Cyber Insurance and Data Risk Protection
Are you "The Guardian" of your people?
Protectors of the modern workplace look to modern insurance to:
Reduce anxiety - The modern threat to businesses today come from reliance on technology systems and having access to private information. Crimes that aim to take your companies hard earned money and resources by taking out technology systems or sharing private data. The cyber crime organizations face today can be overwhelming. A good insurance partner and program will help simplify the confusing threat landscape and protect your work family from financial harm by cyber crime. We help you become the protector of your organization's survival and profitability in a data driven world full of daily cyber threats.
Protect Your Work Family - You don't need to become an IT nerd, a hacker or a security analyst. Spend only a few minutes of your time with a trusted cyber insurance partner to learn what the most common data and cyber risks your work family face. Then, decide how to best to protect your organization.
What is Cyber Liability Insurance?
Cyber insurance is designed to protect people & organizations from reputation and financial damages incurred from electronic threats to your computer systems or from unauthorized access to data (digital or paper). Stolen or damaged information can bring expensive liability and recovery costs. A cyber policy also offers preventive and risk management components to decrease the likelihood of a breach.
Click here to download a PDF to learn what cyber insurance covers.
Who is Cyber Insurance for?
Cyber coverage is available for any business, small and large, nonprofit organizations, and retailers. Any organization that stores or processes sensitive information like names, addresses, Social Security numbers, medical records or credit card information needs cyber insurance. Not only that but organizations whose operations are reliant upon computer systems and adequate up-time to provide goods or services. We can help assess the risks to your business, getting you the protection you need in today’s data and system reliant world.
Click here to download a PDF to learn if your organization has cyber risk.
How to become a guardian of your work family in the era of cyber crime:
- Utilize available resources to gain a basic understanding of the growing threat of cyber crime before it's too late. If still unclear, schedule time with your trusted partners to discuss. You can click here to download a free questionnaire PDF to learn if you have any cyber risks to cover. During discovery, consider reaching out to the following resources: legal, technology vendors, cyber insurance agent, and cyber security vendor.
- Fill out a simplified form to get an estimate on Cyber Insurance from multiple carriers. This will allow you to evaluate some different options.
- Choose an insurance carrier and policy that makes sense for your organization, protecting it from massive financial loss many organizations are facing today. Work with a trusted insurer to submit an application for a firm quote.
- Bind your policy of choice by making your first premium payment. Utilize the preventative and planning resources from your cyber policy to strengthen your overall security posture with adequate policies, procedures, and technology. Maintain your relationship with your trusted team from step 1 as you grow and protect your business.
Once you've completed steps 1-4 you now have all the tools and plans in place, you know who to call when Susan's email is compromised or when Jonathan wires company money to a fraudster. All you have to do is pick up the phone and put your cyber policy to work.
What kind of dangers are organizations facing today?
REAL MICHIGAN CLAIM SCENARIOS:
West Michigan - A business consulting office kept paper files of all their employees and clients. One day, they discovered that the closet containing the files had been left unlocked and someone had stolen boxes of paper files. This information included Social Security Numbers, names, birth dates, addresses, and financial information from their employees and clients. According to the laws pertaining to breached personal information, they needed to notify the individuals that were impacted. The policy responded to this because Identifiable Information in any format (not just on computer systems) was a covered risk. Experts were brought in to determine who was impacted, sent out notifications that satisfied regulatory laws, and established a call center to handle any inquiries from those impacted. The impacted individuals were also provided Identify Theft/Fraud coverage (as required by law). This situation ended up costing over $500K to remedy.
East Michigan - A construction materials manufacturer employee received an email from an unknown source, requesting that they click a link to verify some information. The link was clicked but nothing happened - they didn’t think anything about it and went on about their day. A few days later, the entire computer network stopped working and required a BitKey to access the system – they had just suffered a ransomware attack. The company primarily receives orders from their online portal which had been shut down because of the ransomware.
To remedy the situation, computer forensic experts used backups to roll back the system to a previous version. They eliminated the ransomware and ensured there was nothing left in the system. At the end of the day, this Cyber incident racked up a bill of approximately $600K due to lost income and the cost of the forensic experts. The ultimate root cause was an employee falling for a phishing scam by clicking the link coming from an unknown source.
Common Misconceptions FAQ:
Q. I have a professional IT service provider, they know what they are doing, right?
A. Mostly, Yes! Many Managed Service Providers (MSPs) will actually recommend having a Cyber Policy because these firms understand the risk, no matter how secure the system.
Q. Are hackers even interested in targeting small and medium sized businesses?
A. 43% of All Data Breaches Target SMBs.
Q. My data is stored in the cloud, so I'm not responsible, correct?
A. Unfortunately, if your company originates data on customers, your company is 100% liable for the data. It doesn't matter if it's stored in paper files, "the cloud", an email account, on a PC/ laptop, or an on-premise server.
Q. Ransomware isn't that bad, right? I can shell out $1,000 if we have a breach.
A. While it's true that the average ransomware payment back in 2017 was only $1,000. The average cost of a ransomware payment in 2019 was $200,000 and that's just the average! That doesn't even include any costs to notify customers, restore systems or loss of income.
Q. We have good offsite backups, we don't need to pay ransomware, correct?
A. We hope so, one goal is to not pay criminals and continue perpetuating the criminals endeavor. However, we are now seeing a new trend, like the MAZE group, where they not only encrypt your data, they steal a copy and promise to slowly leak the data until you pay.
What Does Cyber Liability Cover?
In a nutshell, coverage can include the most prevalent cyber crimes and exposures:
- Ransomware
- Extortion
- Business Email Compromise (BEC)
- Social Engineering and Phishing
- Data Leak & Breach Notification
- Data restoration
- Insider Threat
Further, with a comprehensive cyber liability policy, you can feel confident you’re covered in case of data breaches and related issues, including:
- Data compromise protection to cover employee and customer information if your data should ever be hacked, stolen (physical and electronic), corrupted, or subject to procedural errors or internal fraud
- Legal cost protection incurred by legal reviews
- Forensic services to assist in determining the nature, extent, and perpetrators of an electronic breach
- Personal services for any persons affected, which may include help line services, credit monitoring and case managers for identifying theft victims.
- Public relations costs paid for firms to review and respond to the potential impact of the data compromise
- Costs of legal defense in an event that the company is sued due to the breach
Identity recovery protection to identity fraud victims and restore their credit history and records. This includes owners, employees and family members.
We can help protect your business against damage to electronic data, virus or malware attack, liability to third parties, and also help recover the cost of:
- Business Email Compromise (BEC) where money is stolen because a bad actor has used (stolen) a trusted identity and requested funds to be transferred to a new bank account.
- Ransomware payment if needed for recovery.
- Restoring and recreating data to your system
- Restoring systems to pre-attack levels
- Extortion Protection - where a criminal copies all of your data and promises to leak your data slowly to the public. (Google the latest news about the MAZE group)
- Lost business and unforeseen expenses
- Public relations services, to communicate with outside parties concerning a computer attack and your public response
There are also many training, educational, and preventative resources available with the best policies. Tools such as eRisk Hub or additional coverage that will actually pay to strengthen your network after a breach known as "betterment" coverage.
Why Work With Craft?
Ben Rupp is our resident IT Manager and Cyber Insurance Account Executive.
As an IT Manager since 2012, he's been responsible for strategic IT planning, administration, and support. He provides valuable insight into the thought leadership of our company around It's mission, purpose and vision. He has spent many hours over the years training our employees and securing our environment.
As a Cyber Insurance Agent, he enjoys coming alongside leaders in organizations and helping guide them through prevention & protection strategies for cyber risks - giving them the tools they need to best protect their company and work family. Contact Ben if you want to discuss ways to educate, evaluate best practices, and appropriately manage and mitigate the risks of today.
Here are Ben's top 5 cyber risk management tips:
- Security Awareness Training - Find ways in your organization to educate and create a culture of security - a willingness to recognize, report, and investigate suspicious email or communications. A human firewall is your best defense.
- Strengthen Password Management - This includes implementing or revisiting written procedures to include multi-factor authentication (MFA), longer passwords, and secure storage of ALL passwords. If a user is tricked into providing a password, often times MFA is just the additional layer of protection you need to avoid being breached.
- Timely Patch Management - Again, if a malicious person makes it past your human firewall and they try to trick someone into installing a virus or malware (easier than you might think) having critical software vulnerabilities "patched" by having the latest security updates can also prevent an attack.
- Assurance by Insurance - There will always be Zero-Day vulnerabilities and sneaky hackers that can get past sandbox environments and threat detection programs. Even the most highly trained employees may have an off day and click a malicious link. The costs of breaches can be devastating to organizations. In fact, according to the National Cyber Security Alliance 60 percent of small and mid-sized businesses that are hacked go out of business within six months.
- Have a Plan - The most important thing during a breach is to know what to do. With a proper insurance policy you should have access to tools like eRisk hub for ways to prepare, train employees, and plan for cyber incidents. There's nothing better than the relief of knowing that all you have to do to start working through an incident is to make a call and allow your policy plan and protection to kick in and guide you along the way.
Have Questions?
Call, text, email, or fill out the form below to learn more today.
- cyber@craftagency.com
- Mobile: (269) 425-1269