Tag Archive for: business

all businesses need to mitigate risk with cyber insurance

I don’t have an online business, do I need cyber insurance?

The insurance policies a business chooses is based on their specific business model. What works for one business may not work for another. One policy, however, lives as a baseline policy all businesses should have- cyber insurance

 

This rings true, especially in light of today’s tech-reliant world. Even businesses that do not operate online are not free from the dangers of a cyber attack. 

 

Furthermore, recent events regarding the ongoing Russian-Ukrainian War have the potential to impact all businesses and their cyber security in the United States. Cyber security risks are escalating, so let’s discuss more why even non-online businesses should invest in cyber insurance.

do all businesses need cyber insurance? 

Yes. All businesses need cyber insurance regardless of business type—especially in today’s digital environment. 

 

Even if your business is not an online business, cyber insurance helps mitigate risk. Cyber-attacks occur regularly (every 11 seconds in 2021), and can target individuals and businesses alike. No one is safe from the threat of a cyber attack – no matter the business model. 

 

Typically, attackers use the following tactics in a cyberattack:

  • Phishing 
  • Compromised/stolen devices
  • Credential theft 

 

General and professional liabilities may include basic cyber liability coverage, however, businesses that store personally identifiable information or any sensitive information for employees and customers should seek out further coverage. 

 

Data your business has (i.e. phone numbers, credit card numbers, social security numbers, and more) puts any business at risk for an attack.  

 

A report by Nerdwallet, “​​Among small businesses with fewer than 250 employees, the average reported cyberattack cost was about $25,600.”

 

Consider the following cyber attack statistics below before dismissing a cyber security policy for your business. 

 

  • Cybercriminals can penetrate 93% of company networks
  • In 2021, businesses suffered 50% more cyberattack attempts per week
  • Corporate cyber attacks increased by 50%
  • Small to medium-sized businesses are most commonly targetted   
  • 43% of cyber-attacks are targeted against small businesses 
  • 83% of small businesses are not financially prepared for a cyber attack

 

The threat of a data breach is here to stay. We here at benchmark have first-hand experience with what cyber attacks look like, and what to do to keep your business safe. Read on to learn how we mitigated a cyber attack against our vendor’s business. 

 

benchmark case story

A few years ago, our data vendor’s cloud server was hacked.  All of the vendor’s “mission-critical” information stored in the Cloud was breached (i.e. email servers, client databases, and more)- that included our sensitive information and the information of their other clients. 

 

The hacker asked for a ransom to not share all of the data and to return the data back to our vendor. 

 

Luckily, because the vendor had benchmark’s cyber insurance coverage, our office and all of the vendor’s clients came out unscathed. The cyber insurance covered the entire ransom the hacker was asking for– which meant our vendor was able to keep their data safe and unharmed. 

 

Our cyber insurance policy coverage protected our vendor, our business, and their clients from leaking private information. It also kept the vendor in business so they wouldn’t go bankrupt from paying the hacker’s ransom out of pocket. 

 

Read our next blog post for a complete guide to cyber insurance and why you need it. 

 

all businesses need cyber insurance

cyber liability insurance protects your business in case of a cyber attack

your guide to cyber insurance: why do you need it?

The cyber insurance industry is a rapidly growing market that can be difficult to navigate for those seeking or renewing insurance. With underwriting and renewal processes taking longer to complete, read on our full guide on why you need cyber insurance.

why should you invest in cyber insurance?

Cyber insurance covers expenses from data breaches, viruses, or other cyber-attacks and fraud. It can also cover legal claims that come from a security breach. As companies utilize cloud software, personal computers and laptops, and other technology-based means to store their sensitive data, their risk for a security breach grows exponentially.

The Identity Theft Resource Center claims that in 2018, businesses experienced 571 breaches in security, which exposed 415 million employee and customer records.

In 2021, a cyber-attack incident occurred every 11 seconds.

If your company experiences a breach, federal law requires you to perform an extensive list of tasks. If you have cyber insurance coverage, however, your carrier will take on that responsibility.

Investing in cyber insurance helps protect your business from financial losses that can come with a cyber attack, and help keep reputation damage at bay.

is your business vulnerable to cyber-attacks?

As many businesses moved to a work-from-home model, cyber-attacks have increased. With most company communication through e-mail, Slack, and other online platforms, the risk of a breach increases. This could cause a company to experience massive monetary losses as well as reputation damage.

who needs cyber liability insurance?

While some general liability and professional liability policies include some basic cyber liability coverage, some additional coverage may be needed. Businesses that store personally identifiable information (PII) for both employees and customers should have additional coverage.

Cyber breaches can occur in a multitude of ways. They can be executed through phishing emails, viruses, ransomware, or other malicious attempts to corrupt your data. The best way to begin protecting your data is to establish internal safeguards with cyber security. This includes using strong passwords and monitoring electronic device access and access to software tools.

This form of coverage is growing in demand as we shift towards a cyber-reliant world. The National Associate of Insurance Commissioners found that the U.S. cyber insurance market “expanded to $4.1 billion in direct premium in 2020, representing an increase of over 29% from 2019.”

what does cyber liability insurance cover?

There are a few types of coverage within a cyber liability policy. First-party and third-party coverage help ensure you’re protected for whatever comes your way.

first-party coverage

First-party coverage includes coverage for immediate expenses related to the cyber breach. These expenses typically include:

  • The cost of notifying employees and the public
  • Marketing and public relations response that protect the company’s reputation
  • Extortion money
  • Repairing the damage to software and hardware
  • The cost of business interruption and missed income while operations are suspended
  • Other ancillary costs

third party coverage

On the other hand, third-party coverage helps a company defend against lawsuits and legal claims. There are a few lawsuits that may occur. Privacy lawsuits are covered under this coverage in case you have breached the privacy of customers and employees.

Regulatory body fines are covered as well as media liability claims (copyright infringement, libel, or slander). Lastly, breach of contract and negligence claims are covered under third-party coverage.

what does cyber liability insurance not cover?

It’s important to understand what your insurance coverage does not cover. When you review your cyber security protections, you may be able to identify where your vulnerabilities lie. Some common exclusions from cyber liability insurance include:

  • Bodily injury and property damage claims: Any claims of bodily injury or property damage will not be included in your cyber liability insurance policy. However, a general liability policy will cover these claims.
  • Criminal activity: Cyber liability insurance policies do not cover fraud, robbery, employee theft, and other crimes. However commercial crime insurance will cover these claims.
  • Social engineering: A cyber liability insurance policy will not cover when employees are tricked into transferring company funds. This can be an additional add-on with some cyber liability plans.
  • Loss of property: When an employee loses a piece of property, like a phone or computer, cyber liability will not cover the cost. However, a commercial property insurance policy will.

Like many businesses, you likely utilize computers, and other electronic devices to send, receive, and store electronic data. Data is one of your most valuable assets. It’s important to ensure that you protect that data and consider the cost of losing it.

signs you’re at risk of experiencing a cyber-attack

Cyber-attacks occur without forewarning. Sometimes, businesses don’t initially realize that they’re under a cyber attack. Review the following signs that your business is experiencing a cyber attack.

  • You’re receiving requests for transactions, like direct deposits or electronic fund transfers.
  • Unsolicited communications are coming through from unknown companies or people.
  • Links within emails do not match—check links by rolling your cursor over the link to see if the two match with the content and the email address!
  • Requests with a high sense of urgency, asking you to complete documentation immediately.
  • Requests for usernames, passwords, and other personal details like banking information.

If you realize you’re under a cyber attack, act immediately. First, disconnect your device from the internet, restore your system, and report the attack to your IT department.

After the attack, make sure you file a report with the police and your insurance.

how to mitigate risk

There are ways to decrease your business’s risk of falling prey to a cyber-attack. Being proactive about cybersecurity, and having cyber insurance helps keep your business information secure. Other ways to mitigate risk include:

  • Limit your use of large email attachments and programs that put pressure on your company’s bandwidth ecosystems.
  • Do not forward emails with attachments that contain highly restricted or company confidential information to personal accounts.
  • Avoid reading, talking about, or leaving confidential information in unsecured work-from-home areas.
  • Log off of work devices when you’re not using them.
  • Shred sensitive documents.
  • Restart your computer regularly.
  • Be aware of third-party risk because 59% of companies experience a cyber breach because of a third party.

cyber claim tips

When submitting a claim, use our tips to make sure you have the most successful outcome.

  1. Prepare and understand your insurance policy beforehand. Before a breach occurs, understand and review your policy, and what it covers. Make sure the structure of the claim fits your business needs.
  2. File your claim correctly. Most cyber insurance claims are first-party claims because the most common types of cyber-attacks are ransomware, malware, and social engineering fraud. However, file a third-party claim if you experience the need for defense in a lawsuit. Once assigned, insurer claim adjusters quickly help mitigate losses and help the legal and forensic response.
  3. Do not wait to report your claim. Once you become aware that there is a breach in your cyber security, the first step is to report and file the claim as soon as possible. No matter what type of breach, do not wait to file a report because it’s easier to give assistance early on during a breach.
  4. Obtain insurer consent. Once the claim is filed, the insurer must give their consent to onboard attorneys, IT professionals, and investigators for the breach.

At benchmark commercial insurance, we offer global capacities with a boutique experience. What we do best is look at your company holistically and use our knowledge of changing policy to give you the security of knowing you’re covered.  It’s true, anyone can get you cheap insurance, but not anyone can be there for you like we can when structuring your policy and filing a cyber security claim.

Curious about what other areas of your company may be putting you at risk for a cyber security breach? Read our article about why email may be your biggest cyber risk here.

 

your business needs cyber liability insurance to protect against cyber attacks

preparing for potential bottlenecks in your business and supply chain

preparing for potential bottlenecks in your business and supply chain

Are there red flags in your supply chain that may lead to bottlenecks? If there are, a bottleneck may impede product delivery in the new year, and that is not ideal. 

So, what can prevent potential bottlenecks before they damage your company’s ability to deliver? And what is a bottleneck? It can be complicated, so let’s dive into the details.

what is a bottleneck? 

A bottleneck can occur on all levels of manufacturing when resources are pushed past their maximum capacity. A bottleneck limits a company’s full potential, and is, of course, to be avoided.

As shown in the illustration below, the base of the bottle is overwhelmed and the neck of the bottle is too small for the demand of the supply chain. 

preparing for potential bottlenecks in your business and supply chain

Image courtesy of Chris Hohmann

As a manufacturer, there are five types of bottlenecks to be aware of: 

  • Poorly Designed Processes
  • Employee Absences
  • Overworked Machinery
  • No Automation
  • Poor Forecasting

These types of bottlenecks can be broken down into the categories of: People, Machines, and Processes.

people bottlenecks

employee absences

As mentioned above, human error is a part of the industry. One of the main factors of bottlenecks occurring is a high amount of employee absences. The processes that are set in place to avoid equipment failure are only as strong as the number of employees that are at work. With employee absences, there is a higher chance that small errors will occur.

If people are filling in roles out of desperation, then they are not well versed in the processes in place. One way to try and avoid this is to train employees on all of the roles involved in manufacturing, in case an employee is put into a position they’re not fully comfortable performing.  

machine bottlenecks

overworked machinery 

Just like people, if a machine is overworked, it will not be performing at its top level of productivity. If the machinery is overworked to meet the demand, there is a high risk of a bottleneck occurring.

Although the easier choice is to push machines to their maximum capacity (or further) in order to meet a deadline, this decision is asking for trouble.

process bottlenecks

lack of automation

We live in a world of technology.

In the manufacturing industry, technology should be used to help prevent bottlenecks. Automation is sometimes included in machinery or can be externally used. Regardless, there are benefits to using automation and technology in manufacturing.

Manufacturers have used automation not only to keep track of numbers but also to identify the physical location of machinery. Another benefit of automation is that with technology comes usable data. Data collection can be a huge tool in predicting future bottlenecks and learning from past mistakes.

Automation creates a smoother process of combining people and machinery.

poor forecasting

Although it’s true that some machine failures or bottlenecks are impossible to predict, poor forecasting can be a catalyst to missing major red flags that can disrupt your supply chain.

An example of poor forecasting is not maintaining structure in properly storing supplies and materials.

To use forecasting to your advantage, it’s helpful to predict when there might be increased demand. Then, make sure the right amount of inventory is available and that the machines can handle this level of demand to avoid a bottleneck.

poorly designed machine processes

If one part of the machine doesn’t work, the entire machine will most likely fail. If there are detailed processes laid out with preventative measures, however, there is a decreased chance of machine failure.

The efficiency of said processes can also be affected by human contact within the manufacturing line. Human error is common, so keeping employees up-to-date with understanding new machinery and processes is crucial in avoiding bottlenecks.

This includes:

  • Implementing preventative action to keep machinery up-to-date with industry standards
  • Not letting parts function beyond their lifespan

Along with preventive measures, there is value in training employees the proper response to a machine failure that resolves the situation quickly. This can prevent bottlenecks.

red flags in your supply chain

Is there a way to see where bottlenecks might occur? Well, aside from the processes mentioned above, acknowledging that there are red flags in manufacturing is crucial.

Some red flags in your supply chain may include: 

  • Unpredictable lead time
  • Internal reporting and delivery issues 
  • Slow product phase movement 
  • Not enough workers at one stage or another of production/ processing/ delivery 
  • Disorganized delivery scheduling 
  • Lack of product lifecycle tracking 

Identifying and addressing these red flags early on can help prevent bottlenecks. When it comes to equipment failure, however, sometimes a delay is inevitable. Read on for more on how to prepare.

how to prepare for equipment failure

There is not much that can be done if major equipment failure takes place. 

One key way to try and avoid equipment failure, however, is to create a diversified pool of vendors that you collaborate with. This means hiring locally, offshoring, and “near-shoring”. Doing so streamlines processes, provides backups and is one way to improve and balance your supply chain. 

what do I do after a bottleneck occurs?

So, you’ve experienced a bottleneck. What now? 

Bottlenecks have both short and long-term effects on a business.

After a bottleneck occurs, it’s important to evaluate what happened, why it happened, and how to avoid a similar situation in the future. The bottleneck you experience will help your company learn and grow when you look at it from the perspective of a learning opportunity.

So, you now know how to prevent a bottleneck—but do you know how to prevent a cyber-attack? Read on to learn why email may be your biggest cyber risk.