☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Category Archives: Cyber Liability

Cyber Risks in the Construction Industry

Posted on by

While you may think construction firms are not an attractive target for cyber criminals, the truth is no business is safe from cyber crime.

Regardless of how big or small your construction firm is, chances are you store valuable information—information cyber criminals can use for personal gain. Additionally, hackers are just as interested in proprietary information, and construction firms could lose their competitive advantage with just one data breach.

In order to protect your business and customers, it’s imperative to learn about the common cyber risks in the construction industry.

Loss of Files and Personal Information

In order to make their business more streamlined, almost all construction firms store some type of personal information. Because of this, the files and data they keep on hand is particularly vulnerable and a common target for hackers.

The average contractor stores and transmits sensitive information such as employee records, customer lists, bid data and financial records. Criminals can easily use this information to steal identities and credit card information. They could even ransom these files against a firm, blocking your access and demanding large sums for their release.

In addition, contractors often have login credentials for systems outside of their immediate control. If these contractors are hacked or decide to use their credentials for malicious purposes, your firm could be held liable.

Loss of Proprietary Data

One of the greatest assets a construction firm has is proprietary corporate data. At any given time, your organization could be holding valuable information related to privileged contracts, architectural designs and intellectual property.

In some cases, you could lose this information to cyber criminals without a breach ever occurring. This type of theft can occur through social engineering and phishing schemes, which are strategies criminals use to entice employees into transferring corporate funds or assets.

Infrastructure Exposures

As technology advances, buildings are becoming more connected. Smart technologies allow businesses and homeowners to automate processes that control a variety of systems, including heating, ventilation, air conditioning, lighting and security.

While these new advancements are a major leap forward and provide your clients with opportunities to lower their costs and increase their efficiency, they also create cyber exposures. When hackers gain control of a connected building, they can access things like IP addresses, security codes, automated building processes and camera footage.

In some cases, construction firms that provide smart technologies to their clients may be liable for any damage done by cyber criminals long after work is completed. At the very least, organizations that install products that negatively impact the privacy and security of customers could face serious reputational damage.

Be Proactive in Reducing Your Cyber Risk

In addition to the unique risks listed above, construction firms are subject to the same cyber exposures as the average business. Financial loss, business interruption and third-party liability are very real after-effects of a data breach, and your firm needs to be ready.

The best way to protect your firm from cyber exposures is with cyber liability insurance. These policies can and should be customized to meet your specific needs. Contact your broker today to learn more about cyber risks and what types of protection are available to you.

© Zywave, Inc. All rights reserved

What to Expect When Applying for Cyber Insurance

Posted on by

Every insurance policy starts with an application, and cyber liability insurance is no different. While the underwriting process in long-established insurance lines is streamlined, this is not the case for cyber liability insurance. Currently, application forms for cyber insurance are not standard and can be complex—often consisting of dozens of pages.

For businesses attempting to acquire cyber insurance, the application process itself can be daunting. However, proper cyber liability insurance remains a vital risk-transfer tool for organizations of all sizes. To ensure your organization has the right level of insurance when it needs it most, it is critical to prepare for the application process itself.

What Type of Information is Reviewed?

An underwriter’s job is to assess risk and determine limits and pricing. Insurers depend on the detail contained in an organization’s application, and any vagueness or incorrect information can create issues if and when you file a claim. In order to properly determine your organization’s cyber risks, insurers will review information related to the following:

  • The basics. Insurers will want to know what industry your organization operates in, as well as how much and what types of information your organization stores, processes and transmits. In addition, underwriters will look to see how you manage data security and who is in charge of overseeing cyber-related matters.
  • Information security. When it comes to on-site security, underwriters want to know if you have a formal program in place to test and audit security controls. In addition, underwriters typically look to see if you have basic controls in place, including firewall technology, anti-virus software and intrusion detection software.
  • Breach history. During the application process, underwriters will take a closer look at your breach history. In general, they want to know if the data you house is particularly vulnerable and how effective your data security techniques are.
  • Data backup. Knowing how your organization handles data backup helps insurers better understand your level of data loss risk. Underwriters will want to know if you back up all of your valuable data on a regular basis, if you utilize a redundant network and if you have a disaster recovery plan in place.
  • Company policies and procedures. Communication is important when it comes to reducing your organization’s cyber risk. That’s why, during the underwriting process, insurers want to know what types of cyber security and incident response policies you have in place. In addition, it’s likely you will be asked how you handle password updates, the use of personal devices and revoking network access to former employees.
  • Compliance with legal and industry standards. Failing to comply with cyber-related legislation can be incredibly costly, and insurers will want to know how you handle compliance. Specifically, they will review whether you are compliant with applicable regulatory frameworks, are a member of any outside security or privacy groups, or utilize out-of-date software and hardware.

The more detailed and specific an organization can be during an initial underwriter review, the more likely it is that the organization will receive the proper amount of coverage and good terms.

Tips for Applying

For cyber coverage to be effective, it requires a high level of due diligence on the part of prospective policyholders. To get the most out of your policy, you will want to consider the following best practices when applying for cyber insurance:

  1. Gather accurate data. Before the application process, it’s critical to speak with your information technology (IT) management team and any vendors you utilize in order to collect accurate data. It’s important to quantify the data on your network. Above all, get a solid estimate on how much personally identifiable information you have, including employee data.
  2. Be honest. To complete the application process properly and get the best possible policy, honesty is important. When working with your insurer, be clear about your organizational setup, security protocols and breach history. Not only will this help in securing adequate coverage, but it will also reduce the risk of your policy being voided if carriers find out you were dishonest during the underwriting process.
  3. Don’t wait. Even if your organization hasn’t taken the appropriate steps to reduce its cyber risk, going through the cyber insurance application process can help identify exposures. Your insurer can work with you to get the best coverage possible today, leaving room to negotiate down the line when your data security methods are stronger.
  4. Involve the right people. The application process for cyber insurance can be complicated, and it’s important to have key personnel help you. In order to complete a cyber liability insurance application, an organization may need to work with their risk managers, IT professionals, HR department, financial officers, board of directors, executives, privacy officers, marketing team and legal professionals.
  5. Work with experienced brokers. Because cyber insurance is relatively new, some brokers are more experienced in the underwriting process than others. To get the most out of your policy, work with a carrier who can accurately assess your exposures and offer your organization the best protection. More experienced brokers can even provide details on how similar companies in your industry handle cyber security.

Taking all the above into account will not only prepare you for the cyber insurance underwriting process, but it can also improve data security up front.

Don’t Go in Unprepared

The application process for cyber insurance is both detailed and exhaustive. However, taking the proper steps before the application process for cyber insurance should reduce your data breach risk, making your organization more attractive to insurers and reducing your insurance costs overall.

When applying for cyber insurance, be sure to scrutinize policy terms, premiums and underwriting programs. Doing so can put you in a better position to secure the right coverage. For assistance applying for cyber liability insurance, contact your broker today.

© Zywave, Inc. All rights reserved

What Should Canadians Affected by Equifax Data Breach Do?

Posted on by

Equifax, one of the largest credit reporting agencies in the United States, was recently the victim of a massive cyber attack—an attack that may have compromised the personal information of 143 million people.

Impacted individuals were not simply limited to the United States either, as the hackers gained unauthorized access to personal information of certain Canadian and U.K. residents. Initial reports suggest 209,000 credit card numbers were stolen in the attack, some of which may belong to international customers.

The breach itself occurred between mid-May and July 2017 when cyber criminals gained access to sensitive data by exploiting a weak point in website software. In the United States, sensitive information like Social Security numbers, birthdays, addresses and driver’s licence numbers were compromised.

The recent attack on Equifax is the third major cyber security threat the organization has experienced since 2015 and one of the largest risks to personally sensitive information in recent years. The attack is so severe, in fact, it’s likely that anyone with a credit report was affected.

If you are concerned that you may have been impacted by the breach, Equifax has set up a website to help individuals determine if any of their personal information may have been stolen.

It should be noted that it may not be obvious that you are a customer of Equifax, as the company gets its data from credit card companies, banks and lenders that report on credit activity. As such, it’s important to follow the appropriate steps and check to see if your information was compromised.

Additionally, you should review your online bank and credit card statements on a weekly basis. This will help you monitor any suspicious activity.

Equifax will work with regulators in Canada and the United Kingdom to determine appropriate next steps.

© Zywave, Inc. All rights reserved

3 Business Lessons from the HBO Hack

Posted on by

HBO, an American premium cable and satellite television network, was the victim of a data breach. On July 31, 2017, HBO revealed that a group of hackers had stolen 1.5 terabytes of data from the network. Following the breach, the cyber criminals were systematically leaking spoilers and unaired episodes of “Game of Thrones,” one of HBO’s flagship shows.

This hack demonstrates that intellectual property can be just as valuable to cyber criminals as personal identifiable information. To avoid falling victim to a similar cyber attack, organizations should keep in mind the following business lessons learned from the HBO hack:

  1. Having a communications plan in place is critical. Following the breach, HBO was quick to ease the concerns of stakeholders, assuring the public that no internal emails had been stolen. However, this turned out not to be the case, and HBO publicized misinformation. This can be damaging to a brand, as balancing transparency and authenticity following a cyber event is crucial. Having a formal communications strategy can help organizations map out what information is shared to the public and at what time.
  2. Cyber attacks can be damaging to an organization’s reputation. Even if the financial impact of the HBO breach ends up being minimal, the reputational damage has been done. The breach jeopardizes HBO’s image and undermines customer loyalty and trust that took years to build up.
  3. To protect your business from a cyber attack, you need to understand your vulnerabilities. It’s been reported that the HBO hackers used multiple points of entry to get into the company’s system and steal data. Organizations should understand their vulnerabilities to protect against attacks. Entry points can differ depending on the business, but often include employees connecting to networks, online printers and employees using a virtual private network while working remotely.

While you can never predict when a data breach will occur, keeping in mind the lessons above will ensure that your organization is adequately prepared.

© Zywave, Inc. All rights reserved

Manufacturing is a Top Target for Cyber Criminals

Posted on by

Cyber security is a top-of-mind risk for organizations of all sizes and across all industries. This is especially true for manufacturers, as it is an industry norm for organizations to quickly adopt new, more efficient technologies—technologies that are often a target of cyber criminals.

In fact, according to the Insurance Institute of Canada, manufacturing is one of the top industries targeted by cyber criminals. While specific cyber exposures for manufacturers vary, they typically relate to the categories outlined in this article.

Data and Intellectual Property Loss

Almost every business stores sensitive information. For manufacturers, this typically includes personally identifiable information of employees and customers. Items like names, addresses and credit card information are all at risk in the event of a data breach.

A data breach can occur as the result of a number of incidents, including hacking, the loss of a laptop and unauthorized employee access. Data breaches can be incredibly costly for manufacturers, and expenses related to forensics, notification costs, public relations, crisis management, and fines and penalties can add up quickly.

What’s more, the theft of intellectual property (IP) is a top concern among manufacturers. If IP is stolen during a data breach, organizations risk losing their competitive advantage. IP is often a manufacturer’s most valuable asset—an asset that needs constant protection.

Further complicating matters for manufacturers is that systems are becoming increasingly connected, and sophisticated spear phishing attacks, mobile device challenges and state-sponsored attacks have each elevated the risk of IP theft.

Employee Negligence

One of the most important aspects of any manufacturing operation is its people. However, due to constantly advancing technology and the frequency at which employees are permitted to bring their own devices to work, manufacturers are increasingly exposed to new and disruptive cyber threats.

Four of the top 10 cyber threats facing organizations can occur as the result of employee negligence. Phishing scams, the abuse of IT systems, errors and omissions, and the unsecure use of mobile devices can all occur if employees are improperly trained or wish to do an organization harm.

Industrial Control Systems and Connected Devices

​Industrial control systems are command network and system devices designed to monitor and control industrial processes. These systems are designed to promote efficiency and are often connected to the internet. While this connectivity is essential in modern manufacturing operations, it has created a new exposure for businesses to consider.

This type of exposure was demonstrated in late 2014, when hackers were able to take over the control systems at a German steel mill through the use of phishing emails. The hackers were then able to disrupt the control system to such a degree that a blast furnace could not be properly shut down, which, in turn, lead to an explosion and massive physical damage to the plant. This incident illustrates just how complex cyber exposures can be for manufacturers.

Additional Risks

In addition to the risks above, there are a number of cyber threats in the manufacturing industry that can negatively impact an organization’s bottom line without warning. The following are some risks to be aware of:

  1. Third-party damages. When connecting with customers and vendors online, third-party damages can occur. Third-party damages can take various forms, but often occur when a virus is transmitted to another company or customer. When this happens, your organization could be held liable for any damages.
  2. Business interruptions. Manufacturing businesses often require the use of computer systems, and a disaster can halt your ability to transmit data and lead to lost revenue. Time and resources that normally would have gone elsewhere will need to be directed toward the problem, which could result in further losses. This is especially important as denial-of-service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organization’s server.
  3. Cyber extortion. Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. Because a variety of manufacturing projects are time sensitive, delays of any kind can wreak havoc on an organization’s bottom line.

Protecting Yourself with the Right Coverage

To protect your business, cyber liability insurance should be used as part of your overall risk management strategy so you can address a cyber breach quickly and reduce possible damages. The following are possible exposures that may be covered by a typical cyber liability policy:

  • Data breaches
  • Intellectual property rights
  • Damages to a third-party system
  • System failure
  • Cyber extortion
  • Business interruption

Cyber liability insurance is specifically designed to address the risks that come with using modern technology—risks that other types of business liability coverage simply won’t cover.

The level of coverage your business needs is based on your individual operations and your range of exposure. It is important to work with a broker who can identify your areas of risk so a policy can be tailored to fit your situation.

© Zywave, Inc. All rights reserved

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN