Cyber-related security risks have become the more serious risks almost all companies face today, specifically companies who rely on technology or their client base and client data to run their businesses.
A cyber-attack is when the computer information technology system of a company or individual is exposed and an attacker manages to steal, erase, or take possession of the data that resides on that system. In 2021 the average number of cyber-attacks globally increased by 15.1% from the previous year but by 2022 this increased further by almost 25% in 2022. The number of attacks on remote desktops grew in the US alone from 47.5 million to 51 million for the first trimester of 2022. If one were to examine a map of the world that highlights all the cyber-attacks taking place, there would literally be no room on the map for those areas free of the problem.
One needs to consider the risks specifically at a time when much of the developed world began working from home when the Covid 19 pandemic began to spread around the world in the first quarter of 2020. While all employees were set up to work from home and dial into their company servers through VPN technology, this presented a massive cyber risk as any of the company’s servers were only as strong as the network their staff was using. This was already at a time when cyber-attacks were becoming common with banks, insurance companies, and state security agents where data was at risk and could be stolen and ransomed at a high premium. If an insurance company has its data hacked and erased, that data becomes extremely valuable given the absolute dependence the company would have on such data. Without being able to reconstruct such data, the company is almost not able to operate. That is why it has become so important to back up servers regularly in terms of established protocol. It is not just the loss of data though, it’s also the sensitivity of such data and the fact that if it is stolen it would create large reputational risks for that entity.
Insurance companies sit with very sensitive data regarding their clients, with full inventories, security, and financial data. If this were to be stolen, the clients of that company would need to be notified and made aware their confidential information is in the possession of a third party. Protection of personal information is highly regulated in most countries today and companies who are hacked, need to notify regulators and clients and also face large fines if they are negligent in any way. With this in mind, it has become critical for companies to conduct proper and frequent penetration testing, or what we call ethical hacks, and to be able to constantly monitor the security of their systems. The other important tip is to back up data regularly as advised and to insure one’s cyber liability with a cyber insurance expert. Reinsurers generally exclude all types of cyber liability from standard insurance policies so any cyber loss and liability to clients would not be claimable unless a specific cyber liability policy was taken out. Such policies have specific reinsurance as well as suppliers who are able to find out quickly how the hack took place and reconstruct the data. They would also negotiate ransom demands with hackers as you would with hostages and settle genuine liability claims with third parties. In today’s times, one cannot afford to be without cyber liability cover.
Remember:
1. Back up data regularly.
2. Be able to perform ethical hacks often to your system and,
3. Have the correct insurance in place.
These are just mitigating principals. The most important is to be careful, have proper passwords for systems, don’t share them, and protect all data in your possession with care.