The Importance of Cyber Insurance
Jaki Ferenz | AVALON RISK MANAGEMENT
CYBERCRIMES CONTINUE TO make headlines as more companies fall victim to cyberattacks. According to Microsoft, there are between 20,000 and 30,000 COVID-19-themed cyberattacks per day. 2020 saw an increase in the number of cyberattacks against the logistics industry as they became a sizeable target for cybercriminal organizations. When these criminals hack internal systems, they not only disrupt a particular company’s information, they disrupt a supply chain that affects multiple parties.
According to Cybersecurity Ventures, the worldwide dam-age caused by cybercrime will total around $6 trillion annually by 2021. This would include damages caused by manipulation or theft of internal company, personal and/or financial data, dis-ruption of business operations, damage to systems, and recovery of hacked data.
Can You Afford a Cyberattack?
According to the Ponemon Institute, the average cost of a single lost/stolen record is $150. The average size of a data breach is 25,575 records. A small business with around 3,300 customer records will have $500,000 in expenses. There could be additional fines and penalties from government agencies that will increase this figure. Businesses cannot afford to have such a considerable expense.
Cyber Risk in the Logistics Industry
One of the most common cybercrimes is fraud by social engineering email scams. For example, your CFO receives an email from the President requesting a wire transfer of $250,000 that needs to be done urgently. The email contained enough details not to raise suspicion, so the CFO complies with the request only to find out later that the President never sent the email.
Cybercriminals can also hack into your system and create fictitious invoices and change the payment wiring instructions. The invoices look legitimate because they have all your correct information, logo, order number, etc. Your client doesn’t realize the change in banking information, and now they are out $25,000.
Ransomware was one of the most used attacks in 2020 against logistics companies. Hackers encrypt data and then demand money from their victims in exchange for access to their systems again and/or to avoid releasing certain information to the public. The ransoms are usually for a large amount of money that can go as high as several million dollars. For example, shipping giant CMA CGM was attacked in September 2020 and its entire core IT systems were affected with most of the disruption affecting their e-commerce operations. Some functions were down for as long as two weeks, and the effects were felt globally. CMA CGM disclosed that the cost of the attack could reach $50 million.
ACCORDING TO THE PONEMON INSTITUTE, THE AVERAGE COST OF A SINGLE LOST/STOLEN RECORD IS $150. THE AVERAGE SIZE OF A DATA BREACH IS 25,575 RECORDS.
In mid-December, a ransomware attack involving trucking giant Forward Air was targeted by a new ransomware gang. Forward Air had to take their systems down to prevent the attack from spreading. They had to use manual systems for about a week right before the Christmas holiday, so needless to say, there were delays with shipments.
How to Mitigate Your Risk
Now more than ever, it is imperative for companies to protect themselves against the threat of cybersecurity. Here are some tips that can help mitigate your cyber risk:
- Create a cybersecurity strategy
- Educate and train employees on cybersecurity
- Install malware and other anti-virus software
- Manage user privileges
- Vet carriers and other third-parties that access your systems
- Control devices and remote access
- Add cybersecurity to your contracts
- Get the proper insurance in place
Insurance for Cyber Risks
It is crucial to think about what you would do if your customer data were compromised. Would you be able to afford the expense of notifying your customers if there is a security breach? What if they decide to file a lawsuit because of the breach? You need to review your cyber risk insurance and determine if you have the right coverage for your business.
Liability Coverage (Damages to Third-Parties)
- Privacy Injury Liability: Resulting from unauthorized collection, disclosure, use of protected information; failure to maintain policies and procedures stating insured’s obligations regarding protected information.
- Network Security Liability: Resulting from causes like inability of authorized third-parties to gain access to insured’s network; denial of service; transmission of malicious code from insured’s network.
- Privacy Regulation: Fines and penalties insurable under applicable law and imposed under privacy regulation proceeding for violation of any Security Breach Notice law governing protected information.
Expense Reimbursement to Insured
- Privacy Event Expense: Expenses to notify potentially impacted persons (and/or entities depending on policy form) of a disclosure of personal data; costs to comply with laws concerning such breaches; costs to investigate the breach.
- Extortion Threat: Insured receives a threat of attack on system unless a specified action is taken, such as monies paid.
- Privacy Regulation Investigation: An investigation or written request for information by a governmental authority in connection with law governing protected information that is likely to result in a claim.
- Business Interruption: Income that insured would have earned during the period of restoration if not for the net-work impairment.
- Damage to Insured’s System/Network: Reasonable expenses that are required to restore the network or information residing on the network to pre-impairment condition.
- Basic e-Theft: Loss of insured’s money/securities/goods resulting from electronic theft committed by a third-party.
Not all cyber insurance policies are the same and vary by insurance companies. It’s important to discuss your specific insurance needs with your insurance broker.
Jaki Ferenz is vice president of Avalon Risk Management, an Insurance and Surety provider headquartered in Elk Grove Village, Illinois. She can be reached at [email protected].