Companies whose cyber insurance plans need to be overhauled may face major IT challenges: Keep your operations secure or unmodified. “I see a definite change from the business side…
Companies with a cyber threat Restructured insurance plans may face major IT challenges: Make your operations more secure or not.
“I’m seeing real cases from business clients. They’re being charged by their insurance carriers to improve their cyber security,” said Michael Senkbeil, a partner at Chortek LLP. “Insurers are insisting that multi-factor authentication should be used everywhere.”
Multi-factor authentication can make systems, email accounts and websites more secure from external threats. And with cyber attacks becoming more frequent and dangerous, security is on the minds of many business owners, said Jason Navarro, director of cybercrime insurance and risk management for R&R Insurance Services.
“It’s all about ransom. It is very profitable, and people will pay to get their businesses back,” he said.
Navarro said make no mistake: Cyber criminals operate like entrepreneurs. For them, attacking a company is a business, he said.
“You have to prepare for this, you have to train … as a business owner, yourself, this affects all of us. You have to be prepared for cyber threats like any other exposure in life,” said Navarro.
Insurance against external risks
Navarro said R&R Insurance launched its cyber insurance division about five years ago and remains one of the few insurance companies in Wisconsin with a dedicated cyber division.
When the division started, it was “a revolutionary part of the clients we represent,” Navarro said. The goal was to protect R&R Insurance’s customers while trying to attract new ones. In the past few years, the need for cyber security insurance has grown exponentially, Navarro said.
Navarro compared a cyber attack on a business to a medical specialist. He said that an IT worker is like a general practitioner, but when something serious happens, like a heart attack, you go to a specialist. This is also the case with cyberattacks, he said, explaining that insurance companies help those who have their policies to bring in experts to deal with the damage due to the severity and urgency of the matter.
Having insurance will cover the cost of the incident and recovery, said Kevin Bong, director of Sikich LLP’s cybersecurity practice. The insurance agent will provide many resources, such as a breach coach who can help the company understand what is being followed and how to handle the breach. Legal advice can also be used to help a company understand its legal disclosures and how it should inform others.
“Insurance allows you to do it right and do it right,” Bong said.
Protection from criminals
As Senkbeil says, “Bad people only have to be right once; good people should always be right. “
A company can often be crippled by cybercriminals who force it to shut down until they pay a ransom, often in the form of cryptocurrency.
“An attacker will go into a 30-employee company, and they’re using the most advanced tools and techniques against these small manufacturers. It can feel overwhelming because the attackers are using these advanced techniques and (the company doesn’t) even have a regular IT,” said Bong.
With the falling price of Bitcoin, cyber criminals are left with a choice: Increase the amount of ransom or increase the number of attacks.
Bong, who leads Sikich’s legal team and works with insurance companies to respond to claims, said no one is immune. Instead, he said, small developers are a big target because they usually haven’t invested much in protecting their networks, but if a cybercriminal gets hold of them, the company has to pay $100,000 or more to recover. and running within a few days.
Ransoms can be paid voluntarily, he said, because the attackers encrypted the company’s information, so it has to buy passwords to recover its data. Or, before the criminals could save the data, they stole it again. In the case of theft, they may put a small section on a “shameful website,” Bong said, and threaten to post more information if the ransom is not paid. Having a backup doesn’t guarantee you’re safe, Bong said, explaining that attackers can get in and destroy the backup.
However, “ransomware epidemics seem to be decreasing due to preventive measures,” Senkbeil said.
This practice is now moving towards phishing, allowing the attacker to navigate and mine the company’s systems.
The FBI defines ransomware as malicious software that prevents users from accessing computer files, systems or networks and demands that they pay a ransom to get them back. Phishing, on the other hand, involves “destructive techniques to entice you to take the bait,” according to the FBI. Criminals use fraud to get information from their target.
Recently there have been many cases where people’s emails have been taken over by a criminal who tricks someone into sending money to the wrong account, Bong said. For example, they log into an email account and contact a customer that they need to pay a bill and provide a “new” bank account to transfer the money to.
Working to prevent attacks
Before a loss occurs, Navarro says, R&R Insurance will help mitigate the loss before it occurs so that if a loss does occur, it can help mitigate the problem. Companies of all sizes need cyber insurance, Navarro said. Indeed, any business that has a network, or has information on customers, employees, products and suppliers.
Navarro said it’s important to think about what to do if an attacker forces you to close your business. “All the work you’ve done to grow your business, and your business is stopped by maybe an outside organization that wants to defraud you and shut you down,” Navarro said.
The cost of cyber insurance varies by business and the amount of information it maintains. For small companies, they can range from $2,000 to $5,000 in annual costs and up to several thousand dollars a year for a large company, Navarro said.
However, requiring a company to use multi-factor authentication and other methods to support its technology is not always a hard sell.
“The concern is that the cost of cyber preparation will be high, and they are worried about losing power and productivity,” Senkbeil said. “I have found that in the last few years, business owners know that the risks are high and they need to do more. I’m really surprised that they’ve been listening so much in recent years.”
Chortek has been an outsourced IT department for many companies and encourages its customers to be patient with their employees who may need more time to work with more product validation.
In the future, Senkbeil would like to see companies that have adopted preventive measures to get better money from insurance companies.
“I think they should have a minimum wage. I think it’s coming,” he said.