Gulfshore Insurance > Cyber Liability

GEN Benefits of Cyber Liability Insurance

When cyber attacks like data breaches and hacks occur, they can result in devastating damage. Businesses have to deal with business disruptions, lost revenue and litigation. It is important to remember that no organization is immune to the impact of cyber crime. As a result, cyber liability insurance has become an essential component to any risk management program.

Cyber liability insurance policies are tailored to meet your company’s specific needs and can offer a number of important benefits, including the following:

Data breach coverage. In the event of a breach, organizations are required by law to notify affected parties. This can add to overall data breach costs, particularly as they relate to security fixes, identity theft protection for those impacted by the breach and protection from possible legal action. Cyber liability policies include coverage for those exposures, thus safeguarding your data from cyber criminals.

Business interruption loss reimbursement. A cyber attack can lead to an IT failure that disrupts business operations, costing your organization both time and money. Cyber liability policies may cover your loss of income during these interruptions. What’s more, increased costs to your business operations in the aftermath of a cyber attack may also be covered.

Cyber extortion defense. Ransomware and similar malicious software are designed to steal and withhold key data from organizations until a steep fee is paid. As these types of attacks increase in frequency and severity, it’s critical that organizations seek cyber liability insurance, which can help recoup loses related to cyber extortion.

Forensic Support. Following a cyber attack, your organization will have to investigate to determine the extent of the breach and what led to it. The right policy can reimburse the insured for costs related to forensics and seeking out expert advice. Additionally, some policies can provide 24/7 support from cyber specialists, which is especially useful following a hack or data breach.

Legal Support. In the wake of a cyber incident, businesses often seek legal assistance. The assistance can be costly. Cyber liability insurance can help businesses afford proper legal work following a cyber attack.

Coverage beyond a general liability policy. General liability policies don’t always protect organizations from losses related to data breaches. What’s more, data is generally worth far more than physical assets, and it’s important to have the right protection in place when you need it most. Supplementing your insurance with cyber coverage can provide you with peace of mind that, in event of an attack, your organization’s financial and reputational well-being is protected.

Gulfshore Insurance is a Naples, Florida based insurance agency specializing in business insurance including liability insurance, property insurance, workers compensation insurance, vehicle insurance, business income interruption insurance, cyber insurance, commercial umbrella insurance, and more. Our insurance and risk management advisors are industry specialists for condominium associations, golf and country clubs, oil and petroleum marketers, construction, landscaping, churches and non-profits, and work comp. Navigating insurance requires an experienced and trusted insurance agent who understands your business risks and exposures. Gulfshore Insurance services Naples, North Naples, Marco Island, Bonita Springs, Fort Myers, Sarasota, Lido Beach, Longboat Key, Bradenton Beach, and Southwest Florida. We have office locations in Naples, Fort Myers, Fort Lauderdale, and Sarasota.

GEN Ransomware Largest Driver of Cyber Insurance Claims in the last Five Years

Ransomware represented the number one cause of loss in a study of almost 6,000 cyber insurance claims, with the average ransom rising to $247,000 and the average incident cost up to $352,000 in 2020.

NetDiligence’s 11th annual cyber claims study evaluated 5,797 claims arising from incidents between 2016 and 2020. Across the five years of claims data, ransomware accounted for 32% of all incidents affecting small to medium enterprises (SMEs). Hacking incidents were a distant second at 10%, and business email compromise followed at 9%.

The study revealed that ransomware events accounted for 79% of claims with a business interruption (BI) expense, with an average BI cost of $446,000 in 2020 and an average BI cost of $316,000 over the five-year period. Ransomware events also caused 81% of claims involving recovery expense losses, according to the data.

Professional services firms were found to have the highest frequency loss over the last five years, followed by manufacturing, health care, technology, retail and financial services. The top five sectors account for 70% of claims and 74% of total incident costs. Professional services firms also contributed 32% ($229 million) of overall incident costs; this number is well above health care, which was 11%.

Claims costs range from less than $1,000 to over $120 million. Nearly all (99%) came from SMEs for a total of $537 million in losses, and the losses associated with the 1% of claims striking large businesses reached $727 million.

The averages include “some very expensive claims,” the authors of the report noted. For SMEs, six claims in the sample reached over $5 million, with one costing over $100 million. For larger companies, 10 claims featured costs between $15 million and $100 million. NetDiligence said it found no link between business size and the magnitude of a L cyber loss, with the largest event affecting an SME.

“With ransomware again the number one cause of loss, we will be watching closely to see whether cyber policyholders, especially SMEs, deploy sufficient cybersecurity safeguards to reduce their ransomware exposure and qualify for ransomware coverage. If not, the challenge will be how we, as an industry, can help them get there,” said Mark Greisiger, NetDiligence president, in a statement.

Gulfshore Insurance is a Naples, Florida based insurance agency specializing in business insurance including liability insurance, property insurance, workers compensation insurance, vehicle insurance, business income interruption insurance, cyber insurance, commercial umbrella insurance, and more. Our insurance and risk management advisors are industry specialists for condominium associations, golf and country clubs, oil and petroleum marketers, construction, landscaping, churches and non-profits, and work comp. Navigating insurance requires an experienced and trusted insurance agent who understands your business risks and exposures. Gulfshore Insurance services Naples, North Naples, Marco Island, Bonita Springs, Fort Myers, Sarasota, Lido Beach, Longboat Key, Bradenton Beach, and Southwest Florida. We have office locations in Naples, Fort Myers, Fort Lauderdale, and Sarasota.

 

Andrea Pelletier, CPRIA, CPIA is Client Advisor and Partner at Gulfshore Insurance specializing in Private Risk Services. Andrea works with successful individuals and their families on creating and customizing package insurance solutions in the areas of luxury homes, car collections, jewelry, fine arts, watercraft, and personal excess liability. Comments and questions are welcome at apelletier@gulfshoreinsurance.com

Gulfshore Insurance is a Naples, Florida based insurance agency specializing in home and homeowners insurance, car and auto insurance, boat and yacht insurance, property insurance, umbrella insurance, valuables insurance for fine art, jewelry, wine, and more. Navigating insurance requires an experienced and trusted insurance agent who understands your high net worth risks and exposures. Gulfshore Insurance services Naples, North Naples, Port Royal, Park Shore, Pelican Bay, The Moorings, Naples Beach, Marco Island, Bonita Springs, Sanibel Island, Captiva, Fort Myers, Sarasota, and Southwest Florida. We have office locations in Naples, Fort Myers, Fort Lauderdale, and Sarasota.

 

Andrea Pelletier, CPRIA, CPIA is Client Advisor and Partner at Gulfshore Insurance specializing in Private Risk Services. Andrea works with successful individuals and their families on creating and customizing package insurance solutions in the areas of luxury homes, car collections, jewelry, fine arts, watercraft, and personal excess liability. Comments and questions are welcome at apelletier@gulfshoreinsurance.com

Gulfshore Insurance is a Naples, Florida based insurance agency specializing in home and homeowners insurance, car and auto insurance, boat and yacht insurance, property insurance, umbrella insurance, valuables insurance for fine art, jewelry, wine, and more. Navigating insurance requires an experienced and trusted insurance agent who understands your high net worth risks and exposures. Gulfshore Insurance services Naples, North Naples, Port Royal, Park Shore, Pelican Bay, The Moorings, Naples Beach, Marco Island, Bonita Springs, Sanibel Island, Captiva, Fort Myers, Sarasota, and Southwest Florida. We have office locations in Naples, Fort Myers, Fort Lauderdale, and Sarasota.

Commercial Lines Multi Factor Authentication A Must Have for Critical Cyber Coverage

A growing number of cybersecurity threats have companies on high alert. More sophisticated cyberattacks have been aimed at the data and assets of corporations, and carriers are increasingly requiring insureds to implement multifactor authentication as a subjectivity for a cyber liability policy.

What is MFA?

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more credentials in order to gain access to an account. Rather than just asking for a username and password, MFA requires one or more additional verification factors unique to the individual, which decreases the likelihood of a successful cyber attack.

Picture yourself at an ATM withdrawing money from your bank account. Your debit card (something you have) is one authentication factor. However, to access your account, you also need to enter the PIN that is associated with your debit card. Your PIN (something you know) is your second authentication factor.

Credentials May Include:

  • Things you know: a password or personal PIN
  • Things you have: a badge or cellphone
  • Things you are: biometric information such as fingerprints or facial recognition

Why is it Important for Cyber Security?

Password compromises have accounted for 81 percent of data breaches in recent years. There are limits to what a single password can do. Rather than asking for a single password that hackers and cyber criminals can gain access to, this adds an additional layer of security. MFA helps protect against unauthorized access, data breaches and password-based cyber-attacks.

Where Should it be Implemented?

MFA is recommended to be implemented across:

  • all remote access to data or the environment (email, VPN, etc.) for access to cloud and on-premises applications
  • for any additional applications (internal or external) that contain personally identifiable information (PII)
  • internal activity with privileged users (owners of a credential that has admin access locally to  a  part of the system or domain-wide across many devices or servers).

In plain English, companies should look to secure any remote access points to their systems or data with MFA. Internal usage of privileged accounts, such as local administrators or domain administrators, should be also secured with MFA where possible.

Some Factors are Stronger than Others

Cybersecurity professionals have long advocated  that two factor authentication utilizing text messages (SMS) is less secure than other methods. The US government stopped using SMS authentication in 2016 — and encouraged others to do the same. Since then, there have been successful breaches across organizations that still utilize this less secure variation of MFA.

There are countless ways for criminals to bypass SMS authentication, some more complex than others, but opt for utilizing MFA apps like Duo, Google  Authentication, or Microsoft Authenticator if you’re using a  smartphone as a means to enable MFA for your organization.

MFA is Not the End-All-Be-All

MFA is an important preventive measure to take to avoid security breaches, but it is not an all-encompassing solution to protect an organization. As noted above, there are weaknesses with SMS-based authentication — and even the most secure forms of MFA have limitations.

For example, if an employee’s personal computer was already compromised and they were utilizing a VPN to work from home, MFA may not prevent malware spreading throughout the corporate network . Additional external defenses would be necessary for further risk mitigation.

What Does an MFA Roll-out Involve?

The timeline and cost of implementing MFA is dependent on several factors, like the size of your organization, the email provider and other technology platforms you’re using, and how you plan to introduce the concept to all of your employees (from stakeholders to the IT department). In some cases, for companies who are already using a system, like Microsoft O365, that has MFA built in; it would only be a slight exaggeration to say that the process for implementing MFA at these organizations is as easy as flipping a switch. In other organizations, with many overlapping technology platforms and access points that have accumulated over time, implementation can be a bit more involved.

While the ultimate goal of MFA implementation is to eventually cover all users across your systems, it’s good to prioritize where to begin based on the risk level to the organization. Starting with administrative (and high-risk) accounts has two key benefits: privileged accounts have the greatest security impact, and you can use what you learned in the roll-out with senior leaders to aid in deploying to the next round of employees. As you consider what systems require user log-in, recognize where you’ll need to update (or replace) older infrastructure that doesn’t support modern authentication.

download1

Click to download instructions on setting up MFA in Office 365.