Just before I put together the BITS Newsletter on cyber crime prevention, I had a few meetings with Kevin Toole and Dan Toole Of Graydon-Toole Insurance Group. Kevin, Dan and myself had sat down to discuss cyber crime and insurance. Kevin and Dan wanted to know more about the technical side of things.
Like most of us, Kevin and Dan are busy people. They have a business to run. Clients to help, etc. And while cyber insurance isn’t a totally new concept, they felt it best to understand things from a technical side as well as an insurance side, so they may better inform and protect their clients. I too, found it very helpful. I now have a better grasp of the insurance side of things, so I can better inform OUR clients.
As one would imagine, there are lots of different ways to insure your business against cyber crime. It is very much like insuring your home. Do I need flood insurance? What value do I put on my belongings? Not everyone has the same risks and coverage’s can be tailored to your needs.
One thing I found interesting is how much the cyber insurance world is trying to keep up with the pace of the crimes being committed. It is like the wild west out there. Different companies getting into the game and not all cover what you think. Exclusions and fine print seem to be overwhelming!
For instance, Kevin says “There is no standardized forms meaning they all read differently and provide different coverage. “Bits has assisted our clients with filing IT security audit forms, there are many common questions asked and industry standards to meet, but we have seen a dozen different forms. On the insurance side of things, what may be acceptable for one company might not be from another. In the end, it’s better to talk these things over with professionals like Kevin and Dan who can help you sort out what you can be exposed to if such a claim needed to be filed.
Kevin Emailed me a list of some common coverage and what they mean
Social Engineering – Employee is tricked into sending money to an impostor. Cyber Insurance will reimburse money lost from this scheme.
Funds Transfer Fraud – Hacker breaks into your computer system gaining online banking information and requests a funds transfer. Cyber Insurance will reimburse money lost from this fraudulent instruction to transfer money to the criminal.
Ransomware – an employee opens a link that contains a virus that encrypts files on your network. Criminals are demanding $5000 to unlock your company files. Cyber Insurance will cover the ransom to unlock your files.
Data Breach – Hacker gets past your security controls and steals customer data records such as social security numbers, credit card numbers and other private information. It is undetermined how many records were stolen. Cyber Insurance covers legal fees to defend you from customers bringing a lawsuit against you. Covers the cost for Forensic IT Experts to determine the extent of the damage from hackers. Cover cost for PR Consultants to prevent your image from being destroyed. Will also cover fines and penalties that you may incur.
Network Security – your website is hit with a virus that flooded your network with 10 times the normal traffic result in your system being inoperable. The virus is also transmitted to several key customer websites bringing their systems down as well. Cyber Insurance covers lawsuits brought by those customers impacted by the virus transmission and covers the cost to repair any damage to your data files.
I hope this give you a bit of an insight to what the insurance market is doing, they are trying to keep up just like the rest of us.
If you would like to discuss Cyber insurance, Kevin and Dan have extended their experience to you. Likewise, BITS will be providing free IT security assessments to those who wish to have one. There will be no obligation to purchase anything. Just free advice to our friends!
For more information on Cyber Insurance contact
Kevin Toole at [email protected]
Dan Toole at [email protected]
For a free cyber security assessment contact
Jim Penttila at [email protected]
Tina Hamrick at [email protected]