Despite the constant news reports of cyber attacks, many business owners still fail to grasp the dangers of cyber threats and their potential financial and reputational damages. In 2019 alone, more than $3.5 billion dollars was lost due to cyber crime. And, 2020 has shown no sign of slowing down. In fact, research demonstrates that damages could reach up to $6 trillion dollars by 2021.
As more and more small business owners finally recognize that they too are at risk—58% of cyber attacks are on small businesses—cyber insurance policies are finally being recognized as a necessary expense for every organization. Along with offering broad and comprehensive first and third-party coverages, should their policyholder fall victim to a breach, many insurance providers offer cyber security risk management tools to help their insureds avoid an attack altogether.
A strong cyber security posture is multifaceted. While an organization may have taken the precaution of purchasing a cyber policy, this can’t protect them from attacks occurring. On the offset, an organization who takes all cyber security precautions available, but doesn’t have a cyber insurance policy, is still at extreme risk. Even with every cyber security measure in place, the chances of a successful attack remains high.
To truly protect themselves, clients need both strong cyber security risk management practices throughout their company culture and a comprehensive cyber insurance policy in place. The good news: Many cyber insurance carriers offer a number of risk management resources to help your clients stay in front of imminent security threats.
Resources to Enhance Your Clients’ Cyber Security Posture
Protecting your clients from cyber threats benefits them in multiple ways. Your clients avoid reputational damages associated with a data breach, the out-of-pocket cost of their cyber insurance deductible, and a possible increase in their premiums.
Taking advantage of the many cyber security risk management tools their carrier may offer, will help them maintain their status as a low-risk insured with employee training tools, risk assessment calculators, new on the latest risks, and more. Options from current carriers, include:
- Risk Management Tools
- Data breach cost calculator
- Free self-assessments
- Guide to local state breach notification laws
- White papers and webinars from leading technical and legal practitioners
- Best-practices articles
- News Center: Cyber risk security and compliance blogs, risk management events and helpful industry links.
- Learning Center: Free online security training courses to educate employees and staff on standard data security measures.
- Experts/Vendors: Quickly find external resources for experts in pre-breach fields.
- Credential Monitoring: Receive alerts when your employees’ credentials, passwords, and data have been compromised in third-party data breaches.
- Patch Manager: Receive alerts, continues system scans, and locates out-of-date software and vulnerabilities.
- Threat Monitor: Receive notifications of new risks, before the damage is done.
- DDOS Mitigation: Protection of websites that can be set up in minutes.
- Ransomware Prevention: Receive protection from 99% of known ransomware attacks.
- Compliance Security Training: Offers five cyber security training courses, including security awareness, PCI, HIPAA, and GDPR.
- Employee Training: Covers topics such as phishing, cyber security 101, and current scams and cyber criminal techniques.
- Compliance Management Risk Tracker: Keeps compliance on track so a deadline is never missed, offers employee training reminders, audits and inspections, corrective actions, and other compliance reporting needs.
- News Center: Provides regular updates on the latest threats, trends, and attacks on cyber security.
- Information Security Assessment: Locates security gaps to prevent a breach.
- Incident Response Readiness Program: Prepares for an attack to ensure an effective response (should the time come).
- Information Security Testing: Tests defenses, identifies vulnerabilities, and provides remediation direction.
- Information Security Consulting: Offers security consulting at discounted prices through their partnership with ProWriters.
Security Awareness: Additional Cyber Security Best Practices for Clients
While cyber security is anything but basic, regularly taking a moment to circle back on some of the standard risk prevention methods is important. As loss prevention plans become more complex, some of the most serious threats can occur due to basic errors:
1) Focus on Employee Education and Awareness
Employee error continues to be one of the biggest vulnerabilities to organizations and businesses. Understanding how to identify a cyber attack, especially constant social engineering attempts, will help employees avoid falling for clickbait pitfalls. It’s important to know what to look for:
- “Clickbait” Subject lines: These subject lines often seek to instill fear or panic with notices of overdue invoices, overdraft fees, final notices, and more.
- Poor Grammar: Numerous grammatical and spelling errors are a red flag that the correspondence is likely from a hacker trying to pose as a legitimate business or organization.
- Vague Greetings: As hackers may not have your personal information yet, emails, texts, or letters may begin with, “Dear Customer,” rather than using an actual name.
As these threats are constantly changing, one training does not cover all. Employees should be accustomed to regular training and tests on cyber threats and cyber security should remain an important aspect of company culture.
Five of the latest cyber threats to watch for include:
- Cloud-based services attacks
- Bricking attacks
- Cryptojacking attacks
- Internet of Things (IoT) attacks
2) Utilize Multi-Factor Authentication
Requiring users to present two different pieces of identifying information to validate their credentials will often stop hackers that may have been successful in stealing a password.
3) Select Strong Passwords
Hackers use software that can guess thousands of password combinations in minutes. A strong password utilizes both upper and lowercase letters, numbers, and symbols. The longer and more complex the password, the harder it will be for hackers to guess.
The Other Piece of the Cyber Security Puzzle: Cyber Insurance
Risk management procedures are only part of your client’s entire cyber security posture. These efforts can greatly reduce their chances of a successful cyber attack, however, with the extent of cyber threats that are deployed every day, a successful attack on your client’s business is likely imminent. With a cyber insurance policy in place, all of your clients will be protected from potentially devastating damages.
These coverages can include:
- IT Forensic Costs
- Notification Costs
- Credit Protection Costs
- Crisis Management Costs
- Crime and Social Engineering Attacks
- Costs related to a breach of Personally Identifiable Information, including:
- Credit card numbers
- Social security numbers
- Bank account information
- Personal health information
- Sensitive corporate information
- Third-party claims related to:
- Breach of contract
- Negligent protection of data
- Network security breaches
- Transmission of software viruses
- Denial of service attacks
- PCI fines and penalties and assessments
- Additional coverages
- Multimedia coverage
- Cyber extortion
- Cyber business interruption
- Hacker damage or digital asset damage
Following a security breach, the average company will face $200,000 dollars in financial damages. Make sure your clients have the right coverage to protect them!
ProWriters is Here to Help
For additional cyber security risk management tools to help strengthen your clients’ cyber security posture, check out ProWriter’s FREE Broker Resources guide, which includes:
- Marketing and Education Materials
- Risk Management Resources
- Video Resources
For additional information on how you can best service your clients, download our latest eBook, The Six-Step Guide to Becoming Your Clients’ Cyber Expert, which provides information on how to identify your clients’ potential exposures, how to prevent cyber attacks, how to mitigate the damages of a cyber attack, and how a cyber policy can best protect your clients.
To find the best cyber insurance policy for your clients today, get started with our Cyber IQ Comparative Rate Portal where you can instantly compare multiple quotes from multiple carriers.
Have questions? Contact us, or call a ProWriters expert today at 484-321-2335. With upwards of 20 years of experience, we are constantly analyzing our processes and evolving to save you time and make the process of buying and selling insurance even easier. Get started today!