Published on: 8 June 2021 by Michael Lamb
If you have been following the news then you’ll be aware that 2021 has been a bumper year for Cyber Crime. If you haven’t been keeping up to date, then let us refresh you.
In early May 2021 Colonial Pipeline, the main oil distribution pipeline for the East Coast of the USA, fell victim to a ransomware attack that impacted millions of people in America. In early June 2021 meatpacking giant JBS also became the victim of a ransomware attack – shutting down 1/5 of the meatpacking plants in the USA and causing the price of meat to spike.
These are not isolated incidents.
In fact, from the SolarWinds cyber-attack in December of 2020 to present there have been a significant number of high level, international, cyber attacks. In May 2021 alone there were almost 116 million breaches, including the hack of student loan websites in British Columbia, an attack on the Belgian parliament, a French shoe manufacturer, and many, many more.
Even the experts are not immune from the scourge of Cyber-Crime, as evidenced by the successful ransomware attack on AXA less than a month ago.
At CCW Global we have long championed the protection afforded by Cyber Insurance protection as vital in the modern world – especially as work habits and businesses have adapted and changed in the aftermath of the global Covid-19 Pandemic. The uptick in Cyber crime is a reaction to the increasingly disconnected nature of our workplaces, and our reliance on technology to perform our jobs.
While we can place our faith in our network security and IT infrastructure, the simple truth is that the best security in the world cannot, and will not, stop a determined and persistent attacker.
Cyber Insurance has, historically, been a secondary consideration in a company’s risk-management toolset. In the past Cyber Insurance wasn’t even necessarily a standalone insurance product, and was often found as an endorsement on more standard (and traditional) office policies.
However, in light of the increased activity by cyber criminals, Cyber Insurance should be a primary and core focus when it comes to managing business risk. Businesses have generally been slow to look at Cyber Insurance coverage, but this is starting to change.
The purchase of standalone Cyber Insurance products was up 28% in 2020 over the previous year, but Cyber Claims also increased by 13% for the same period. Companies with Cyber Protection are actually using their coverage. This is worrying for companies and businesses which have not considered the purchase of a cyber insurance policy – while their peers have protection and support in the wake of a cyber-attack, organizations without this vital component of risk management will have to deal with the consequences of an attack independently.
This is especially concerning now that ransomware attacks account for 75% of all Cyber Insurance claims. Ransomware, by its very nature, is extremely difficult to defeat – attackers often use social engineering schemes and spear-fishing tactics to penetrate the networks they want and these real-world intrusions are often the most successful. Further to this, the ransoms themselves are often extremely expensive; in the case of Colonial Pipeline, it was a multi-million payment which removed the ransom.
No mandatory cyber security laws exist for many industries, and many companies IT security processes are essentially “whatever works.” This leaves millions of organizations worldwide exposed to costly interruptions, ruined reputations, and having to make expensive payments out of their own pockets.
It is important, firstly, to understand that Cyber Insurance does not provide coverage against flawed software or services being provided by an IT contractor, vendor, or company. This type of coverage would require Digital Professional Indemnity (errors and omissions) Insurance.
Cyber Insurance provides coverage for a company which has experienced losses as a result of Cyber Attack. The definition of “cyber-attack” under most Cyber Insurance policies is very broad, accounting for any event which results in the malicious use of your organization’s digital systems. Whether you have had your website vandalized by a bored teenager, or your business is interrupted by a ransomware event, Cyber Insurance products are designed to assist a company recover in the aftermath of an attack by providing vendors, services, and finances, to overcome the crisis.
In terms of the top line covers offered by most competitive Cyber Insurance products, as a business you can expect to find protection for:
Even the simplest of Cyber events, like website vandalism, requires money and effort to fix. Going beyond this, your due diligence will require that even for the most benign of cyber events you’ll need to investigate what, exactly happened, conduct an analysis as to how exposed you are, and begin to fix any damage caused. More complicated events, like a ransomware attack, require even more resources and expertise to handle.
Unless your business is dedicated to Cyber Attack Crisis management, it is highly unlikely that you will have the necessary skills in-house to overcome a cyber event. While insurance is not going to prevent an attack, a cyber insurance policy is an overlooked resource to help your organization recover if you are the victim of cybercrime. By providing financial assistance to the company, a Cyber Insurance policy ensures that business is able to continue as normally as possible while the crisis is being managed.
Additionally, the expert assistance you receive following a claims situation will help your organization manage the many regulatory and legal issues you will encounter as the victim of a cyber-crime. From mandated disclosure and reporting, through to potential government fines, the maze of regulation and law surrounding cyber crime is complicated and murky. Attempting to navigate this environment on your own can actually lead to more problems than those raised by the initial attack. So, on top of providing monetary support, Cyber Insurance claims management provides your organization with expert legal advice as to how you should be managing your recovery following a cyber-attack.
While more companies are considering the purchase of Cyber Insurance, and the rates of businesses obtaining policies is increasing, the reality is that this is proceeding at far too slow a pace and organizations (both in Hong Kong and across the rest of the world) are highly exposed. With cyber criminals conducting attacks every second, and with hundreds of millions of successful attacks occurring every day, there is too much risk for a business to ignore the necessity of comprehensive Cyber Insurance protection.
At CCW Global it often feels like we have been talking about this subject for years (because we have), but we’re now at a turning point where technology and current events have created an environment in which Cyber Crime can thrive – the list of companies, organizations, and countries that have been a victim of a cyber attack in 2021 is proof of this.
An expert CCW Global insurance broker will be able to help walk you through all the Cyber Insurance options for your business; giving you peace-of-mind that your company will have the support it requires should anything happen.
To arrange a no-cost, no-obligation consultation with a CCW Global insurance broker, please Contact Us today.