“Cyber liability coverage has evolved from just liability insurance for information technology companies to coverage that nearly every class of business should have if they don’t already.” Many businesses including banks, restaurants, retailers, and medical offices are unaware of the great security technology exposure they face.
In addition, the internet is not the source of all data breach problems. Lower tech breaches commonly arise that are caused by leaving password notes out in plain view, theft of laptops, and improper disposal of medical records.
“Recent state laws require companies that have experienced a security breach to notify all customers that could be affected by the breach that their information has been compromised, even if the information hasn’t been used. In most cases, the notification also includes an option of one year credit monitoring services and a new card or account number for customers.”
More than 40 states have data breach notification laws and insurers expect a federal cyber notification law at some time in the near future. The average per customer cost for a security breach is $15 and this does not include loss of reputation.
Source: http://www.mynewmarkets.com/articles/107853/security-breach-notification-laws-reinforce-need-for-cyber-insurance
Cybercriminals are using pfishing tactics to gain information from social network sites to tap into corporate networks to steal sensitive data that can result in breach of privacy lawsuits and the need for Cyber Liability insurance for both techs firms and regular businesses alike.
Here are the steps in the process:
1. Cybercriminals purchase Facebook user names and passwords on websites at a cost of $75 to $200 per 1000 matching pairs.
2. Cybercriminals enter accounts and get access to friends, emails, dates of birth, mother’s maiden names, home towns, and vital information from profiles and postings to start online conversations.
3. Messages are sent to friends with information of interest (based on postings) that include a link to a website that results in a malicious executable file being placed on the recipient’s PC.
4. Executable files contain keystroke loggers that capture all user keystrokes on a periodic basis that are emailed to free Gmail or Hot Mail accounts that are set up by the Cybercriminal.
5. Eventually, the user logs into the employer’s network through VPN or Citrix and the cybercriminal captures the user name and password.
6. The cybercriminal enters the corporate network and probes for weaknesses such as those caused by failure to update security patches.
7. A vulnerable server is found and breached resulting in the hacking of confidential information.
Source: http://www.usatoday.com/NEWS/usaedition/2010-03-04-1Anetsecurity04_CV_U.htm?csp=N009
