Week in Rewind <<

If you haven’t noticed our focus has been heavily weighted in the area of cyber risk! Too many of our friends and clients have been impacted lately by cyber thieves. Yes, we sell insurance, but we are passionate about the benefits of insurance. We are all about Mitigating Risk and Loss Exposure!

So How Does Cyber Insurance Actually Help?

What Does It Cover?

First thing to know here is, in most cases you can design a plan to cover your business’ specific needs. As a generalization Cyber Coverage includes the following:

  • Defense and Settlement – civil proceeding or investigation
  • Regulatory fines and penalties including forensic examination
  • Re-certification services
  • Cyber extortion
  • Ransomware
  • Website media
  • Business interruption
  • Data recovery
  • Crisis management and fraud response
    • notification to breach parties
    • call center operations
    • design and implementation of website for advising breach parties
    • credit monitoring
    • public relations
    • associated legal expenses

What It Does Not Typically Covered

  • Potential future lost profits
  • Loss of value due to theft of intellectual property
  • Improvement costs to internal systems after cyber evet
    • Your other policies may be “activated” in the event of a cyber incident, but there are likely gaps in coverage for what damages are actually covered. The industry term, “Silent Cyber” refers to cyber loss exposure not covered under traditional, non-cyber insurance policies; namely the exposure is silent.

IT Risk Management

In an effort to further educate our audience we are providing links to our previously published articles on creating a better infrastructure to avoid successful attempts.

The Wall Street Journal reported that Colonial Pipeline authorized ransom payment of $4.4 million as a result of the company not being able to quantify the magnitude of the cyberattack breach to their system and the length of time to get things up and running again. Feet held to the fire for resolve and the decryption tool provided for ransom payment did not bring full restore back to Colonial. We can all feel the impact of the Colonial hack.

CNN reports that the Justice Department indicated that 2020 was the worst year for cyber attacks with ransomware demands, on average, exceeding $100,000 but as high as tens of millions of dollars. “….A key lesson here is that while technology and automation is good, we must also have the ability to efficiently operate manually as well. Attacks will happen, but how quick can you recover and restore critical services?”, Brian Harrel, former assistant secretary for infrastructure protection at the Department of Homeland Security, as reported by CNN. Having the support of insurance coverage through a Cyber policy is definitely one way to mitigate recovery exposure, should you fall victim.

NAPEO has pre-recorded webinars and information available on Cybersecurity. For non-members, follow this link to join.

Libertate Insurance Services has access to a variety of programs for Cyber Risk Coverage. Contact us, let us help you identify your Company’s Cyber Risk and find the best placement for your needs.

Cyber Attack Nightmares Continue

While most of us were celebrating Mother’s Day on Sunday, Colonial Pipeline was attempting to assess the damage related to a cyber-attack last week. Colonial Pipeline accounts for 45% of the East Coast’s fuel (diesel and petroleum). Colonial has had to take 4 of their main pipelines offline; they are operating off of smaller lines and delivery points. Impacts from New Jersey down through Texas are expected. As a response to the cyber-attack and limitation of the company’s resources the US government issued emergency legislation to lighten the regulation on fuel transportation. Extended shutdowns are “fueling” fears over pump prices.

The 5 Key anticipated cybersecurity risks in 2021 were reported as Endpoint threats (servers, VPNs and cloud based software services), Remote workforce exposures (weakened network security of remote devices), Cloud Security (business-critical data on cloud platforms), and Shortage of security professionals or services (availability and affordability). You can check out the full article here of expected cyber threat trends for 2021.

Newer threats emerging are “multi-stage attacks like ransomware or “low and slow hacks”. Ransomware attacks gain exposure through stolen credentials and are designed with the goal of systems and data infiltration. While mutli-factor authentication (MFA) is an important security feature to mitigate ransomware attacks, it is reported that 78% of Microsoft 365 admin users don’t activate MFA.

Colonial Pipeline’s hack is reported to be a ransomware attack, ” Sources said the ransomware attack was likely to have been caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial’s network and locked the data on some computers and servers, demanding a ransom on Friday.

The gang tried to take almost 100 gigabytes of data hostage, threatening to leak it onto the internet, but the FBI and other government agencies worked with private companies to respond. The cloud computing system the hackers used to collect the stolen data was taken offline on Saturday, Reuters reported.

Colonial’s data did not appear to have been transferred from that system anywhere else, potentially limiting the hackers’ leverage to extort or further embarrass the company, the news agency said.” You can read the full Colonial Pipeline article issued by BBC News here.

Mitigate Your Cyber Security Risks

1 – Identify and document asset vulnerabilities; What data are you storing?

2 – Identify and document internal and external threats; disgruntled employees, Dark Web techniques

3 – Assess your vulnerabilities; software security up to date and in place

4 – Identify potential business impacts; financial, operational, etc

5 – Identify and prioritize your risk responses; Response plan, best practices, documentation of procedures

Check out our previous articles on Cyber Risk at PEO Compass search Cyber. Libertate Insurance Services has Cyber Programs available to mitigate the loss.