We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe.
Are you addicted to your mobile device? Most of us are. Everything is a tap or swipe away. You can check account balances, pay bills, order from online stores, deal with business email and documents, etc… Essentially, mobile devices allow you to manage your life untethered. Hackers realize that too and are targeting mobile devices more than ever.
In several of my most recent “Cyber Tuesday” posts, I’ve discussed the importance of developing a comprehensive cyber risk mitigation strategy which includes IT security measures, well thought out incident response, business continuity documentation and cyber insurance. A recent ransomware event at the University of Calgary shifted the focus to the cyber insurance.
When addressing cyber risk and the threat of ransomware most of the time we focus on prevention and mitigation strategies. However, being prepared to respond quickly and efficiently when an event does occur is just as important to operations recovery, cyber event cost reduction, and brand/reputation protection. Having a well-defined, documented, and regularly tested Incident Response Plan (“IRP”) that aligns with your Disaster Recovery/Business Continuity Plan (“BCP”) can help your organization to recover from and remain operational during a cyber breach event.
When considering cyber related risk, many would often think, “How could my organization’s system be breached?” Hopefully, they plan some defense for their server being hacked and purchase Cyber Liability Insurance that covers first party loss. This is all well and good, but it is important to consider the exposure when storing data with an off-site storage provider or granting system access to a vendor/provider of any kind. What if they are hacked?
The recent changes to the OSHA record keeping rules that were issued a couple of weeks ago have been drawing quite a few negative comments from business and industry. The new rule has a component requiring employers with more than 20 employees to electronically submit information about work-related injuries and illnesses.
As it stands today securing a cyber liability policy is almost mandatory for organizations who store any client/customer related data or connect to the internet… which is almost everyone at this point. However, when a cyber breach or related claim occurs, looking to your traditional policies to provide coverage may be worthwhile.
You thought everything was in its right place. Firewalls are properly configured, systems are patched on a scheduled basis, anti-virus is up-to-date… but something has gone wrong and your network has been breached. Your employee or customer’s Personally Identifiable Information (“PII”) has been taken, or worse, been made public…but what happens next?
Ransomware strikes. Your critical data files have been encrypted and your business grinds to a halt. You have the choice to spend countless hours rebuilding from backups (if you were diligent enough to ensure they will work) or you can pay the perpetrator to unlock your files. This is the scenario many, many firms and individuals are facing now that ransomware is spreading like wildfire through malicious emails, “malvertising” campaigns and exploit kits.
One of the most significant cyber threats to any company’s security is the Rogue Employee. Who is this person? Someone who has been entrusted with access to the system(s); (i.e. databases, customer records, HR records, confidential email, etc.) and who chooses to hurt the company and fellow employees by intentionally performing a wrongful act or providing another with the ability to do so.
