COVID-19 has changed the way many organizations do business. Whether out of a sense of caution or to comply with emergency orders, many businesses have shifted to allowing more work from home and remote work from employees. This increase in remote work has had significant impacts on cyber security and cyber insurance.
On July 15, 2020 a number of high-profile, verified Twitter accounts were hacked. The goal seemed to be to push a double-your-money scam using Bitcoin. Some estimate that the hackers were able to net $100,000 in the cryptocurrency in a matter of minutes. These kinds of scams have always been prevalent on social media platforms, but never have so many notable accounts been taken over at once.
What does this mean for businesses that use Social Media, including Twitter, as a channel for promotion and outreach?
Companies without cyber insurance can find themselves in difficult situations. As more and more vital business functions migrate to electronic systems, companies without cyber insurance have to try and find coverage for any damage to their systems through traditional insurance policies. That approach can work depending on the specifics of a policy and a claim, but it might lead to additional legal costs fighting with the insurance company.
Ransomware attacks have increased in frequency over the past few years. They now rank as the second most frequent type of claim against cyber insurance policies. Experts estimate that a new business is hit with a ransomware attack every fourteen seconds. For 2019, early information is showing that the frequency of ransomware attacks may be decreasing. This seemingly positive trend comes with two significant drawbacks however.
There are recognized patterns of higher risk. For example, Hurricanes and earthquakes do catastrophic damage to a specific geographic area. These natural disasters pose unique risks to insurance companies as a result of that history. If an insurance company insures at lot of this type of risk, it can face massive losses and have its financial stability threatened. For this reason, insurance companies try to avoid insuring too many homes or businesses (for this example) in an at risk area for hurricane or earthquake damage. While this helps keep insurance companies financially sound, it can make coverage harder to obtain for those who need it most.
The problem of Social Engineering techniques called Phishing, Whaling, Spear Phishing, Pharming, or Impersonation Fraud has become significant and widespread in recent years. The insurance industry has made efforts to keep these risks in mind for cyber liability policies. Sometimes there is language added that will protect a company, but sometimes communication is added to a basic policy that would not protect a business against these specific risks.
More and more companies are purchasing cyber insurance as the risks to the company’s businesses from the breach of their networks expand. More companies are also requiring that their vendors and contractors obtain cyber insurance to protect themselves from breaches caused by third parties. As the cyber insurance market place grows, it’s important for companies to know what they get with their cyber insurance policies to maximize the advantage of their purchase.
Ransomware continues to be a popular tool among hackers and cyber criminals. By locking users out of their own systems, these cyber criminals can extort significant payments from companies who risk losing way more money due to the interruption to their business. Traditionally, the number one target of ransomware attacks has been the healthcare industry due to the incredibly time-sensitive nature of their business. Recently however, hackers have focused their attacks on industrial businesses which is bad news for product manufacturers and physical plants.
The cyber market has evolved incredibly in a few short years. It’s been barely more than twenty years since the internet became a ubiquitous presence in the lives of most Americans. As cyberspace has grown, the risks attendant on cyberspace has grown as well. To meet the challenges of combining scope and risk, legislators and courts have had to move quickly to regulate this area and protect individuals from loss. At the same time, insurance companies have had to tailor policies to protect companies from the risks of doing business online.
It seems not a week goes by these days without news breaking of another massive data breach affecting hundreds of millions of people. At the end of November 2018, Marriot, the global hotel chain, announced they had been hacked and the personal information of five hundred million preferred customers had been exposed to criminals. What’s worse, Marriott announced the original data breach occurred over four years ago, leaving people unknowingly at risk for identity theft during that time.