All I want for Christmas is for businesses to understand cyber risks
Review the five myths that might be leaving your commercial clients vulnerable to a cyberattack.
As a broker, you know too well the challenges of trying to convince business owners of the importance of cyber coverage in an increasingly digitized environment.
Whether they object that their business is small and therefore not a risk or that their industry is “safe” from cybercrime, if they don’t have adequate risk management and cyber coverage in place, they are likely being tricked by pervasive misconceptions. In fact, 38% of business decision-makers failed to increase their cyber policy limits in 2021 despite knowing the heightened presence of threat actors.
Just look at the stats. In 2021, ransomware attacks cost businesses 170% more than in 2020, business email compromise claims were up 51%, and funds transfer fraud claims were up 28%. That’s a lot of threat actors on Santa’s naughty list.
As you head into Christmas with an eye on your early 2022 client coverage renewals, we’re here to help you bust the following common myths or objections to your customer’s business cyber risk exposures.
Myth #1: Our small business isn’t a target
Cybercriminals are finding it more profitable to target small and midsize organizations due to their ability to automate attacks and because businesses are more vulnerable due to the COVID-19 pandemic. In part, the rush to get up and running virtually quickly during the pandemic caused many smaller organizations with limited resources to overlook significant security risks.
In fact, according to our Cyber Insurance Claims Report, the frequency of incidents reported for organizations with fewer than 250 employees increased 57% from the first half of 2020 to 2021. Unfortunately for these smaller organizations, a ransomware demand can be catastrophic, averaging $1.2 million in 2021 for Coalition policyholders.
Myth #2: Our IT team has everything under control
Even the most skilled and well-funded IT departments need backup when protecting their organizations against cybercrime. With increased reliance on remote work and digital operational procedures, threat actors have exponentially more opportunities and ways to infiltrate any company’s network.
In the second half of 2020, the percentage of Coalition policyholders who experienced a claim due to insecure remote access increased from 29% to 39%. Additionally, the severity of these attacks increased by 103%. These numbers are likely a lot higher today. Cybercriminals are using more sophisticated techniques for classic attacks, including business email compromise, phishing attacks and funds transfer fraud.
It’s easier than ever for someone to slip through a company’s walls of protection, and when it happens the right insurance coverage can be there to save the day. This is even more critical for smaller businesses with fewer resources to dedicate to cybersecurity
Myth #3: Only businesses with credit card & personal health data are targets
Threat actors are no longer looking only to monetize employee or customer data; they take advantage of an organization’s reliance on it. Typically, a ransomware attack involves encrypting or deleting some or all of an organization’s critical information or data and holding it hostage at a high price.
Threat actors have also found new ways to exploit an organization’s digital infrastructure and assets. For example, two of the latest emerging risks are service fraud and bricking, wherein cybercriminals attach malware to your business network to steal computing power to mine cryptocurrency.
Myth #4: We aren’t liable for our vendors and other third-party cyber exposures
Third-party vendors such as IT service providers, customer relationship management platforms and cloud computing providers often require access to an organization’s network to provide their services. In such cases, these vendors can update the software on the system and trusted sources of links, files and other attachments that can be used to distribute malware. This means that if the vendor experiences a security breach, its partner organizations could well be impacted.
There is a lot at stake for businesses through third-party risk. IBM reported that vulnerabilities in third-party software have cost businesses $4.33 million annually and were the root cause of 14% of breaches. And unfortunately, the risk and severity of these events are only increasing.
For the vendor and technology organizations, third-party and errors and omissions liability also be costly. Even if they are not to blame for the breach, notification and litigation processes can be expensive in both time and money.
Myth #5: Cybersecurity is an IT department issue
With more than 30% of businesses conducted online, cybersecurity is not just a technology issue but a total business risk. Digitization means that a breach poses a serious threat to an organization’s entire operation, and adequate cyber protection needs to include all aspects of the organization, from the IT department to employee training and financial practices. This includes having the right insurance coverage.
Sophia Kudlyk is product marketing manager for Coalition. She has a background as a cyber insurance broker and is driven by her specialized industry insights and collaboration to ensure a resolution for cyber risk.
This article originally appeared on the Coalition blog and is reprinted here with permission.
Opinions expressed here are the author’s own.
Related: