Safeguarding Your Business: The Crucial Role of Cybersecurity and Insurance

In an age where digital threats loom large, businesses of all sizes must prioritize cybersecurity and consider the critical role of cyber insurance. Recent high-profile breaches at major corporations serve as stark reminders that no organization is immune to cyber threats. Ransom attacks, data loss, phishing schemes, and other cyber incidents can wreak havoc on operations, making it imperative for businesses to take proactive measures.

The Escalating Threat Landscape

The events of September 2023 witnessed two major corporations, Caesars Entertainment and MGM Resorts in Las Vegas, falling prey to cyber-attacks. Caesars Entertainment reportedly paid a staggering $15 million in ransom to regain control of their network. Just a few weeks later, MGM Resorts confirmed hackers stole an unspecified amount of customers’ personal information, including driver’s license numbers and social security numbers. During that attack, MGM had to deliberately shut down several services to mitigate the risk to customer information. As a result, resort customers could not use their digital room keys, ATM machines and slot machines were shut down across the resorts, hotel electronic payment systems were shut down requiring manual payments to be made and customers were even forced to call the front desk to turn on their hotel room lights (which were normally controlled with the digital keys) essentially reducing the entire hotel and casino to pen and paper operations. According to a filing with the SEC, MGM Resorts took a $100 million hit, much of this due to lost business from guests changing or canceling reservations during and following the attack. As evidenced by these recent attacks, the cost of a cyber breach can be expensive, but the overall impact to a company can be debilitating.

Such incidents highlight the far-reaching consequences of cyber breaches, affecting not only financial health but also disrupting day-to-day operations. The cost of ignoring cybersecurity can be devastating as demonstrated by some startling recent cybersecurity statistics.

• For 64% of companies, security incidents are caused by human error. (Zipdo)
• 45% of businesses had at least one significant cybersecurity incident in 2020. (Zipdo)
• Businesses took an average of 204 days to identify a breach and an additional 73 days to contain it. (Security Intelligence)
• Companies with 100 employees or less experience 350% more social engineering attacks than larger enterprises. (Barracuda)
• 85% of business email compromise attacks are urgent requests designed to get a fast response and 3 in 10 spear-phishing emails successfully trick users when they impersonate someone from HR or IT. (Barracuda)

Mitigating Risks through Proactive Measures

To safeguard against cyber threats, businesses, regardless of their size, should adopt proactive measures:

1. Implement Strong Access Controls and Authentication Methods: Employ multi-factor authentication (IMFA), endpoint detection and response (EDR), email/traffic encryption, enforce robust password policies, and restrict privileges based on job roles to ensure only authorized personnel have access to sensitive information.
2. Conduct Regular Security Audits and Penetration Testing: Identify vulnerabilities before cybercriminals do so by proactively seeking out and addressing weak points in your digital defenses.
3. Develop a Comprehensive Incident Response Plan: Prepare for swift and effective responses to cyber incidents. Outline the steps to be taken, contacts to reach out to, and communication strategies with stakeholders.

These proactive approaches not only protect your most sensitive information but also instill confidence in your clients and partners.

Cultivating a Cyber-Aware Culture

Acknowledging that human error remains a prevalent risk, creating a culture of cybersecurity awareness within the organization is vital and the first line of defense. Cybersecurity is a shared responsibility and every member of your team plays a crucial role in protecting your business. Start by:

1. Conduct Employee Training: Consider live in-person training during employee onboarding covering all organizational cybersecurity policies, measures, and tools. Also include regularly scheduled online or in-person trainings for all employees on topics like password best practices, recognizing phishing attempts, and safe internet usage.
2. Have Clear Cybersecurity Policies: Ensure you have clear policies on who incidents should be reported to and encourage employees to immediately report any suspicious activity promptly. Ensure your HR, accounting, finance, and accounts payable staff have proper checks and balances procedures in place before making any payroll changes, online payments, or other types of financial transactions.
3. Create Threat simulation: Work with your IT provider to deploy phishing and threat simulation for employees randomly throughout the year and conduct targeted training for employees who fall prey to the simulated threats.

Regularly monitor industry news and updates regarding cybersecurity threats and trends. This knowledge enables your organization to adapt its security protocols to the evolving threat landscape. Company leaders should set the tone by prioritizing cybersecurity. When executives and business owners demonstrate a commitment to security practices, it sends a powerful message to the entire organization.

The Role of Cyber Insurance

While robust cybersecurity measures are crucial, there is always an element of risk. Cyber insurance, like other business insurance, has become an essential component of modern cybersecurity strategies. It serves as a safety net in the event of a cyber incident, offering protection against financial losses and helping in recovery.

Types of Cyber Insurance Coverage:

1. First-Party Expenses:

This facet of cyber insurance addresses the expenses from losses that resulted from a breach of a business’s internal system. Examples generally include:

• Ransomware Payments: In the unfortunate event of a ransomware attack, cyber insurance can cover the costs associated with ransom payments to regain control of crucial data.
• Data Loss and Restoration: Coverage extends to the expenses involved in recovering lost or compromised data, ensuring business continuity.
• Business Continuity Interruptions: When a cyber incident disrupts operations, this coverage helps offset the financial impact.
• Public Relations Services: Reputation management is crucial in the aftermath of a cyber incident. Cyber insurance can cover expenses related to public relations efforts to mitigate reputational damage.
• Cybersecurity Incident Investigation: Costs incurred during an investigation of a cyber incident, including forensics and analysis.

2. Third-Party Expenses:

This coverage is intended for companies that possess third-party data such as customer-stored personal identifiable information (PII) and personal health information (PHI). This category would encompass:

• Victim Notifications: In the event of a data breach, businesses must notify affected parties. This type of coverage can cover the associated cost of notification along with any credit monitoring required to be provided to the victims as well as facilitating the notification process.
• Regulatory Actions and Fines: This coverage extends to penalties imposed by regulatory bodies due to non-compliance with data protection laws.
• Legal Costs and Lawsuits: If a cyber incident leads to legal proceedings, cyber insurance can help cover legal fees and settlement costs.

3. Cyber Crime Costs:

This aspect addresses financial losses incurred directly from criminal activities. It covers scenarios such as:

• Fraudulent Transfers: Instances where funds are fraudulently transferred due to cybercriminal activities.
• Social Engineering Attacks: Covering losses resulting from deceptive tactics employed by cybercriminals.

Key Considerations for Businesses

1. Cyber Insurance Policy Understanding: It is imperative for businesses to thoroughly comprehend the details of their cyber insurance policy or coverages. Working with an experienced insurance broker who understands the unique cyber security exposures of your business can make a significant difference in whether a cyber event is covered or not covered.

2. Proactive Cyber Risk Management: Cyber insurance is not a replacement for good cybersecurity measures and infrastructure. To enhance eligibility for favorable coverage terms, businesses should adopt a comprehensive cyber risk management program and cybersecurity measures.

3. Industry-Specific Risks: Different industries face unique cyber risks. For example, the healthcare sector often handles sensitive personal health information (PHI), making robust coverage in this area critical.

4. Future-Proofing Coverage: Given the evolving nature of cyber threats and the insurance industry, businesses should be prepared to reassess and update their coverage to align with emerging risks and industry standards.

5. Cyber Claim Reporting: Many cyber insurance coverages provide almost immediate resources for covered cyber claims. In the event of a cyber breach, your cyber insurance carrier should be one of the first calls made. Many of the coverages provided will help deploy immediate resources to mitigate a threat, help businesses navigate a ransom attack, activate a cyber forensic investigation, and much more.

Cyber insurance is a crucial component of modern cybersecurity strategy for businesses. Understanding the comprehensive coverage options available and considering key factors specific to your business can help fortify your defenses against the ever-evolving threat landscape. By investing in proactive cybersecurity measures and embracing cyber insurance, businesses can navigate the digital terrain with confidence, safeguarding their financial assets and reputation. Remember, in today’s interconnected and online world, cybersecurity is not an option; it’s a necessity. Is your business cyber-ready?

Evaluate your cybersecurity measures and insurability with our Cyber Liability Assessment.

Read more about cyber insurance now.

Written by: Andrea Rogers