When educating clients about Cyber Insurance, you must tell them how policies address the latest cyber threats.
They may know they need protection from ransomware. But do they appreciate their need for bricking coverage? Do they understand how social engineering leads to business interruption and lost reputation?
To keep current and to help clients do likewise, we at ProWriters have prepared this overview of ongoing and new cyber attacks.
5 Old and New Cyber Attacks Your Clients Need to Know About
Here are some pressing cyber security issues for multimillion-dollar corporations, “mom and pop” shops, and enterprises in between:
1. Social Engineering Attacks
Social engineering exploits “our most basic human traits,” writes the Office of the Director of National Intelligence, including our “desire to be helpful” and “provide a positive response to those in authority.”
At ProWriters, we ranked one particular social engineering method, spear phishing, as a top threat for which to prepare in 2023. Spear phishing emails target specific individuals to trick them into giving up login credentials or sensitive data. Their personalization, familiar tone, and customized content make these emails hard to spot.
But generic phishing emails continue to claim victims, as do other social engineering attacks. Commercial Crime Insurance may cover social engineering fraud, but only to a specified limit, after which businesses must rely on excess coverage in Cyber policies.
2. Invoice Manipulation
In invoice manipulation schemes, cyber criminals use legitimate credentials they’ve illegitimately obtained to send fraudulent invoices or payment instructions via the targeted business’s email. The business won’t discover the fraud until it sends a legitimate invoice.
Many businesses believe the social engineering clause in their Cyber Insurance covers invoice manipulation. But those clauses cover cyber incidents in which the targeted company’s employee gives up money, products, or goods and services. In invoice manipulation, third parties receive emails from the targeted company and then give up money, products, or goods and services in turn.
Commercial Crime policies do not generally cover invoice manipulation. Businesses must be sure Cyber policies address this threat.
3. Bricking
When an electronic device is damaged beyond repair, it has fallen prey to bricking.
Some bricking happens accidentally when updates don’t finish successfully. Accepting and completing updates in a timely way while plugged into a power source can help prevent this kind of bricking.
But what is bricking in Cyber Insurance terms? It’s the result of cyber criminals installing malware (malicious software) on a device, rendering it inoperable. For example, malware may wipe all data from the hard drive or corrupt the operating system.
Bricking coverage insures the costs of replacing computer systems and other hardware made useless by malware. Without bricking Cyber coverage, these costs will drive up the total price of recovery from a cyber event.
Before you continue reading, follow us on LinkedIn so you don’t miss any important cyber updates:
4. Cryptojacking
When cyber criminals install malware on devices to “mine” cryptocurrency such as Bitcoin, they’re involved in cryptojacking.
Cryptocurrency is digital currency. Transactions are anonymous and decentralized. They can be validated only through solving complex mathematical puzzles—cryptomining. The miners who first solve the puzzles get financial rewards. This process puts new cryptocurrency into circulation.
Cryptomining requires enormous amounts of computing power and electricity. Cyber criminals avoid the expense of legitimate cryptomining by hijacking other people’s devices and networks.
Cryptojackers use malware that runs undetected. Apart from causing infected devices to run slowly, the malware can be hard to detect, let alone trace.
Businesses should pay attention to signs their devices are running harder but less effectively (for example, cooling fans running too much). They should regularly scan for malware and monitor outbound connections in real time. And they should be certain their Cyber Insurance addresses cryptojacking.
5. Ransomware
Don’t let issues like bricking coverage and cryptojacking make you think ransomware isn’t still a critical threat.
Ransomware attacks declined in 2022. However, data breaches via ransomware compromised many more records.
And cyber extortionists continue to use more advanced ransomware. Double extortion ransomware steals and threatens to release data. Triple extortion ransomware demands payment from not only the targeted business but also its customers.
When ransomware succeeds, it usually does so due to human error. Learning to identify possible phishing attempts in emails, texts, and other electronic messages is the first line of defense. Exercising vigilance when downloading files is also key.
Download Cyber Claim Examples to Inform Your Clients
We haven’t exhausted all of the digital dangers today’s businesses face. But securing a robust Cyber Insurance policy is one of the most important steps a business can take to protect itself from them all.
When the policy includes the protections we’ve mentioned—social engineering clauses, invoice manipulation coverage, bricking coverage, cryptojacking coverage, and ransomware coverage—and others, it’s indispensable protection from financial damages associated with existing cyber attacks, and new cyber attacks to come.
For more information to help your clients appreciate Cyber Insurance’s importance, fill out this form to download your free copy of our eBook, Cyber Exposure: What’s the Real Cost.