How to Mitigate the Threat of Cyber Extortion

October 28, 2015

For years there’s been an increase in cyber security issues. It’s hard to go a single day without reading a story about how companies large and small are threatened by cyber risks. As a matter of fact, Graham recently released survey findings showing that cyber security risks are one of the top business threats keeping them up at night.
While many of us are familiar with hacking, it’s quickly being elevated to a whole new level through the increased prevalence of cyber extortion threats. If you’re unfamiliar with how cyber extortion works, let me explain. It’s the process where cyber criminals deny user access to an organization’s website, network or computer to extort payment in exchange for renewed access. This is a frightening proposition, and what’s even scarier is that companies aren’t doing enough to protect themselves from these threats.
As of late there’s been an increase in cyber criminals using ransomware because it allows them to encrypt data on a server or computer and deny service to the device until the victim makes payment for a “key” to unlock their data or files. While cyber liability insurance policies are available to combat this risk, there are certain broad exclusions you should be aware of so your company is protected if a cyber-criminal should attack.
Whether you’re a law firm, a manufacturer or a retail store, you’re at risk and need to take the right precautions to prevent or mitigate the risk associated with cyber extortion threats. A good IT team is always working to stay ahead of the curve and implement the best and most sophisticated cyber protection strategies available, but sometimes it’s not enough.

Combatting Cyber Extortion Threats

You might be wondering: What can my business do to combat this risk? The first step is to develop a robust risk management assessment aimed at uncovering the coverage gaps in your existing insurance program. General liability policies tend to be the industry standard, which covers things like bodily injury, property damage arising out of an insured’s operations, products or premises, as well as personal and advertising injury.
However, these policies were never intended to provide coverage for liability and first party notification expenses resulting from the disclosure of sensitive personal information. Only recently have insurance carriers begun adding exclusionary endorsements to ensure that their policy language doesn’t provide coverage for any of these potential claims.
The good news is that the insurance industry is tackling this issue head-on, and has already developed new cyber liability policies whose structure resembles a standard business automobile policy. In other words, one that provides coverage for both third-party liability claims against the insured, and first-party claims the insured makes against their own policy.

Four Things to Contemplate when Evaluating Cyber Liability Coverage

However, just getting your company any “off-the-shelf” cyber liability policy will not do the job. There are exceptions in those standard policies you need to be aware of, and here are four things to contemplate when evaluating coverage for your company:

  1. Failure to Encrypt Exclusions
    Do not accept a policy that includes a “failure to encrypt” exclusion. You should consider encrypting data anyway to better protect your business from a breach but you do not need to buy a policy that will exclude coverage for loss of unencrypted data.
  2. Business Interruption
    Many carriers include the option to purchase business interruption coverage for lost revenue due to your computer system being shut down. You need to understand if your policy is providing the coverage, many will not include this automatically.
  3. Governmental Fines and Penalties
    A large exposure for most companies is the potential legal action brought by the Office of the Attorney General, the Office of Civil Rights, and the Department of Health and Human Services, among others. Failure to provide at least defense cost coverage, or coverage for fines and penalties, can leave a gap in protection.
  4. Be Aware of Your Data Vendor
    When a company entrusts data to a third-party vendor (e.g., a third party processor or cloud provider) and the breach occurs on the vendor’s system, you’d like to be protected for vicarious liability by your cyber policy. However, some cyber liability carriers include exclusionary endorsements to take this coverage away.

Conclusion

As technology continues to evolve and cyber criminals become more skilled, it’s not a question of if your company will be hacked, but when it will occur. This means that in addition to a strong IT department you need to adopt a cyber liability policy to further insulate your company from cyber extortion. But to make sure your policy is structured properly and that you have the coverage you need, make sure to enlist the help of your insurance broker.

Nicholas M. Cushmore, ARM
Vice President
The Graham Building
Philadelphia, PA, 19102
215-701-5422

SAVE AS PDF >
Nicholas M. Cushmore,

ARM, AINS, Vice President

ncushmore@grahamco.com

215.701.5422
Tags: Insurance The Graham Company Cyber Liability Data Breach Cyber Security Nick Cushmore Cyber Extortion
RECENT POSTS
The Pendulum Swings Back: Navigating the Employee Benefits Landscape
The Pendulum Swings Back: Navigating the Employee Benefits Landscape

Dec 05, 2024

Family Planning in the Modern Workplace: How Employers Can Enhance Family Planning Benefits to Boost Employee Well-Being
Family Planning in the Modern Workplace: How Employers Can Enhance Family Planning Benefits to Boost Employee Well-Being

Dec 03, 2024

Stay Cyber Safe: Holiday Shopping Tips for 2024
Stay Cyber Safe: Holiday Shopping Tips for 2024

Nov 05, 2024

Is Your ‘‘Pay-If-Paid’’ Provision Sufficient As A Surety Defense?
Is Your ‘‘Pay-If-Paid’’ Provision Sufficient As A Surety Defense?

Sep 10, 2024

RELATED POSTS
No One Is Immune: The Critical Importance of Cybersecurity and Vendor Management
No One Is Immune: The Critical Importance of Cybersecurity and Vendor Management

Sep 03, 2024

Mastering Wire Transfer Security: Best Practices for Protecting Your Organization
Mastering Wire Transfer Security: Best Practices for Protecting Your Organization

Apr 23, 2024

Risk Playbook: Episode 9 – General Michael Linnington
Risk Playbook: Episode 9 – General Michael Linnington

Jul 17, 2023

State of the 2023 Insurance Market
State of the 2023 Insurance Market

Feb 23, 2023

Manage Cookies