Cyber Insurance – Data Breach Insurance

Crime Insurance has changed tremendously over the years as crime has changed. Crime has evolved from masked men with baseball bats to geeks sitting in a coffee shop, silently stealing millions from your bank account – and insurance has evolved to include Cyber Insurance.

Traditionally, ‘theft’ insurance needed to fall within the definition of the Theft Act 1968 which for commercial premises needed forcible and violent entry, although this wasn’t a requirement for homeowners to claim for theft.

Why Cyber Insurance and Data Breach Insurance Is Important

Cyber Insurance exists because of an increasing number of businesses falling victim to cyber criminals using technology to either blackmail you into paying them to release your business records (known as a ransomware attack) or con you into voluntarily giving them your money (known as social engineering and/or a phishing or smishing attack). You can even find your telephone system has been hijacked and used to make calls to an overseas premium rate number (phone hacking).

A traditional insurance policy was not designed to cover any of these crimes, so this is why a whole new type of insurance, Cyber Insurance, has evolved to protect individuals and businesses.

Ransomware is nasty stuff, it’s usually caused by someone inadvertently clicking on a link which uploads a virus into your system, and then after a period of time, say 3 months (long enough to infect all of your backups) you get notified that your system has been locked down and the only way to regain access is to pay a ransom of £X to a designated bitcoin account.

But even if you do this, you have no guarantee that you’ll get access back and if it’s a terrorist organisation, you could be committing a crime by funding them…

And then of course, your details will posted on the Dark Web as a known payer of a ransomware attack, so you’re bound to get targeted again in the future.

Examples of Cyber Attacks And How Cyber Insurance Could Help

Social Engineering attacks prey on human nature. A classic attack will come from the Boss to a junior member of the Accounts Department with an order to make an immediate payment, with dire consequences if it isn’t carried out. The message is of course fake, but the ‘bad guys’ often monitor keystrokes to get the terminology the Boss would use to make it appear genuine.

We get Social Engineering attacks every week, the best precaution is to have an open culture where staff don’t blindly follow orders and would use their initiative to ring the Boss and check with him/her in person.

Hiscox insurance has an example where the head of finance at a UK marketing firm received a number of emails from his boss, a director of the firm, requesting transfer payments to be made to bank accounts listed in the emails. The company had no control procedures in place so, as the emails seemed genuine, he authorised the payments. The requests were sent over a two week period, during which time the director was on holiday. When the director returned to the office, it was discovered that his email account had been cloned and the payment requests were fraudulent. In this instance the fraud payments totalled in excess of £100,000.

Another common attack that Cyber Insurance could help with is to hack an incoming email from a supplier and change their bank details so you pay the money into a fake account. When this happens you find yourself having to pay the supplier again, or risk legal action, and often banks cannot help, as it was a payment you voluntarily elected to make.

One way to protect yourself is to always telephone someone before you pay them to check their bank details verbally, but don’t email them as the ‘bad guys’ will be expecting that and will just intercept the email and answer it. Solicitors have often been the victim of this crime particularly when it comes to conveyancing transactions and sent vast sums of money to the wrong person.

Another example Hiscox use is the UK finance manager of a technology company was responsible for the payments of invoices to the company’s suppliers. One supplier had not been paid and so had been chasing the overdue invoice payments. Two of the emails the finance manager received from his contact at the supplier notified a change of bank details and currency for the overdue invoices.

The emails included the supplier’s original invoices, so he paid the overdue £35,000 in the new currency to the new bank account. The bank then supplied a credit confirmation which showed the bank account wasn’t connected to the supplier. This prompted the finance manager to review the emails and he noticed the email addresses and invoices had been slightly altered in the two emails.

Smishing attacks also rely on your being naïve enough to give someone access to your bank details because they sent a text message purporting to be from your bank, sadly they can be very convincing… but Cyber Insurance could help you deal with this kind of scenario.

Telephone hacks are also increasing common with VOIP telephone systems. We get targeted frequently and we have had clients who suddenly find themselves having incurred £20,000 of phone calls over a weekend. Often the telephone companies are not helpful especially if the calls were to overseas numbers as they will have incurred the cost of placing the calls and expect you to pay. Always make sure your firewall is up to date and any passwords on your phone system have been updated.

Cyber Insurance Is The Solution To Cyber Crime Losses

The solution to all of the losses outlined above is Social Engineering & Cyber Insurance. Several insurers are now offering this and it can protect you although they will expect you to put certain controls in place.

This type of insurance can also cover traditional ‘white collar’ crime such as internal theft by an employee (aka fidelity theft). This is potentially disastrous for a business as it’s often carried out by the head of finance or someone equally trusted, so not only have they lost thousands of pounds but a key person within the business is no longer there either to help them recover.

From a report prepared by Hiscox relating to embezzlement, the average crime took place over 5 years and cost $319,000. The average age of the criminal was 48 and 51% of them were women. 55% of crimes involved businesses with less than 100 staff, so it is real, it can happen and you can buy Cyber Liability Insurance to protect you.

Please don’t just renew your traditional insurance policy, instead talk to us about Cyber Insurance and find out whether there are more suitable insurances for your business to either make the cost lower or the cover more appropriate for your business. This is especially important if you have not considered the affect of cyber crime on your business before.

Prizm Solutions is very different from most brokers. One of our directors is a leading IT Consultant and we are at the forefront of developments in Cyber Liability Insurance and Cyber Crime Insurance. Also, in most cases you will find that we don’t take a commission like most brokers. We are a very ethical business and much prefer to charge a fee. We feel this is more transparent and gives you peace of mind that we are placing your business with the best insurer with the best policy for your unique needs.

Please click here to arrange a call back so we can discuss your Cyber Crime Insurance policy requirements and help you make an informed decision regarding this or any other insurance matter for your business or for you personally. Or email us if you would like a quotation.

Would you like a quote or to find out more?

We’re happy to give you a call back, fill in the form below and we will be in touch a.s.a.p