COVID-19 has changed the way many organizations do business. Whether out of a sense of caution or to comply with emergency orders, many businesses have shifted to allowing more work from home and remote work from employees. This increase in remote work has had significant impacts on cyber security and cyber insurance.
An Increase In Phishing Scams
In the immediate wake of most state lockdowns, the number of phishing scams and ransomware attacks skyrocketed. Some analysts say the number of attacks increased by a factor of five. Hackers and cybercriminals saw an opportunity by targeting remote workers. These workers may have been less alert to attacks while working from home. Alternatively, their network connections, firewall protection, or antivirus software may not have been sufficient to account for the change in working situation. Some companies have found it challenging to ensure security systems remain sufficiently up to date in a work from home environment. Additionally, some hackers have discovered security holes in various virtual private network (VPN) software.
More Information Being Required From Businesses For Coverage
The increase in attacks has led to greater scrutiny from the cyber insurance industry. Both deductibles and premiums are seeing small rises after years of cheap competitive pricing. Cyber insurers want to see more information regarding company security practices and business continuity plans. On top of that, cyber insurers are reviewing their policy language in ways that may alter coverage for insured businesses going forward. While some insurers are increasing coverage available to businesses in a work at home environment, others are limiting the extent to which their policies will cover breaches resulting from remote employees.
Why Remote Working Is An Issue
As an example, some policies draw sharp dividing lines between coverage for company-owned devices and personal devices. If a remote employee uses a company laptop to connect to the company’s private network and that somehow creates a breach, the insurance will cover that breach. But if the same situation occurs with the employee using a privately owned laptop, the insurance will not cover the resulting breach.
Key Takeaways For Businesses
This situation requires that companies stay alert and up to date with the changing cyber security landscape. Companies need to have sound written policies that tackle issues like the use of personal devices on the company network as well as addressing security practices in remote or work from home situations. Companies also need to review their emergency response plans and update them as necessary to cover unique issues that result from an increase in workers connecting remotely. Finally, companies need to review their cyber insurance policies to make sure their company policies match up with the coverages they have so that they do not accidentally cause a loss that insurance will not cover.
