Many business owners simply do not understand the importance of purchasing a Cyber Liability policy or how the policy works.  Quite often, they are also under the assumption that their current Business Owners policy provides coverage for such a risk.

Hartford has created a short video that will help address some of the common misconceptions regarding Cyber Risk.  You may view the video by clicking here.

The odds that a cybergang will stealthily turn your PC into a bot this summer and use it to carry out all manner of cyberattacks just notched notably higher.

Security analysts anticipate a surge in SpyEye attacks the rest of this year. “Every level of criminal, from the lowest to the highest rungs, can now use one of the deadliest Swiss Army knife hacking toolkits in the world,” say Sean Bodmer, senior threat intelligence analyst at network security firm Damballa.

Using SpyEye, a criminal can issue commands to networks of thousands of bots. SpyEye-run botnets have proved to be unstoppable. Criminals use them to deliver spam scams, conduct hacktivist attacks and booby-trap legit websites with infections that create more bots.

What’s more, SpyEye may be best known for enabling thieves to orchestrate the systematic siphoning of cash from the online banking accounts of consumers and small organizations. Transactions security firm Trusteer has documented SpyEye-orchestrated banking account heists in action. SpyEye:

•Waits for the account holder to log into his or her online banking account.

•Collects the user’s balance figure and determines whether the account is ripe for theft.

•Initiates money transfers invisibly.

•Transfers funds into a mule account that is set up and controlled by the thief to receive cash transfers.

•Erases any evidence of the fraudulent transfer.

•Adds the stolen amount back to the official account balance, as if nothing is amiss.

Skilled hackers quickly created simple programs to access full versions of SpyEye and began selling them for about $100, Damballa’s Bodmer says.

The emergence of this new, cheap spy software could be the tipping point that finally convinces most small businesses with websites of the need to purchase cyber liability insurance.

Source: Spy Eye hacker toolkit to lead surge in cyber attacks, USA Today, August 22, 2011,

The spammers and cyberthieves haven’t given up and gone home. Instead they are moving with the times and stirring up trouble in other ways, targeting smartphones and social networkds, which offer vast amounts of personal information.

The popularity of “apps” is opening the door to a wide range of suspicious and malicious applications. Locative services such as Foursquare and Fowalla are also a potential problem. These services allow you to easily search, track, and plot the wherabouts of friends and strangers. But cybercriminals can use this information to craft targeted attacks, according to McAfee.

The main way to combat breaches, [Beeson] said, is by encrypting the information. But the McAfee report noted that because of our historically fragile cellular infrastructure and slow strides toward encryption, user and corporate data may face serious risks.

Source: Patricia Vowinkel, February 17, 2011

“Cyber liability coverage has evolved from just liability insurance for information technology companies to coverage that nearly every class of business should have if they don’t already.”  Many businesses including banks, restaurants, retailers, and medical offices are unaware of the great security technology exposure they face. 

In addition, the internet is not the source of all data breach problems.  Lower tech breaches commonly arise that are caused by leaving password notes out in plain view, theft of laptops, and improper disposal of medical records.

“Recent state laws require companies that have experienced a security breach to notify all customers that could be affected by the breach that their information has been compromised, even if the information hasn’t been used.  In most cases, the notification also includes an option of one year credit monitoring services and a new card or account number for customers.”

More than 40 states have data breach notification laws and insurers expect a federal cyber notification law at some time in the near future.  The average per customer cost for a security breach is $15 and this does not include loss of reputation. 

Source: http://www.mynewmarkets.com/articles/107853/security-breach-notification-laws-reinforce-need-for-cyber-insurance

Most tech firms and regular businesses with exposure don’t have insurance to cover this exensive peril. Liability for the following categories of expenses are common in these breaches of security:

*Class action lawsuits

*Regulatory fines, fees, penalties

*Statutory notification expenses

Tech companies that collect confidential information or assist clients that do the same must make sure that their Professional Liability / Errors & Omissions policy is specially endorsed to respond to breach of security lawsuits. Non tech companies with exposure must make sure that their Cyber Liability policy does the same.

Source: S.H. Smith & Company, Inc. E Bulletin, 10-19-08