2021 saw higher cyber threats than any other year to date. Even with the advanced knowledge experts have on cybercrime, the new developments in preventative tactics-hacking schemes have become more difficult to detect in advance. With the increased attention on cyber, most people are paying more attention to vulnerabilities in their personal and professional lives. We commonly associate cyber fraud with things like social security numbers, email schemes, and fake websites. Though these areas are highly infiltrated with cyber security risks, there are other areas people should be directing their attention to. Hackers and professional cybercriminals are aware of the increased protection and attention to common risks and are putting their efforts elsewhere as a response. Being aware of surprising cyber threats that your business could face can help you implement better practices and protect your business.
The severe conflict between Russia and Ukraine has resulted in high-level cyber attacks and threats of imminent shutdowns reaching the west. Though the invasion of Ukraine by the Russian military escalated over this past weekend, the tension between the two territories has been steadily increasing over the past several weeks. Leading up to the invasion, Russian hackers have been shutting down Ukrainian websites, including important government and bank sites. These sophisticated cyber-attacks have cut off access to crucial resources for the Ukrainian people. Experts are going so far as to name these events the start of a true cyberwar. As more and more countries get involved in the conflict to aid the Ukrainian people, Russia continues to warn of consequences. The clear threat of more cyber hacks now has the potential to hit the US, and businesses are preparing for how to respond in the event that they are targeted.
The past decade has exponentially increased the world's radar on cybersecurity threats and vulnerabilities. These years have shifted society into a primarily digital where business, social, and financial matters are typically handled through some form of an online platform. In the past two years alone, due to the pandemic, the few areas of life that remained physical are primarily digital now as well. A report by Purplesec for 2021 claimed that cybercrime has increased 600% since the start of the pandemic. While insurance agencies and those prone to threats have had a keen awareness of the rising risk, the government is also stepping up and claiming some responsibility in providing protection to the general public.
Is Cyber Insurance Worth the Investment?
Cyber-attacks have become a top threat to businesses both big and small in the last decade. Social engineering schemes, malware, and ransomware have all seen a significant uptick, especially since the start of the pandemic. According to the Identity Theft Resource Center, 2021 has already hit a record high for cyberattacks, exceeding the total amount in 2020 by more than 17%. So, with cyber threats (and the cost to mitigate them) skyrocketing, its time to consider investing in Cyber Insurance to protect your business.
Small businesses face an increased risk of cyberattack. More and more cyber claims stem from small businesses and small businesses make up an increasing share of the total losses caused by cyber attacks. As this threat evolves, small businesses can no longer ignore their cyber risks without facing disastrous consequences.
On July 15, 2020 a number of high-profile, verified Twitter accounts were hacked. The goal seemed to be to push a double-your-money scam using Bitcoin. Some estimate that the hackers were able to net $100,000 in the cryptocurrency in a matter of minutes. These kinds of scams have always been prevalent on social media platforms, but never have so many notable accounts been taken over at once.
What does this mean for businesses that use Social Media, including Twitter, as a channel for promotion and outreach?
Given the relative newness of cyber insurance policies, comparatively little case law exists interpreting these policies in the context of claims. Courts have sometimes struggled with how to interpret unique policy provisions in the context of variations of computer fraud. While some courts have taken highly technical approaches to the language contained in the policy, other courts have taken a more relaxed approach based on the understanding of the parties. A recent case out of the Eleventh Circuit Court of Appeals highlights these issues. Principle Solutions Group, LLC v. Ironhorse Indemnity, Inc. tackled a claim dispute between an insured business and an insurance company involving a cyber claim.
Companies without cyber insurance can find themselves in difficult situations. As more and more vital business functions migrate to electronic systems, companies without cyber insurance have to try and find coverage for any damage to their systems through traditional insurance policies. That approach can work depending on the specifics of a policy and a claim, but it might lead to additional legal costs fighting with the insurance company.
Ransomware attacks have increased in frequency over the past few years. They now rank as the second most frequent type of claim against cyber insurance policies. Experts estimate that a new business is hit with a ransomware attack every fourteen seconds. For 2019, early information is showing that the frequency of ransomware attacks may be decreasing. This seemingly positive trend comes with two significant drawbacks however.
In the event of a cybersecurity breach, any company with a cyber insurance policy should contact their carrier as soon as possible. One of the first steps the cyber insurance carrier will take is to hire a forensics company to investigate the breach. Digital forensics is one of the more expensive aspects of most cyber claims, with costs typically ranging from $20,000 to $50,000.