A few weeks ago, we alerted clients to an alarming increase in cyber attacks. COVID-19 has presented many new challenges for businesses; among them is an increased risk of cyber attack, as unprecedented numbers of employees work from home. Record numbers of people online, means increased opportunity for cyber criminals and hackers. Cyber Liability insurance is one way to help protect your business from the effects of a cyber attack.
Cyber attacks on the rise during Coronavirus Pandemic
As we become more dependent on working remotely, clever cyber criminals are preying upon our increased reliance on technology for conducting business. At the beginning of April, David Kennedy, a cybersecurity consultant, reported to CNN.com that his company has seen a more than “500 percent increase in attacks directly related to work from home individuals” as a result of the Coronavirus Pandemic. (1)
Since the start of the COVID-19 crisis, there has been a dramatic increase in cyber attacks that use the pandemic, to lure businesses and the public. Three recent cyber threats of this nature include:
1. Phishing Attempts:
-Official-looking emails that appear as though they are sent from the Centers for Disease Control (CDC) or World Health Organization (WHO) that contain links or infected attachments
-Online offers suggesting either COVID-19 treatments or prevention tips
-Emails asking for donations to local or national charities
-Free downloads or attachments of COVID-19 guidelines
2. Maze Ransomware Attacks: During the weeks of the COVID-19 crisis, maze attacks have increased. Maze attackers use multiple methods to breach systems and encrypt data, which locks companies out of their systems and can halt business operations. The most harmful aspect of a Maze attack is that the cyber criminals also threaten to publicly release confidential and proprietary company information in order to extort a ransom payment.
3. Cyber Brute Force Attacks: Kaspersky, a cyber security firm reports that brute-force attacks targeting RDP endpoints, have risen sharply since the start of the coronavirus (COVID-19) pandemic. “RDP or Remote Desktop Protocol is a technology that lets users log into remote workstations. RDP endpoints are secured via a username and password, and, as such, are vulnerable to brute-force attacks — repeated login attempts during which hackers try different username and password combinations, hoping to guess the login credentials.” (5) RDP brute-force attacks are always happening on the internet but Brute-force attempts against RDPs, have spiked as people all over the world work from home, and need to use RDP to log into work computers and servers from their homes.
No business too small to fall victim to cybersecurity attacks
Many small business owners have the misconception that their business is too small to be targeted by cyber criminals, hackers, or to fall victim to a data breach. The Keeper Security/Ponemon Institute Small Business Report indicated that, “54% of small businesses think they’re too small for a cyber attack.”(3)
No business is too small to fall victim. Whether you’re a sole proprietor or a 5,000-person company, your business is vulnerable to data breach. In fact, small businesses are a favorite target of clever cyber criminals, as they typically don’t have the budget and resources to invest in high tech security measures. Also, small businesses sometimes overlook the value of the information they store, believing it to be of little interest to cybercriminals. Symantec’s 2019 Internet Security Threat Report revealed that employees of smaller organizations were more likely to be hit by email threats such as spam, phishing, and email malware than those who work at large organizations. (3)
In 2018, “58% of cyber attack victims were small businesses,”according to the Verizon Data Breach Investigations Report. (4)
A sophisticated attack could cripple a small business, as the average cost of cleaning up after a breach is between $150K to $200K. We can expect these numbers to increase exponentially as more businesses work remotely. The good news is that some of these cyber risks can be transferred to an insurance provider through a cyber policy.
Cyber Liability Insurance can protect SMBs from effects of cyber crime
Cyber Insurance can mean the difference between a small business being able to re-open after a data breach or cyber attack and going out of business. Cyber insurance policies can vary widely as they can be custom tailored to each particular companies needs.
Generally a cyber policy provides some of the following coverage for expenses and losses:
- Business Interruption (i.e. loss of income due to your company’s computer or network failure)
- Notification Costs and Credit Monitoring
- Crisis Management and Public Relations Expenses
- Data and Systems Restoration and
- Regulatory Fines & Legal Proceedings
It’s a great time to add cyber liability coverage to your existing business insurance program. Increased market capacity, claims experience and a larger pool of buyers have made network security and privacy liability insurance coverage more cost effective and easier to obtain. The cost of a cyber policy is based on your risk exposure and the current protocols you have in place, but many businesses can secure coverage for around $1,200 per year.
Experts agree, it’s no longer a matter of if your business will fall victim to a cyber attack but when and 60% of small businesses never re-open after an attack. Cyber fraud protection is an essential part of any sound risk management strategy and business insurance program. While no coverage can remove every risk your business faces, cyber insurance helps provide peace of mind your business will be able to re-open after an attack.
As cyber criminals continue to find new ways to exploit weaknesses, an experienced insurance agent can provide your business with a custom business insurance program that includes the protection you need to mitigate cyber risk.
Kyle Carrigan, CPCU
Author Kyle Carrigan, CPCU is a Commercial Lines Sales Executive who specializes in providing small to mid-sized businesses with comprehensive insurance protection and risk management strategies. For business insurance questions or to contact Kyle directly, click here to send him an email or call 617.281.9177.
- “Working from Home Cyber Security” CNN Business 04/14/20
- AXA XL 04/30/20 “The Pandemic Exploit: Cyber Criminals Ramping Up Phishing Attacks Among Covid Crisis”
- “15 Small Business Cyber Security Statistics You Need to Know” Maricopa, SBDC.com 09/27/19
- forbes.com, Ivy Walker, 01/31/19 “cybercriminals have your business their crosshairs and your employees are in cahoots with them”
- zdnet.com “kaspersky Rdp Brute Force Attacks have gone up since start of covid-19” 04/29/20, Catalin Cimpanu