Cybersecurity: Are You Protected?

CYBERSECURITY-QUESTIONNAIRE-1-1

Understanding Cyber Insurance

Guest Blog Post by Linda M. Vecoli CPCU RPLU and Emma Feloni

Are you concerned about the security of your data? Do you know how to protect your business better if an incident occurs? We invited the experts from Starkweather & Shepley Insurance Brokerage Inc. to shed some light on the matter.

Cyber Insurance

Conversations are heavy around the topic of cybersecurity these days. Below, we have a brief overview of cyber insurance, what it is, and how it works. Although products vary between carriers, some of the common features include:

· First-party coverages which are payable to the insured

· Third-party coverage for the defense and settlement of matters which are deemed your legal liability

A potential or actual compromise or breach of your systems triggers Cyber Policies. In these cases, “damages” are due to the exposure of “personally identifiable information” otherwise known as “PII.” The definition of PII is found in the 50 state laws that govern the responsibility in the event of a breach. Cyber claims vary, but the most heavily recorded losses are in the area of IT Forensics, ransomware, and phishing or Funds Transfer.

Each standard policy will have an array of coverages built to cover the expenses incurred due to the following: researching the degree of penetration within your network, the expenses for the statutory notifications or credit monitoring, the hiring of a public relations firm to manage the crisis, the cost to repair any systemic damages. So, with so many options, how do you know which policy is best for you?

The critical decision point is to work with a program with the broadest coverages and a reliable partnership to be a resource in case your firm has a breach. Frontline prevention is done through risk management training and procedures in order to prevent a loss. An analysis of these tools is an important consideration for any cyber product.

Within the last few years, the issuance of a cybersecurity incident plan has soared to the top of the list for the SEC’s concerns, thus emphasizing this type of coverage as an essential part of your risk management program. In evaluating your options beyond pricing, check for the details of the coverage and risk management tools available and always work with a professional agent familiar with this complex changing landscape.

Emails from Fake Vendors.

The SEC outlined examples in an investigative report last year. Here’s an example of one of the cyber-related incidents.

“One form of cyber-related fraud involved impersonating vendors via email. The scheme involved intrusions into the email accounts of foreign vendors. After successfully hacking vendor email accounts, the perpetrators inserted illegitimate requests for payments (and payment processing details) into electronic communications. The perpetrators also corresponded with personnel responsible for procuring goods. They gained access to information about actual purchase orders and invoices. The perpetrators initiated changes to the vendors’ banking information and attached doctored invoices reflecting the new, fraudulent account information.

As a result, the issuers made payments on outstanding invoices to foreign accounts controlled by the impersonator rather than the accounts of the real vendors. Unfortunately, there were little to no indicators of illegitimacy or red flags. In fact, several victims only learned of the scam when the real vendor raised concerns about nonpayment.”

To learn more about cyber insurance coverage, click here. For information regarding cybersecurity and cyber-related enforcement actions, visit the SEC’s website.

Ready to take immediate action? Contact us now to get started.