Disclaimer: Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain the additional benefits and exclusions pertaining to your policy. The information provided is general advice only and does not take account of your personal circumstances or needs.
Meena Wahi is an insurance broker from Cyber Data Risk Managers based in Melbourne. We’ve interviewed Meena to share some of what she loves about working in the insurance industry, her thoughts on where the industry is going
What do you love about being an insurance broker and an insurance expert?
Insurance broking offers the opportunity to add value to clients business, plus I like Insurance because it offers a high ROI to my clients.
What insurance lines are your core areas of expertise? Core areas you service?
- Cyber Insurance
- Intellectual Property Insurance
- IT Liability Insurance
- Director & Officers Insurance
What is the most unusual request you’ve had or heard about?
Another broker, who specialised in different insurance lines referring me their client as they did not fully understand cyber risk
What makes an ideal client? Why?
Someone who understand the risk and obligations and are willing to invest in mitigating the risk. I also like clients who understand emergent risk so take up policies that offer wider coverage.
When have you gone above and beyond for a client?
My client was refused cover by a number of Insurers. When they approach me, I was able to help them understand what they evidence they had to provide of their own internal procedures and controls, I spent a lot of time speaking with their team and explained to them in detail and also provided them with research. This lead to them to follow up on my suggestions due to which they were able to get the insurance cover required.
Why should someone consider using an Insurance Broker?
It is very important to use to an Insurance Broker as they can help you identify exposures, provide information to the underwriter which promises them full coverage, and educates your business about your obligations – so that you have a very high chance of your claim getting accepted.
What areas of insurance should people be aware of over the next 12 mths?
Businesses must do a health check on their insurances as changes in regulations and increase in use of the internet is likely to create more digital risk. Traditional insurance may no longer be relevant or provide adequate coverage from new and emerging risks like Cyber risks.
If you’re a broker and would like to be featured on Advisr, please get in touch.