In today’s digital landscape, organizations complete all of their activities electronically. As such, the majority of their assets are in the data they collect. There have been several high-profile personal information breaches that have compromised tens of millions of records. These scenarios cost the affected companies millions of dollars. Any business that uses the internet is vulnerable to increasingly complex cyber threats. “Cybercriminals” can access information about you or your clients. From desktop computers, mobile devices, and cloud computing, there is no shortage of assets you need to protect. Since no system is 100% infallible, we explain what cybercrime is, who is vulnerable, and outline the most common types of cyber attacks when it comes to your business and cybercrime.
What is cybercrime?
Cybercrime is any criminal activity that involves a computer, networked device or a network. While most cybercrime is carried out in order to generate profit for cybercriminals, some cybercrime is carried out against computers or devices directly to damage or disable them. These cyber risks, also called ‘cyber threats’, are information security risks that can take many forms. The types of data that can be compromised or stolen include:
- Credit/debit account numbers
- Driver’s licence information
- Social insurance numbers
- Email addresses
- Medical and healthcare information
- Other sensitive personal information (e.g. passport numbers)
- Information about employees
Who is vulnerable to a cyber attack?
According to research compiled by SGI Canada, 54% of companies have experienced one or more cyber attacks that have compromised their computer systems and data. Furthermore, the global pandemic has created even more online vulnerability for companies. You may think that when it comes to your business and cybercrime that only big businesses are targets, but nothing can be further from the truth. Any organization that has an online presence is vulnerable to a cyber attack. This may include collecting customer information online, fundraising, or a corporate website that does not fully secure connection. Even your company’s social media or email can make you vulnerable to hackers.
Sectors hit by cybercrime include:
- Banking/credit/financial institutions
- Government/state-owned entities
- Educational institutions
Types of cyber risks
In terms of your business and cybercrime, computer systems can be threatened by one (or both) of the following situations:
1. Data breach
A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion. Data breaches can occur in any size organization, from small businesses to major corporations. A data breach can cost you your reputation and the trust of your customers.
2. Cyber attack
An attempt to damage electronic data and computer systems by:
- Disabling, disrupting, destroying or controlling computer systems
- Altering, blocking, deleting, manipulating or stealing the data held within these systems
People who carry out cyber attacks are generally regarded as cybercriminals. Often referred to as ‘bad actors, threat actors and hackers’, they include individuals who act alone, drawing on their computer skills to design and execute malicious attacks. They can also belong to a criminal syndicate, working with other threat actors to find weaknesses or vulnerabilities in computer systems that they can exploit for criminal gain. The threat is real and it’s serious. You can end up paying thousands of dollars to recover from situations like these.
What does a cyber attack look like?
Cybersecurity threats come in many forms:
- 94% of malware is delivered by email
- Attackers utilize malware that encrypts files, making them inaccessible
- There is then a deadline for payment or securities in order to release the encrypted data
- They locked you out in the first place, so they will likely still sell your data after receiving ransom
- These are becoming a very common and targeted threat
- Select users are targeted with a very realistic, but fake, email that contains malicious links or attachments
- These types of attacks rely largely on human behaviour to respond to the request for urgent action
- Smaller organizations (1–250 employees) have the highest targeted malicious email rate at one in 323
- 47% of employees cited distraction as the reason for falling for a phishing scam while working from home
3. Distributed denial of services (DDoS)
- These attacks utilize bots, as well as servers, to overwhelm your website, systems, and servers with fake traffic aimed at crashing your web servers and making your website inaccessible
- By 2023, the total number of DDoS attacks worldwide will be 15.4 million
- 30% of data breaches involve internal actors
4. Internet of Things (IoT)
- So many of our devices are connected to our networks
- It is a difficult task to track all the devices accessing your network and ensure that software is up-to-date
- Hackers will breach unpatched vulnerabilities and take complete control
- Thermostats and security cameras are two easy tools used to breach security
5. Business Interruption and additional expenses
- When your business and cybercrime collide, Business Interruption is income your business will lose and the costs it incurs due to an interruption in services
How does cyber insurance work?
Speciality insurance coverage for cyber risks is relatively new and continually evolving. However, the threats to organizations and the possibility of legal action against them is a reality that business owners should always consider.
Cyber Liability Insurance
The loss, compromise or theft of your electronic data can have a negative impact on your business, including the loss of customers and revenue. Your business may be liable for damages stemming from the theft of third-party data. Cyber liability coverage is important when it comes to protecting your business against the risk of cyber events.
How does cyber insurance work?
Since small businesses are a big target for cyber criminals, a priority for you would be getting adequate cyber liability insurance coverage in order to protect your business. Here are a few of the coverage options your policy should include:
- First and third party coverage: Make sure your cyber liability insurance coverage includes first and third party coverage. First party coverage will help you restore your company’s operation and the loss of your income during downtime. Furthermore, third party coverage helps to provide assistance for legal fees, damages and expenses to notify individuals.
- Worldwide coverage: When it comes to your business and cybercrime, with customers outside of North America, it is important that you have worldwide coverage. Since cyber attacks can occur outside of your home location, worldwide coverage provides protection anywhere in the world.
- Business Interruption coverage: If your business experiences a cyber attack, it can take several hours, days or weeks before your business is up running. Business Interruption coverage can provide financial assistance while your business is recovering from the incident.
Cyber insurance can also help with:
- Funds transfer fraud: One of the common types of cyber attacks is when cyber thieves get access to the login information of your third-party services. They often target your banking information and/or access to other merchant services. If you have an e-commerce business and you complete a lot of online transactions, funds transfer fraud provides coverage if cyber thieves get access to your financial information and fraudulently take money out of your account.
- 24/7 expert assistance: A cyber attack can happen at any time, and most small businesses don’t have access to a full-time IT person. Therefore, your cyber policy should include 24/7 access to an IT professional. This will help you resolve cyber attack-related problems to get your business up and running as soon as possible.
Cyber insurance policies are sold by many of the same suppliers that provide related business insurance, such as E&O insurance, Business Liability insurance and Commercial Property insurance. Most policies include first-party coverage, which applies to losses that directly impact a company, and third-party coverage, which applies to losses suffered by others from a cyber event or incident, based on their business relationship with that company. Cyber insurance helps cover the financial losses that result from cyber events and incidents.
A good first step is to create a cyber risk profile for your company, and to create a list of expenses you want to have covered in the event of an incident. Then, you can determine an estimate for third-party costs. Call us or request a quote online. We’ll be happy to help with your insurance needs when it comes to your business and cybercrime.