Interest in cyber coverage is at an all-time high, and those who previously thought it a luxury — or not a necessity — are taking a much closer look at their exposures.
A recent Marsh report shows that cyber insurance purchases grew 32% in 2014 when compared with 2013, and up 21% in 2013 over 2012. "The yearly increase shows that organizations see cyber as a risk to be managed, not merely a problem to be fixed by IT," the report asserts.
Damian Caracciolo, vice president and practice leader at CBIZ Management & Professional Risk, said that cyber attacks affect all industries, but the type of attack deployed depends on the industry to which the company being targeted belongs. In 2015, the health care, financial services, retail and education sectors were those that saw the greatest number of cyber incidents.
Caracciolo said that cyber attacks come in many different forms, and the type of attack on any particular company depends on the type of information the intruder is looking for. Here are the five major types of attacks to which your organization would be vulnerable:
Brute force attacks search for vulnerabilities and attack password-protection mechanisms. (Photo: iStock)
|1. Brute force attack
A very sophisticated software or algorithm which is written to do whatever it can to attack your system — by searching for vulnerabilities — and in many cases, attacks a password-protection mechanism.
The brute force attack will use a specially designed software to go through hundreds of thousands of different words, combinations of words and numbers to try to crack your password, said Caracciolo of CBIZ. He added: "They will even go through every word in the dictionary to see if they can access something like a password."
Social engineering fraud doesn't target data, it targets the money. (Photo: iStock)
|2. Social engineering/cyber fraud
"If you're in the treasury department, and I send you an e-mail that looks like it's coming from the CEO or CFO requesting that you 'wire funds on the merger acquisition that we have pending, I would like that money wired today — this is your authorization to get it done,' whoever is working in that accounting or treasury department will wire the money," said Caracciolo.
He added that they're not attacking your system, they're attacking individuals, and the company's wire-transfer policies and procedures: "We're seeing a prevalence of that today, and that's significant because the losses tend to be in seven figures. This type of attack doesn't target data, it targets the money and once it's transferred it's unlikely that you're able to retrieve that money."
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.