President Calvin Coolidge famously observed that “the chief business of the American people is business.” In that vein, any cybercrime threat to American business is legitimately a national security threat. The magnitude of that threat is open to debate, but at least one former White House official believes that cybercrime is “the greatest threat to our national security, over terrorism.” Businesses may not be able to stop cybercrime, but they can protect themselves from the financial losses that result from breaches of their information with cyber security liability insurance.
One constant trend in cybercrime is that as organizations have implemented more robust cybercrime defenses, hackers have developed smarter and more sophisticated tools and techniques to accomplish their data breaching cybercrimes. Consider, for example:
- Cybercriminals are using new “click on the attachment” tools to insert malicious code into internal information systems. Employees regularly neglect warnings and other training and routinely click on MSWord and other attachments from unknown sources, inadvertently infecting a company’s information system.
- Hackers have learned to follow the money and are targeting financial officers, controllers, and other internal personnel who are close to a company’s finances with fake messages that request fund transfers. Contact information for financial personnel is easy to discover through a company’s directory or its public web presence.
- Social media opens the door to massive cybercrime attacks. Companies that use social media to market their products and services expose themselves to hackers who jump onto social media platforms to connect with customers and vendors. They then use those connections to further their cybercrime efforts.
- Smaller and more targeted cybercrimes are attracting smaller dollar losses, and those lesser crimes are flying under the radar.
Businesses that believe they can protect against these unauthorized data incursions are being willfully blind to the magnitude of the risk. Cybersecurity defenses minimize the risk but they provide no compensation when those defenses fail in the face of new cybercrime threats. Cyber security liability insurance is a backstop that reimburses several types of losses that businesses might experience when they become victims of a cybercrime. That insurance can cover several types of losses, including company data breach event management expenses, media and extortion liability, and third party network access denial costs.
Cybercrime attacks put businesses into a reactionary defensive management position that can escalate the costs that a business faces in responding to an attack. A business will incur unanticipated costs related to investigating and managing the event, remediating damage and paying for credit protection for affected customers, as well as regulatory fines and legal and administrative services. Cyber security liability insurance will cover some or most of these costs within the limits of specific policies.
Some newer cybercrime attacks involve shutting down a company’s information network until a ransom demand is paid. Other attacks might deface a company’s website with unflattering or dangerous information. If the risk of these attacks is measurable and amenable to underwriting, a company may be able to procure security liability insurance to protect against the financial losses associated with those risks.
Distributed denial of service (DDoS) attacks are an increasingly common form of cybercrime. DDoS attacks can shut down not only a company’s electronic operations, but as a recent attack demonstrated, one DDoS event can shut down a large portion of a country’s internet access. Cyber security liability insurance can reimburse at least a part of an affected company costs related to thefts of data from its own systems, and any other systems that were affected from an attack that flowed through its systems.
The reality of the modern electronic world is that security threats will never end.As national security and business threats become more synonymous, businesses of all sizes should increase their focus on erecting strong defenses against cybercrimes and limiting their liability to cybercrime financial losses with cyber security liability insurance.