Understanding Cyber Insurance
Guest Blog Post by Linda M. Vecoli CPCU RPLU and Emma Feloni
Are you concerned about the security of your data? Do you know how to better protect your business if an incident occurs? We invited the experts from Starkweather & Shepley Insurance Brokerage Inc. to shed some light on the matter.
Conversations are heavy around the topic of Cyber Security these days. Below we have a brief overview of cyber insurance; what it is and how it works. Although products vary between carriers, some of the common features include:
· First party coverages which are payable to the insured
· Third party coverage for the defense and settlement for matters which are deemed your legal liability
Cyber Policies are triggered by a potential or actual compromise or breach of your systems. In these cases, “damages” are due to the exposure of “personally identifiable information” otherwise known as “PII.” The definition of PII is found in the 50 state laws which govern the responsibility in the event of a breach. Cyber claims vary but the most heavily recorded losses are in the area of IT Forensics, ransomware and phishing or Funds Transfer.
Each standard policy will have an array of coverages built to cover the expenses incurred due to the following: researching the degree of penetration within your network, the expenses for the statutory notifications or credit monitoring, the hiring of a public relations firm to manage the crisis, the cost to repair any systemic damages. So, with so many options, how do you know which policy is best for you?
The critical decision point is to work with a program which has the broadest coverages along with a reliable partnership to be a resource in the event your firm has a breach. The frontline prevention is through risk management training and procedures in order to prevent a loss. An analysis of these tools is an important consideration of any Cyber product.
Within the last few years, the issuance of a cyber security incident plan has soared to the top of the list for the SEC’s concerns, thus emphasizing this type of coverage as an essential part of your risk management program. In evaluating your options, beyond pricing; check for the details of the coverage, risk management tools available and always work with a professional agent who is familiar with this complex changing landscape.
Emails from Fake Vendors.
The SEC outlined examples in an investigative report last year. Here’s an example of one of the cyber-related incidents.
“One form of cyber-related fraud involved impersonating vendors via email. The scheme involved intrusions into the email accounts of foreign vendors. After successfully hacking vendor email accounts, the perpetrators inserted illegitimate requests for payments (and payment processing details) into electronic communications. The perpetrators also corresponded with personnel responsible for procuring goods. They gained access to information about actual purchase orders and invoices. The perpetrators initiated changes to the vendors’ banking information, and attached doctored invoices reflecting the new, fraudulent account information.
As a result, the issuers made payments on outstanding invoices to foreign accounts controlled by the impersonator rather than the accounts of the real vendors. Unfortunately, there were to little to no indicators of illegitimacy or red flags. In fact, several victims only learned of the scam when the real vendor raised concerns about nonpayment.”
Ready to take immediate action? Download our FREE Cybersecurity Questionnaire now.