The moment you put any part of your business online you become a potential target for cybercriminals, who can attack from anywhere in the world, at any time. From phishing emails to targeted data breaches and ransomware attacks, cyber threats are a real and present risk that your business needs to protect against.
In 2020, almost 75% of organizations were targets of payment scams, according to the Association for Financial Professionals 2021 Payments Fraud and Control Survey.[1] Beyond payment scams, there are many other forms of cyberattacks that can damage an organization, including attempts to steal valuable information such as customer data and intellectual property. The IBM Cost of a Data Breach Report 2020 shows that the average cost of such data breach attacks in the United States was $8.64 million.[2]
Traditional insurance does not cover the impacts of cyberattacks, which is why cyber liability insurance is becoming an increasingly important tool for organizational risk management.
Ransomware Aims to Hold Your IT Systems Hostage
Following several highly publicized and costly cyber events, cyber risk now ranks as one of the top enterprise-wide risks facing organizations today. Technological developments have revolutionized the way in which companies offer their products and services, allowing them to reach new customers with increased operational efficiencies, but these changes do not come without risk. As the pace of technological change continues, most companies now have a total reliance on IT networks and the information that they hold.
A growing form of cyberattack is the use of ransomware to hold an organization’s IT systems and/or data hostage and demanding a ransom to return control to the organization. Risk management and advisory firm Willis Towers Watson notes: “Cyber criminals are targeting businesses of all kinds with ransomware attacks. As these attacks become more sophisticated, carrying the potential to affect a wholesale inability to access a firm’s entire electronic infrastructure, ransom demands have increased — often reaching eight figures.”[3]
Factors That Increase the Likelihood and Severity of Cyberattacks
- Big Data: Large volumes of confidential customer information
- Expanding network perimeter: Supply chain risk and the myriad of interconnected service providers
- New threat vectors: Ransomware and social engineering, where users are tricked into making security mistakes or giving away sensitive information
- Increased regulatory burden: Global privacy regulations continue to tighten, impacting the way confidential consumer information is collected, stored, processed and disposed of, with substantially increased financial consequences in the event of a privacy breach.
Types of Cyber Threats
While ransomware is the primary threat vector currently being used by bad actors, other cyber threats can be equally damaging if an organization is victimized:
- Business Email Compromise
- Email Account Compromise
- Social Engineering
- Insider Threats/Theft
Chart 1: Ransomware Attacks in the U.S.
View accessible version of this chart.
How Cyber Insurance Can Help
Chart 2: Cyber Liability Coverage
| Property | Crime/Bond | Kidnap/Ransom | Professional Liability | Cyber* | |
| First-Party Privacy / Networks Risks | |||||
| Physical damage to data | Limited Coverage | Limited Coverage | |||
| Virsus / hacker damage to data | Coverage Provided | ||||
| Denial of service attack | Coverage Provided | ||||
| Business interruption security event | Coverage Provided | ||||
| Exortion or threat | Limited Coverage | Limited Coverage | |||
| Employee sabotage | Limited Coverage | Coverage Provided | |||
| Third-Party Privacy / Network Risks | |||||
| Theft / disclosure of Private info | Coverage Provided | ||||
| Confidential corporate information breach | Coverage Provided | ||||
| Technology errors and omissions | Coverage Provided | Coverage Provided | |||
| Privacy breach notification | Coverage Provided | ||||
| Regulatory privacy defence / fines | Coverage Provided | ||||
| Virus / malicious code | Limited Coverage | Coverage Provided | |||
*Cyber insurance is constantly evolving and the exclusions to coverage changing; you should work with your broker/insurer to monitor coverage regularly.
Cyber Threats Are Real
With the frequency and severity of cyberattacks trending upward, protecting your business is more important than ever. Practicing good “cyber hygiene” and having robust defenses in place is your business’s first line of defense, but cyber liability insurance can be a key component to an effective risk management program. You should work with your insurance broker and legal counsel to determine if cyber liability insurance is appropriate for your business based on your specific risk profile and appetite. It is important to note that a growing number of cyber insurers are creating exclusions for companies found to be using old or deprecated systems or software. Customers need to be aware of any exclusions. Cyber liability insurance will not prevent losses from occurring but plays a key role in keeping your business running smoothly in the event it experiences such an attack.
Accessible Version of Chart 1
Chart 1: Ransomeware Attacks in US
Ransomware attacks are becoming more common in the United States
Ransomware accounted for 30% of all U.S.-based cyberattacks reported to and confirmed by Verizon data breach researchers in 2020, more than double the rate for the world.
| World X axis | World Y Axis | United States X Axis | United States Y Axis |
| 2015 | 1% | 2015 | -1% |
| 2016 | 7% | 2016 | 4% |
| 2017 | 16% | 2017 | 6% |
| 2018 | 10% | 2018 | 11% |
| 2019 | 12% | 2019 | 23% |
| 2020 | 14% | 2020 | 30% |
| Source: Verizon 2021 Data Breach Investigation Report | |||
___
This article was originally published on the PNC Insights blog.
