Imagine this scenario: You’re a business owner, and you arrive to work one day to discover your company files have all disappeared, your bank account has been wiped out, and personal, employee and customer information was stolen. You are one of the latest victims of a cyber attack, and you are not alone.
Luckily this was only a scenario, but it can become a reality without warning. And it can happen to a company of any size, in any industry. Contrary to popular belief, cyber attacks are not unique to the healthcare or financial sectors.
In fact, according to a report from the Identity Theft Resource Center and CyberScout which evaluated 791 data breaches that were reported during the first half of 2017, the business sector experienced the highest percentage of the total breaches reported.
Cyber security is a big topic, but there’s no better time to discuss this important issue than during October, the National Cyber Security Awareness Month. Let’s explore cyber security, the potential risks your business may be exposed to and how cyber liability insurance can help prepare and protect your business.
What is a cyber attack
Unlike physical threats that prompt immediate action—like stopping, dropping and rolling if you catch on fire—cyber threats are often difficult to identify and understand.
Cyber threats include dangers such as viruses erasing entire systems, intruders breaking into systems and altering files, intruders using your computer or device to attack others and intruders stealing confidential information.
The spectrum of cyber risks is limitless; threats, some more serious and sophisticated than others, can have wide-ranging effects on the individual, community, organizational and national levels.
What are the most common types of cyber attacks?
There are many different types of cyber attacks, some more common than others. While this list is by no means exhaustive, it does cover many of the strategies and tactics that have proven to be effective for hackers and therefore are likely to be used again.
A Denial of Service Attack (DDoS)
This is an attempt to take down an online service (website, server, etc.) by attacking it with traffic from multiple compromised computer systems. It is impossible to stop the attack by blocking a single IP address, because it is extremely difficult trying to distinguish the attack traffic from legitimate user traffic.
Malware (Malicious Software)
Malware refers to different types of intrusive software, including spyware, ransomware, adware, computer viruses, Trojan horses and worms, just to name a few, that can infect a system. You can unwittingly attach malware to your computer by visiting insecure websites and downloading what you think is legitimate software (ex: from an insecure music downloading site or free screensaver site).
Password attacks are very common and can happen in several different ways. A Brute Force Attack uses software that repeatedly attempts to login using common passwords and password combinations hoping to guess correctly.
A Dictionary Attack uses a script or program using all words found in a dictionary.
A Key Logger Attack uses malware (such as a virus, worm or a Trojan) to track a user’s keystrokes, enabling them to view everything the user has typed, including login ID’s and passwords.
In this scenario, a scammer uses fraudulent emails, texts, or copycat websites to get you to share personal information such as your Social Security number, bank account numbers, login ID’s and passwords, to steal your money, identity or both.
In a ransomware situation, a hacker uses malware designed to block access to a computer system until a sum of money (ransom) is paid. The perpetrator may also threaten to release or publish private information if a ransom is not paid.
E-Mail Spoofing/Cyber Fraud
In an e-mail spoofing situation, hackers create e-mail messages with a forged sender address. They use the internet to gather information on the head of a company and on those employees authorized to handle money transactions (wires, transfers, etc.). This information is used to impersonate the company head and instruct employees to transfer money to fraudulent accounts.
What are the consequences of a cyber attack?
A cyber attack can have devastating consequences on a business, including:
- Business stoppage and the resulting loss of revenue
- Financial losses resulting from possible litigation
- Theft of your employees or customers personal data
- The stealing of company trade secrets
- A demand for ransom
- Angry customers, a negative impact on your company’s reputation and PR nightmare
- In some cases, the possible firing of employees in charge of cyber security
- Permanent business closure
I own a small company. Is my company really at risk?
The potential for a cyber attack is very real, regardless of the size of your company. In fact, studies show that small business attacks are on the rise because small businesses are generally easier targets (when compared to larger companies) since they tend to have weaker online security.
With that said, a business can have the latest cyber security tools in place and can still suffer from a cyber attack. It only takes one employee downloading something from an insecure website, opening an infected e-mail attachment or connecting a virus infected flash drive to cause a serious problem!
How cyber liability insurance can help protect your business
A traditional business liability policy is extremely unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur.
Cyber liability insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability coverage simply won’t. The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. It is important to work with an insurance agent that can identify your areas of risk so a policy can be tailored to fit your unique situation.
Below is a list of possible exposures that may be covered by a typical cyber liability policy:
- Business interruption
- Regulatory fines and penalties
- Recovery expenses (the cost to notify customers about the breach, restoring personal identities of, and credit monitoring of affected customers)
- Recovering compromised data
- Repairing damaged computer systems
- Liability incurred from website media content
- Legal fees and expenses
- Funds transfer loss
- Cyber extortion
Some Final Thoughts
As reliance on technology continues to increase, new exposures continue to emerge. Don’t be caught unprepared to handle the aftermath of a cyber attack.
If you have questions about cyber liability insurance, and would like to speak with our Lehigh Valley cyber liability insurance experts, please contact us. We can design a cyber liability insurance program that can help provide the peace of mind knowing that your business is better prepared to handle the aftermath of a cyber attack.
Arbor Insurance Group provides cyber liability insurance and other business and personal insurance products throughout the Lehigh Valley, including Allentown, Bethlehem, Easton, Emmaus, Macungie and surrounding areas.