Tag Archive for: Cyber risk

all businesses need to mitigate risk with cyber insurance

I don’t have an online business, do I need cyber insurance?

in , ,

The insurance policies a business chooses is based on their specific business model. What works for one business may not work for another. One policy, however, lives as a baseline policy all businesses should have- cyber insurance

 

This rings true, especially in light of today’s tech-reliant world. Even businesses that do not operate online are not free from the dangers of a cyber attack. 

 

Furthermore, recent events regarding the ongoing Russian-Ukrainian War have the potential to impact all businesses and their cyber security in the United States. Cyber security risks are escalating, so let’s discuss more why even non-online businesses should invest in cyber insurance.

do all businesses need cyber insurance? 

Yes. All businesses need cyber insurance regardless of business type—especially in today’s digital environment. 

 

Even if your business is not an online business, cyber insurance helps mitigate risk. Cyber-attacks occur regularly (every 11 seconds in 2021), and can target individuals and businesses alike. No one is safe from the threat of a cyber attack – no matter the business model. 

 

Typically, attackers use the following tactics in a cyberattack:

  • Phishing 
  • Compromised/stolen devices
  • Credential theft 

 

General and professional liabilities may include basic cyber liability coverage, however, businesses that store personally identifiable information or any sensitive information for employees and customers should seek out further coverage. 

 

Data your business has (i.e. phone numbers, credit card numbers, social security numbers, and more) puts any business at risk for an attack.  

 

A report by Nerdwallet, “​​Among small businesses with fewer than 250 employees, the average reported cyberattack cost was about $25,600.”

 

Consider the following cyber attack statistics below before dismissing a cyber security policy for your business. 

 

  • Cybercriminals can penetrate 93% of company networks
  • In 2021, businesses suffered 50% more cyberattack attempts per week
  • Corporate cyber attacks increased by 50%
  • Small to medium-sized businesses are most commonly targetted   
  • 43% of cyber-attacks are targeted against small businesses 
  • 83% of small businesses are not financially prepared for a cyber attack

 

The threat of a data breach is here to stay. We here at benchmark have first-hand experience with what cyber attacks look like, and what to do to keep your business safe. Read on to learn how we mitigated a cyber attack against our vendor’s business. 

 

benchmark case story

A few years ago, our data vendor’s cloud server was hacked.  All of the vendor’s “mission-critical” information stored in the Cloud was breached (i.e. email servers, client databases, and more)- that included our sensitive information and the information of their other clients. 

 

The hacker asked for a ransom to not share all of the data and to return the data back to our vendor. 

 

Luckily, because the vendor had benchmark’s cyber insurance coverage, our office and all of the vendor’s clients came out unscathed. The cyber insurance covered the entire ransom the hacker was asking for– which meant our vendor was able to keep their data safe and unharmed. 

 

Our cyber insurance policy coverage protected our vendor, our business, and their clients from leaking private information. It also kept the vendor in business so they wouldn’t go bankrupt from paying the hacker’s ransom out of pocket. 

 

Read our next blog post for a complete guide to cyber insurance and why you need it. 

 

all businesses need cyber insurance

why email may be your biggest cyber risk

why email may be your biggest cyber risk

in

When you hear the word “cyber risk,” what do you think of?

If you think of Facebook or strangers sending sketchy links over text, you’re not alone. But, you are wrong.

In 2019, The FBI’s Internet Crime Complaint Center (IC3) reported that the losses for business email scams was $1.7 billion. So, your email might be your biggest cyber risk, what does that mean for you? Let’s break it down. 

BEC Scam 

The FBI defines a Business Email Compromise (BEC) scam as, “Also known as email account compromise (EAC) — is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business— both personal and professional.” 

They also list what BEC scams can often look like: 

  • “A vendor your company regularly deals with sends an invoice with an updated mailing address
  • A company CEO asks her assistant to purchase dozens of gift cards to send out at employee rewards. She asks for the serial numbers so she can email them out right away. 
  • A homeowner receives a message from his title company with instructions on how to wire his down payment.” 

The listed scenarios were all fake, and cost companies thousands (sometimes hundreds of thousands) of dollars. 

The rise in Cyber Security breaches has jump-started many companies into investing in cyber security insurance. This is a great way to protect yourself and your company, but there are preventative measures that can be taken. 

How to Avoid BEC or EAC Scams

There are some steps you can implement to avoid the financial downfall of a cyber attack. 

Company Policy

Set clear policies about what should be responded to within the company email. This also implies that the company email is not used for general things (for example, signing up for a clothing discount). Within company policy, there should be a rule for not sending personal passwords or information over email. 

Social Media

Social media has changed what a company might share with the world. The information that is shared with the public can be informative about the industry, but should NOT be stating that the whole company is out of the office for a day off. 

Employee Knowledge

Train your employees to look out for red flags in their inboxes. This could look like anything from emails from outside the company, to emails asking for personal information. Emails can be included in a broad cyber security training, considering their high-risk factor. 

Has the recent rain caused any alarm for flooding at your commercial property? Learn more about the surface water exclusion that is most likely a part of your property insurance.