☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Archives

Cyber Tips on Backup Policies

Posted on by

Questions about a businesses network backups are common. But what does a good backup policy include and why can it make or break a businesses capability to bounce back from a cyber incident?

Data is the most valuable part of a computer system and may be irreplaceable if lost to a ransomware attack or a hardware failure, or if it becomes corrupted. The following tips will assist you planning and preparing a backup policy for an incident in case the worst happens.

What is a backup policy?
A backup policy is a well-thought-out plan to mitigate against data loss that could happen due to a ransomware attack, hardware failure, data corruption, or some other detrimental event. If implemented well, it can help an organization to return to business as usual more quickly and easily.

The complexity of the backup policy will depend on the size of the organization, the number of applications and databases it uses, and the quantity of data that requires backing up. It will also depend on company policy and regulatory obligations applicable to the organization.

How do I implement backup policy best practice?

  • Identify your most critical data and plan accordingly
    By identifying the most critical data to your business, resources can be allocated to ensure that this data is protected and prioritized. Backups can be tailored to that particular data accordingly.
  • Take frequent backups
    If you have mission-critical data, then attention should be paid to the frequency of the backups that are taken.
  • Use the 3-2-1 approach to backups
    Create three copies of your data in addition to the original file, using two different backup media types stored locally and one copy stored remotely offsite.  Backups should be isolated or air-gapped from the network when not actively backing up data. Backup media should never be permanently connected physically or over the network.
  • Practice versioning data
    Backups should contain old versions of your data, not just current versions of files backed up most recently. This is important in case of file corruption or ransomware that may be lurking in current data backups.
  • Periodically test the integrity of your backups
    Data should be checked regularly to ensure that it is accessible and readable.

Why are backups so crucial and what happens if they fail?
We recommend this level of diligence because backed up data can be recovered from if you suffer a cyber incident. This reduces the business downtime, the need to pay a ransom and the time it takes to get back up and running.

But even with the best intentions, back-ups can sometimes fail. Whether they’re not pulling the right data, at the right intervals or at all, there are cases where recovering from backups does fail. This is when having a cyber insurance policy that offers data recreation is key – covering the costs to recreate any data lost in a cyber incident if your backups fail.

Other tips to build into your your backup policy

  • Data should be encrypted when backed up – this will help prevent unauthorized access.
  • Consider making your backups unchangeable, so they cannot be altered by you or the bad actors.
  • Consider using remote storage. Cloud based storage can be a cost-effective option if managed correctly.
  • Automate backups where possible. This will make the practice of backing up your data a part of everyday business.
  • Consider the retention period for your backups. This is especially important if you are using cloud services to back up your data. Cloud data storage costs can mount up so determine a sensible length of time for storage in your backup policy, considering legal and regulatory obligations.
  • Consider your data retention policy. Do you actually need all the data that you are storing and backing up? Often data is stored unnecessarily adding an unnecessary cost and has additional security burdens if exposed.

Source: www.cfc.com

Unlimited Reinstatements under Cyber Coverage

Posted on by

With cyber attacks rising in number, how can businesses protect themselves against the risk of suffering multiple incidents in a single policy period? Discover the value of a new limit for every unrelated claim.

Today’s stark reality is that cyber attacks are growing in both number and impact, increasing the risk of businesses falling victim to multiple attacks in a single year. In this environment, only having access to a single aggregate limit can leave businesses exposed, with a single incident entirely capable of using the full policy limit. To give businesses reliable protection and peace of mind, they need cover for multiple events in the same policy period.

Many cyber insurance policies fall short in this way but at CFC they built unlimited reinstatements into the core of their insurance product. If a first cyber event wipes out the original policy limit, to ensure a second cyber event is covered they reinstate the limit—helping businesses remain resilient to whatever’s round the corner.

What are unlimited reinstatements?
The majority of cyber insurance providers work with an aggregate limit. Each claim erodes this limit, until the point where no money is left to protect the business—despite them still being a policyholder. If cyber attacks were simple and inexpensive to manage, this wouldn’t be so much of an issue. However, this is far from the case. Increasingly disruptive attack techniques mean that often a single event can max out a policy limit, especially when you take into account the cost of forensics, business interruption loss, remediation costs legal expenses and so on.

It’s easy to see how this can be a significant benefit. Say one month a ransomware attack hits, taking up the full $1 million limit agreed in the policy—no exaggeration considering the average length of downtime after a ransomware attack is 24 days. When three months later the business is disrupted by a second, unrelated fund transfer fraud incident, the policyholder is given a fresh $1 million limit to cover the costs of this new attack.

Business benefits: Multiple limits for the price of one
With a CFC cyber policy, if an initial cyber claim exhausts the full policy limit and the business then needs to make a second, unrelated claim, they’ll receive a new reinstated limit,  allowing for multiple limits, at the cost single premium payment. Not only does this represent better value for money, but it offers vital, long-term protection throughout the lifespan of the policy. Ensuring the business can operate with peace of mind, even after suffering a cyber attack, knowing that their cyber policy will respond to its full capacity if another, unrelated cyber attack hits.

Unlimited reinstatements in action
A manufacturing firm suffered two cyber incidents in as many months, starting with a ransomware attack. The threat actor exploited a VPN vulnerability, deploying ransomware and leaving an extortion note demanding $750,000. After the firm notified CFC, their in-house cyber claims and cyber security team determined the ransom did not need to be paid, and instead helped rebuild impacted systems. In total, the financial losses—including loss of income from downtime, forensic investigation and legal counsel—came to just over $1 million. Luckily the entire cost was covered by the firm’s policy with CFC.

Unfortunately, the firm then fell victim to funds transfer fraud. Acting on a fraudulent email, an employee directed a significant payment to an account owned by the cybercriminal, leaving the firm out of pocket. Since CFC’s cyber policy provided unlimited reinstatements, the firm still had access to the full policy limit, ensuring they were fully reimbursed.

Market-leading cyber cover
With cyber incidents posing a constant threat, unlimited reinstatements for unconnected claims in the policy period is a vital tool for businesses everywhere.

At CFC they also don’t impose any warranties or conditions specifying security controls or callback provisions for businesses at the time of an incident. This allows them to focus on what matters, getting a business back online.

To see unlimited reinstatements in action, check out this full case study.

Source: www.cfc.com

Cyber Lessons from the Ashley Madison Affair

Posted on by

A new Netflix series has revived one of the most controversial cyber attacks in history, serving as a stark reminder of the data privacy issues faced by consumer technology companies—the Ashley Madison data breach.

It’s hard to convince people to hand over their personal data without assurances it will be kept safe; something the founders of infamous dating website Ashely Madison were well aware of.

A website for infidelity and married dating, Ashley Madison promised anonymity and privacy for its millions of users, billing itself as ‘100% discreet’. To access its services users handed over personal information including their names and email addresses, their privacy concerns no doubt eased by the dating website’s message of discretion and security. Except in the world of cyber, every business is at risk—particularly those that hold extremely sensitive, personal information.

In 2015 the worst happened; hackers under the name Impact Team infiltrated Ashley Madison’s systems and threatened to release details of its entire user base to the public. In what can be described as a moral attack, Impact Team demanded the owners of Ashley Madison and its companion site to take both websites offline. The owners refused to comply, and the hackers made good on their threat by publishing the stolen data online.

Navigating the fallout: An alarm call for all tech companies
Almost a decade on, the impact of this data breach is more relevant than ever. As portrayed in the popular Netflix docuseries, the hack disrupted the lives of many of its victims, leading to resignations, divorces and, tragically, suicides.

While names and email addresses are not typically classified as highly sensitive, the nature of the website in question placed greater weight behind the need for privacy. Even users who took precautionary measures when signing up to Ashley Madison, such as using fake names and phone numbers, found themselves exposed as Impact Team published credit card details—with other users able to be identified through data such as their height, weight or personal preferences on the site.

It didn’t take long for cybercriminals belonging to other threat groups to take advantage. Sextortion refers to a highly personalized extortion scam, where the threat actor emails individuals their data from a data breach and claims to possess personal videos or photos which they will distribute unless a ransom is paid. The Ashley Madison breach was the perfect breeding ground for this type of attack, with many of its victims being targeted even 5 years after the breach—not only resulting in the stress of managing a ransom demand, but resurfacing the scandal as a whole.

This entire episode raises critical questions for all types of business—not least tech companies storing user data. Do you manage, store and use data? Are you following the privacy laws? Can you do more to keep data safe?

Cyber security: Why it should be top of the agenda
Unfortunately where user data is concerned it’s easy to run into trouble. Earlier this year company review site Glassdoor was found to have attached real names to profiles without the user’s consent. Again, names are not considered sensitive data. But the context of the website makes this data more sensitive, as users may fear retaliation from an employer should they be identified. While Glassdoor claimed that users can choose to remain anonymous, since the website now requires and stores the names of all users, a data breach could see them being linked to their reviews.

This data risk is everywhere. Grindr, a dating website for the gay, bi, trans and queer community, allows the option for users to share their HIV status with other users. While this is a fundamental step in creating a safe community, it’s not information the that user would necessarily share beyond that context. Grindr are currently facing litigation from hundreds of users alleging the company shared their private information, including their HIV status, with third parties without consent.

Like Ashley Madison, all platform and tech providers that hold personal or sensitive information on clients come with significant cyber risk. These companies need to be incredibly mindful of how they collect, store and use information, following data privacy laws and giving customers confidence that data privacy is a priority.

Mitigating cyber risk: Steps for today’s tech companies
Who can say how many companies that store data know how to protect that data. What’s certain is that cybercriminals are becoming increasingly cunning in their tactics, able to steal vast volumes of data at rapid speed and at big consequences. Ashley Madison faced no financial ransom given the moral motive, yet the majority of data breaches do culminate in a hefty demand. This alone can be a huge burden for any business working alone to bear, and when you consider the additional costs that come with a cyber incident—remediation and recovery, restoring data, legal fees, reputational harm, business interruption and so on—it’s no surprise that for some businesses there’s no coming back.

Data breaches are of course just one type of cyber incident. High-profile cases like the Ashley Madison hack demonstrate this risk, however it’s vital that businesses understand the full picture of cyber risk—with ransomware, social engineering and theft of funds attacks growing in frequency and severity—and take steps to protect themselves and their customers.

That’s why comprehensive cyber cover is a vital part of risk management for all technology companies. If you’re responsible for large amounts of data, including third-party data, cyber insurance can offer robust network and privacy liability protection, also providing cover for a wide variety of cybercrime events. More than that, the best policies also come with cyber security and incident response services that can stop cyber incidents from happening in the first place.

Source: www.cfcunderwriting.com

Why Demand is on the Rise for IP Insurance

Posted on by

Intellectual property (IP) assets are now a cornerstone of the business world, making IP insurance more important than ever before. From the current state of the IP market to how IP insurance as a product is evolving, here are five top reasons behind the surge in demand.

The value of intangible assets increased by 8% in 2023 to $61.9 trillion, as inventors and creators worldwide seek exclusive rights to reap the benefits of their works. But there are two sides to this story. While intellectual property (IP) is playing an increasing role in the business world, businesses are becoming more vulnerable to new and evolving risks.

Step forwards IP insurance. Now seen as a vital part of risk management, many are turning to IP insurance for the protection—and confidence—to navigate this ever-changing landscape. Read on for five top reasons why the time is now for IP insurance.

  1. IP assets are vital to modern businessBe it patents, trademarks, copyrights or trade secrets, IP is now a significant asset for many businesses. Start-ups and SMEs in particular use IP as a foothold to gain market share and stave off competition, leading to heavy investment in both developing and protecting IP assets.

    As the value of these assets continues to grow, so do the risks. From infringement claims to challenges of ownership, businesses need confidence that their ideas will be protected effectively and fairly. Just as you wouldn’t leave physical assets with high value uninsured, intangible assets need protection too.

  2. IP disputes are everywhereMarkets are becoming more competitive and global, driving the number of IP disputes. Today, businesses can face all sorts of challenges from patent trolls and aggressive competitors to complex legal landscapes, raising the possibility of litigation action—both for businesses defending their IP and those facing an infringement claim.

    IP insurance provides a financial safety net in the event of a dispute. By covering legal expenses and potential damages, businesses can help mitigate the risks of costly litigation, empowering them to operate with confidence.

  3. Awareness for IP risks is growingConsidering IP’s growing role as a business asset and the IP disputes making headlines, it’s no surprise businesses and investors are becoming more aware of the risks associated with IP—including the financial implications of infringement claims and lawsuits.

    Nobody wants to think about making or facing a claim. But businesses simply can’t afford to leave their IP unprotected. This need is driving demand for insurance products that specifically address risks and provide protection against unforeseen legal expenses.

  4. IP markets are expandingIn this globalized world of multinational corporations, there’s a growing need to manage and protect IP assets in multiple jurisdictions, each potentially with its own set of rules and ways of doing things.

    This creates a more complex and costly endeavor compared to portfolios relating to a single legal system, raising the need for specialist support. As such, demand is growing for insurance products that cover different regions and legal systems.

  5. Insurance is evolving to keep paceThe IP landscape is changing fast, surfacing new risks for businesses everywhere. It’s vital that IP insurance matches this pace of change, by evolving to offer the broader cover that businesses need.

    CFC has designed a comprehensive IP insurance product that covers defense (incoming claims) and pursuit (outgoing claims). It features IP right protection coverages including invalidation, opposition and title rights, and ensures businesses have full protection right to the end by covering loss of IP rights and loss of future profits.

There’s never been a better time for IP insurance

The rise of IP insurance is not down to one factor alone. It’s more a response to converging trends, designed ultimately to empower businesses to protect their intangible assets the same way they do their physical ones. Only with comprehensive protection from a proactive insurance provider can businesses get the peace of mind to continue investing in IP creation, to not just survive but thrive in this ever-changing world.

Source: www.cfcunderwriting.com

Debunking Management Liability Insurance Myths

Posted on by

Management liability insurance is built to benefit all businesses, yet common myths can make them turn a blind eye. Here are the top five myths, debunked by CFC experts.

“I don’t need management liability insurance because…”

Every time we come across this statement, we find it’s more the result of misinformation around management liability (ML) insurance as a product, rather than a genuine lack of need.

That’s because ML is designed to close a key protection gap for today’s modern businesses: protecting the management of the company, employees and sometimes the entity itself from any allegation for potential wrongdoing which needs to be investigated or defended. As a modular insurance product, it covers directors and officers liability (D&O) including full entity cover, employment practices liability (EPL), fiduciary liability and crime, and also includes CFC’s innovative new executive coverages tailored specifically for senior executive officers including executive reputation protection, executive cyber and executive kidnap and ransom.

To help you convey the full value of ML, CFC asked their experts to state their top myths and reveal how you can respond to them effectively.

1. ‘We’re not big enough…’
Company size is no indication of whether a business will experience an ML claim or not. All it takes is for an allegation of wrongdoing to be made against any director or officer in the course of their management duties, which may need to be investigated or defended—even if the case doesn’t reach court.

Investigating and defending allegation can not only be costly, but the director or officer in question may need to foot the bill themselves if the company is unable or unwilling to assist, or if D&O cover is not in place to protect them.

2. ‘We outsource our HR…’
Some companies choose to outsource their HR departments to a third party, at a lower cost than building a department in house. However, while the third party can establish policies, support recruitment, help with employee relations and so on, it cannot absolve the company from liability for employment-related issues.

In fact, as the third party is not fully immersed in the company’s culture, they are unlikely to recognize issues as they develop. And when the problem is eventually found, it may be too late to resolve. Here, EPL insurance is key in giving support in what could amount to very significant defense and potential settlement costs.

3. ‘We’re a family-run business…’
It’s tempting to think that as a family-run business, there is little chance of any allegations of wrongdoing being made against anyone. However, CFC’s claims data shows this is not the case. In fact, some of their most contentious claims stem from family-run businesses, be it a husband and wife-led business or one that has been passed down through the generations.

It’s possible for family members to pull in different directions, and since the claims that result are often emotive, they can take more time than usual to resolve—and as a result, cost more money. Therefore it’s vital to get the right cover in place, giving the business confidence of financial stability if this type of event does arise.

4. ‘We’re a private company…’
A common belief is that if a business is private, then its liability is limited. However, this applies more to shareholders, who are protected to the extent of their investments, than directors and officers whose liability remains unlimited.

If the company is experiencing an allegation of wrongdoing, does not have D&O insurance in place, and is unable or unwilling to protect them, the directors and officers will have no choice but to support their own defense.

5. ‘It’s too expensive…’
The majority of small to mid-market companies do not require a bespoke product. ML insurance can be fairly standardized, therefore coming at an inexpensive price.

If a company is publicly traded operating in multiple territories, then it stands to reason that its D&O requirements will be more bespoke, influencing the price of the product the company needs. Using the CFC Connect platform, you can now get a bindable ML quote with just a website, revenues and headcount.

Getting started with management liability insurance
Today’s directors and officers are under more scrutiny than ever, as the companies they work for face an increasingly complex landscape of risk. Taking out ML insurance is the best way of transferring away risk, empowering individuals and entities to focus on what matters: their business.

Source: www.cfcunderwriting.com

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN