With the increasing use of technology, internet and social media, the threat of cyberattacks is constantly growing. Where once only large, public organizations carried most of the risk for exposure, now small organizations are also being targeted just as frequently but often with even more devastating results.To mitigate these risks, it's important to maintain a cyber policy with enough coverage to protect an organization from all types of cyber exposure.
What is cyber coverage?
Cyber coverage provides a means for enabling a business to transfer the costs of a cyber attack or other security breach when the cost or repairing and restoring the business are cost prohibitive to the small business.
Who should have it?
Any business entity that maintains sensitive information such as customer names, addresses, social security numbers, credit card numbers and bank account information on a computer system or even offline has an obligation to those customers to keep that data information safe and secure from cyber thieves.
Why is it important?
Since the start of the Covid pandemic in 2020, Cyber-attacks have increased 300%. As a result, all business entities should have some level of coverage even if only a small amount. Educating these customers on what their vulnerabilities are is critical so that they understand the seriousness of a cyber attack and the destruction it can cause.
What does a cyber policy cover?
BIB can help protect your customers from most cyber risks with policies that cover the following types of exposure.
First Party Coverage:
Notification Costs: Cost to notify affected individuals after a data breach
Breach Costs Inside/Outside: Paid out if the breach costs erode the aggregate limit (inside) or are separate (outside)
Contingent Business Interruption: Losses from an interruption in 3rd party computer services or software
Business Interruption: Covers lost profits incurred due to not operating
Data Recovery: The cost of recovering lost data
Extortion/Ransomware: Covers damage and ransom payments from an attack
Bricking: Covers computers and electronic hardware that are damaged beyond repair
Third Party Coverage:
Network Security and Privacy Liability: Third party liability cost
PCI: Covers fines or penalties imposed by banks or credit card companies
Regulatory: In case you're fined by regulators (e.g., for breaching consumer privacy)
Media: When your content triggers legal action against you (e.g. - libel, plagiarism)
Computer Fraud: Covers funds or property stolen resulting from a hack
Funds Transfer Fraud: When a criminal deceives a bank/institution to transfer funds
Social Engineering: When cyber criminals deceive a business to transfer funds willingly
Is it expensive?
The cost can be very minimal, especially when compared to the expense after an attack. Give us a call to talk more about your customer’s business and what needs they might have and let us help you select the policy that best secures them against cyber threats.
Two Examples of Small Business Cyber Attacks
Small businesses are attractive targets for cybercriminals because they usually lack the cyber security precautions of larger organizations. Forty-three percent of all cyberattacks target small businesses, and the consequences of these breaches can be extremely costly, from lost productivity to company reputation. Security Magazine, May 25, 2022
The following are examples of small business that have experienced past data breaches as noted in an NPR article by John Ydstie.
1. Wright Hotels Attacked Via Email
Real estate investor and developer Stuart Rolfe became the victim of a cyber attack was the victim of a cyber-attack when thieves hacked his email account and drained over $1 million in funds from his bank account. “They knew exactly how I had communicated with our bookkeeper," he says. "They knew exactly what kinds of things that I said" in emails to her authorizing transfers. Rolfe made another disturbing discovery when he noticed that all of the unlawful transfers had been authorized when he was in business meetings. This is because the thieves also had aVolccess to his Outlook calendar and could safely impersonate him when sending emails to his bookkeeper authorizing her to transfer funds to their bank accounts. The thieves could respond to any questions from Rolfe's bookkeeper and then delete all those communications from the account and run before Rolfe returned from his meetings and checked his email again.
2. Volunteer Voyages Attacked Via Stolen Debit Card
Dr. David Krier lost over $14,000 after thieves obtained his debit card and used it to make fraudulent charges. Dr. Krier had just returned leading a humanitarian trip to Peru through his business, Volunteer Voyages, when he found his account to be overdrawn. He notified his bank of the recent trip abroad and the stolen card number and expected to be paid back; however, his bank declined to reimburse him. Krier says that bank told him, "It's a business account, so you're out of luck." This example underlines the point that banks don’t willingly pay small business in the wake of a cyber-attack. Krier says he considered suing West Coast Bank but was advised he'd spend much more on legal fees than he'd recover. West Coast Bank was later bought by another bank.