Cyber Risk Insurance

Managing Cyber Risk

Cyber risk is not something that organizations can suppress or reduce to insignificance. Because companies now rely on IT and technologies such as computing and mobile devices and allow employees to work on their own devices,  incidents will happen and preparations for incident response are vital.

The news, in this respect, is mixed. Almost two-thirds of survey respondents say their organization has formally assigned roles and responsibilities to key individuals as part of an incident response plan. However, few have made contingency plans with preferred vendors. Less than half said they have a strategy for communication to the general public in case of a cyber risk incident. The public sector is doing better in this respect, with more than 60 percent of respondents saying they have such a strategy.

Organizations surveyed are introducing new systems and standard practices to mitigate information security and privacy risk. Three out of four respondents said their organization has introduced new IT infrastructure and more than two out of three now regularly update their antivirus software, while a similar proportion have introduced secure configurations for network devices such as firewalls, routers, and switches.

4.00 avg. rating (77% score) - 1 vote
Posted By:
Categories: Cyber Liability, Technology
Cyber Liability Insurance

Insider hacking poses huge cyber risk

Insiders account for most cyber theft losses

Outside hackers, whether domestic or part of criminal gangs in Eastern Europe and Asia, get most of the media attention. However, a bigger cyber risk is inside jobs by a company’s own employees. These crimes account for 70 percent of all security incidents that result in losses, according to some sources.

This is known as authorized access for unauthorized use.

Disgruntled or simply dishonest employees, independent contractors, or employees of independent contractors may steal confidential information such as credit card numbers, bank account information, or proprietary information such as trade secrets or intellectual property.

Most Cyber Liability policies only cover unauthorized access by outsiders. Make sure that your policy also covers authorized access for unauthorized reasons.

For a assistance determining your coverage needs, please call us at 800-622-7370

 

Source: Do You Need Coverage For Cyber Risks? The John Liner Letter, Vol. 43, No. 7, June 2006.

 

3.00 avg. rating (67% score) - 1 vote
Categories: Breach Of Security, Crime, Cyber Liability

Risks in Our Digital Information Economy

Defending digital assets against cyber crime

Anyone with access to a computer, tablet or smart phone can buy goods online, pay electronically and request information from corporate networks. Business websites that don’t have proper management and security systems in place provide entryways to the valuable information they have amassed.

 The data companies spend years gathering is a valuable business asset – and even a small gap in security can pose a huge risk. Cyber criminals waste no time figuring out new ways of exploiting weaknesses in the technologies that businesses spend billions of dollars on to stay ahead in the e-commerce world.

 E-criminals

 Tech-savvy criminals recognize the value of digital information and look for ways to steal it. They commit their crimes by exploiting security hiccups in corporate systems or by using malicious code to infiltrate computer networks. Smart phone and wireless technologies are being utilized by wider numbers of people, presenting increasingly tempting targets. What were once attacks on operating systems are now attacks on apps, database software, and even antivirus programs. Their motivation is simple: go where the money is. The confidential information these business amass provide a nearly infinite source of illicit profits for e-criminals.

Malware

One tactic e-criminals take is to leave behind bits of code called Trojan horses that track the keystrokes of the user to steal passwords, social security numbers, credit card numbers and other confidential information. Criminals are also able to control the systems of huge groups of personal computers by infecting them with malware. They cover their tracks by using thousands of personal computers to launch such attacks. Once discovered and shut down, they simply move on to another group of computers.

These threats are major concerns for both businesses and consumers. Companies that depend on the Internet for their livelihood can be devastated by attacks that shut down their web sites. Companies depending on seasonal sales can’t afford a malfunction or shutdown at the wrong time, as evidenced in the Target hack during the 2013 Christmas season. Such security breaches can result in huge financial losses in damage repair and lost business from gun-shy from consumers and clients.

 What businesses can do

A Technology Insurance policy costs almost nothing in comparison to the financial devastation from which it will protect your business.Seven out of 10 small businesses that experience a major data breach fail within one year. Don’t let that happen to you.

Call us at 800-622-7370 so we can help you assess your level of risk. In just minutes you’ll learn how our affordable Cyber Risk Insurance can protect your business from e-criminals and loss of property.

3.00 avg. rating (67% score) - 1 vote
Categories: Breach Of Security, Crime, Cyber Liability, Tech Insurance

Proactive Data Security

It’s the key to protecting your bottom line

Businesses can no longer afford to treat data security as just another problem for the IT department. It’s now a mission-critical issue for the executive suite. Companies that fail to adequately protect personal information not only run the risk of lawsuits and legal penalties, but also severe and potentially fatal hits to their bottom line.

Top executives and risk managers must recognize that the dangers posed by theft of personal data have escalated sharply in terms of financial liability and the potential for irreparable damage to a company’s reputation.  The loss of confidence in a company’s ability to properly manage confidential information can jeopardize the survival of its business. A well-known credit card processor was dropped by several major credit card brands after a security breach in its system exposed millions of consumer accounts to possible fraud.

Legislative changes

As consumers grow increasingly worried about identity theft and Internet-based fraud, Congress has set stricter standards for protecting personal and corporate data with privacy legislation. Examples are the Gramm-Leach-Bliley, Health Insurance Portability and Accountability (HIPAA) and Sarbanes-Oxley Acts. In addition, the state of California now requires businesses to notify customers when their personal data has been exposed to potential misuse. The costs of notifying tens of thousands of customers can be significant, but inconsequential compared to the potential loss of consumer confidence and goodwill.

Along with new legal standards, companies must confront increasingly sophisticated attacks from computer criminals. The threat has escalated from teenage hackers bent on virtual vandalism to organized criminal gangs seeking to steal sensitive information and hijack corporate systems for their own use. Many are operating out of Eastern Europe and Asia beyond the reach of U.S. authorities.

Steps to take

Modern businesses run on digital data. Securing that data is an essential part of corporate risk management today.To protect themselves, businesses need to take a proactive approach to data security and information management that recognizes the significant financial, legal and reputation risks involved. It is critical that senior executives and risk managers take a leadership role in building privacy and information security into the culture of their organizations. As a first step, businesses need to formally inventory all of the data housed on corporate systems, classify it accordingly to value and sensitivity, and then take adequate measures to secure it. Recognizing that these information security and privacy exposures can also pose a significant threat to the balance sheet, companies need to protect themselves financially by seeking risk transfer options as part of their overall risk management program.

If you have questions or would like assistance determining your insurance needs, please call us at 800-622-7370.

 

4.00 avg. rating (77% score) - 1 vote
Categories: ACE Articles, Breach Of Security, Cyber Liability

Who doesn’t need cyber insurance these days?

Large and small businesses risk security breaches

We might as well call them artists because their creativity knows no bounds. Cyber criminals are constantly outsmarting software developers and IT professionals.

The average annual cost of a cybercrime in the U.S. is $8.9 million, according to a 2012 study by the Ponemon Institute. That’s an increase of 6 percent over the prior year. The number of attacks are also on the rise. Each of the study’s 56 participating companies experienced an average 1.8 successful attacks per week.

Company data, not company size matters

These facts and the seemingly ceaseless headlines of high profile business breaches such as the Target’s are causing businesses to purchase cyber coverage. Only a few years ago, about 20 percent of larger companies buying cyber coverage. Today it’s about 50 percent, according to John Kerns, executive managing director for Beecher Carlson.

As IT professionals struggle to keep up with the risks, they’re encouraging companies to get coverage. The type and amount of data that financial, healthcare and retail businesses store put them most at risk. However, many small businesses also have lots of valuable data that makes them a target. They can also be at risk from hacker, user errors, or employee breaches.

Getting smaller companies on board

Most smaller companies don’t retain a legal teams and therefore aren’t kept up to date on  privacy regulations that can leave susceptible to a lawsuit. Many also don’t realize the services that are added to this type of coverage. Risk management is one such service that  provides professionals to deal with a breach. “With the coverage, you can have the panel already there for you and you know they can bring vetted resources to the table right away,”    explains Lisa Doherty, president of Business Risk Partners.

It’s so easy to get a quote

Carriers are requiring less information these days to provide a Cyber Insurance quote as their comfort level grows with this new policy type. For many smaller business types, carriers can provide a Cyber Risk quick quote indication if you provide the answers to as few as five questions.

 

Source: Amy O’Connor“As Cyber Crimes Increase, so do Coverage Options,” My New Markets, 13 Mar. 2014.

4.00 avg. rating (77% score) - 1 vote
Categories: Breach Of Security, Crime, Cyber Liability

Liability of 21st century medical technology

Two industries collide

Advances in both medical and digital technology have been taking place at lightning speed for the last 20 years or more. Generation X and the Millennials have no concept of life without the Internet, iPods, GPS navigation, DNA testing, laparoscopic and laser surgery, and alternative methods of conception.

From your digital medical records and prescriptions to remote-controlled robotic surgeries, just about everything in medicine is enhanced by if not dependant on wireless technology.

21st century risks

You’re in a minority if your computer or cell phone has never been exposed to spam, hackers, viruses or software and hardware malfunctions. These can result in simple headaches or serious financial and security breaches.

And so it stands to reason that the digital medical devices so many depend on to keep them healthy, or even alive, are also susceptible to the same risks. For example, pacemakers and other implanted devices collect and transmit valuable data from patients to their doctors. Few if any have encryption or defensive mechanisms in place. Imagine a digital virus infecting your pacemaker and crashing the device – and you!

Electronic implants, patient medical data monitors,  electronic insulin dispensers and online diagnostic apps are only a few of the new generation of wireless technologies that, if breached, could expose manufacturers, developers, software companies and others to liability lawsuits.

Will the insurance industry advance just as quickly?

So far, it hasn’t. Insurers currently focus on tangible medical products. But medical devices and smart technology, with particular regard to software and apps, are now nearly one in the same. Adding to the problem is the fact that product liability laws differ among jurisdictions.

The Food and Drug Administration is expected to release regulation recommendations addressing the merging worlds of medical and pseudo-medical devices. New regulations in this area will surely affect the insurance industry.

Contact Sadler & Co. for more information on cyber insurance and/or medical products insurance.

Source:Graeme Newman, “Technical and Medical Device Convergence,”  Insurance Journal. 24 Feb. 2014

1.00 avg. rating (47% score) - 1 vote
Categories: Breach Of Security, Crime, Cyber Liability