Tag Archives: cyberrisk insurance

Immediate Vault Immediate Access

Cyber Insurance Strategies Explored: RIMS Report

Posted on by

High-profile data breaches have been making headlines recently, and their damage can transcend industries, which is why cybersecurity is often a top priority for risk managers. With many traditional insurance policies no longer responding to or outright excluding cyber events, risk professionals must understand their options to ensure the organization is protected in the event of a data breach.

online pharmacy phenergan with best prices today in the USA

A new report by RIMS, A Guide to Cyber Insurance, provides a roadmap for determining the type of coverage risk managers need in the fast-changing world of privacy, data protection, and cyber risk management. The study serves as a reference for risk professionals who are exploring options to effectively manage cyberrisks that are uncovered or not addressed by the organization’s existing risk management program.

Topics include:

  • The cyber insurance application process
  • Procurement of insurance
  • Management of cyber claims
  • Third-party coverage
  • Litigation strategies, and other pertinent details

“While cyber risk management policies are necessary for every organization, reducing a category of risk to zero is impossible,” the report notes. “Cyber insurance can help cover the gaps between a robust risk management program and any remaining risks.”

The report also features case reviews in the areas of cyber policy coverage litigation, negligence, computer fraud, technology errors and advertising and personal injury coverage. “While the overall decision-making process is much the same as with other litigation decisions, certain factors are more complex in the cyber insurance context compared to other insurance disputes,” the authors note.

The Guide doesn’t only focus on insurance. It also features helpful tips when implementing a strategic risk management program characterized by a cybersecurity framework. Pre-event planning and preparation, penetration testing and response ideas are offered as well.

“Following the purchase of some form of cyber coverage, risk professionals need to be prepared for the worst: a cyber event and any resulting claims,” the report states.

online pharmacy xtandi with best prices today in the USA

“An organization needs to understand both the risk it faces and the coverage options available to ensure that the cyber policies it purchases provide the necessary coverage when it experiences the inevitable data breach or other cyber events.”

A Guide to Cyber Insurance is authored by Bradley Arant Boult Cummings law firm members: Dylan C. Black, A. Kate Margolis, G. Benjamin Milam and Emily M. Ruzic.

The report is currently available to RIMS members.

online pharmacy ventolin with best prices today in the USA

To download the report, visit the RIMS Risk Knowledge library at www.RIMS.org/RiskKnowledge. To learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org.

Beware of Coverage Gaps for Social Engineering Losses

Posted on by

Social engineering is the latest cyberrisk giving companies fits and large financial losses. A social engineering loss is accomplished by tricking an employee of a company into transferring funds to a fraudster. The fraudster sends an email impersonating a vendor, client, or supervisor of the company and advises that banking information for the vendor/client has changed or company funds immediately need to be wired at the “supervisor’s” direction.

buy prelone online blackmenheal.org/wp-content/uploads/2023/10/jpg/prelone.html no prescription pharmacy

The email looks authentic because it has the right logos and company information and only careful study of the email will reveal that the funds are being sent to the fraudster’s account. Unsuspecting and trusting employees unwittingly have cost their companies millions of dollars in connection with social engineering claims.

But when companies look to their traditional insurance program, they are usually met with the unhappy surprise that they do not have coverage for such a loss.

buy ventolin online blackmenheal.org/wp-content/uploads/2023/10/jpg/ventolin.html no prescription pharmacy

Most assume that the loss will be covered by the crime/fidelity policy that nearly all companies have. Insurers, however, have denied coverage for social engineering claims under those policies, claiming that the loss did not result from “direct” fraud. Insurers contend that the crime policy applies only if a hacker penetrates the company’s computer system and illegally takes money out of company coffers. In the case of a social engineering claim, company funds have been released with the knowledge and “consent” of an employee, albeit the employee has been induced by fraud to release the funds. Policyholders and insurers are currently litigating the scope of coverage under traditional crime policies nationally with mixed results.

Some crime policies also contain exclusions that may pose specific barriers to social engineering claims. For example, many traditional crime policies contain a “voluntary parting” exclusion that bars coverage for losses that arise out of anyone acting with authority who voluntarily gives up title to, or possession of, company property. In addition, some insurers have put overly broad exclusions on crime policies that are directed toward eliminating coverage for many cyber risks, including social engineering claims.

Given the prevalence of social engineering claims and the clear market for companies looking to insure against such risks, some insurers have begun to offer an endorsement that provides coverage for social engineering claims.
buy flagyl online https://galenapharm.com/pharmacy/flagyl.html no prescription

The coverage may be subject to a sublimit and may include coverage for some, but not all, social engineering risks. The coverage also might be subject to additional exclusions.

buy robaxin online blackmenheal.org/wp-content/uploads/2023/10/jpg/robaxin.html no prescription pharmacy

Like all insurance policies, the precise words of the endorsement matter and, therefore, should be carefully reviewed.

Finally, and most important of all, social engineering coverage will not automatically be added to a company’s policy and not all insurers will provide such coverage. Therefore, companies should review their current insurance program with their insurance professionals and experienced coverage counsel to determine whether they have appropriate coverage that is in line with the market for social engineering claims.

Check out “6 Tips to Minimize the Risks of Social Engineering Fraud” from Risk Management.

The Evolving Cyberrisk Landscape and the Insurance Industry

Posted on by

Cyberrisk

Rapidly developing computer technologies and the unrelenting evolution of cyberrisks present one of the biggest challenges to the (re)insurance sector today. Liabilities from cyberattacks and threats to the data security of cloud computing and social media have become key emerging risks for carriers. The unprecedented rise in cyberattacks, in addition to the threat cyberrisk poses to global supply chains, has seen the cyberinsurance market grow significantly in recent years.

Client demand for cyber coverage has been growing, on average, 30% annually in the United States over the past several years, according to Marsh. While demand varies by industry, the one constant has been that more clients are investigating and analyzing existing traditional insurance coverage and whether they need standalone cyberrisk insurance coverage.

Because cyberrisk is associated with the use of technology and the handling of all data and information, the threat transcends a company’s information technology (IT) department as well as what is confined to the internet. To help overcome some misconceptions that still exist for cyberrisks, some clarity around business exposures is needed to understand the scope of the threat.

Cyberattacks pose a danger to global supply chains

Cyberrisks are not isolated and are usually connected to other risks. Many companies that are exposed to cyberrisks are, for example, also exposed in turn to risks to their supply chain. Due to technological innovation and advances, many parts of a company’s or industry’s supply chain have become interconnected and automated.

Most commercial entities today are exposed to these risks as a growing number of businesses become more interconnected globally. A single cyberattack has the potential to put an entire company’s supply chain at risk. Therefore, cybersecurity and supply chain risk management must be considered in conjunction with one another.

There are a range of risks when it comes to online/computer security. Cyberattacks can result in first party liability, including business interruption, computer security breaches, privacy breaches of confidential information and even third-party liability losses. Technology failures have begun to outpace adverse weather, fire and social unrest as the major force in disrupting a corporate supply chain, according to a recent Guy Carpenter report.

Everyone is at risk – individuals, companies and governments

In 2014, cyber issues have become more of a concern for companies that once felt they had relatively little exposure. In fact, cyberattacks were ranked fifth among the top five global risks in terms of likelihood in this year’s World Economic Forum’s annual Global Risks 2014 report.

Governments consider cyberattacks to be among the most serious economic and national security challenges now facing them. And through the ubiquitous use of the internet, mobile devices and social media, companies of all sizes and in all nations are now finding themselves at risk of falling prey to the full range of cyber perils. Such attacks can run from hackers shutting down a company’s network, gaining access to customers’ and employees’ personal and financial information, to the theft of business trade secrets.

More data laws and regulations in place

High-profile data breaches and other cybersecurity incidents have become more commonplace with increasingly onerous outcomes. Target, one of the largest retailers in the United States, suffered a massive cyberbreach late last year which involved the theft of approximately 40 million credit and debit card account details as well as personal data of nearly 70 million customers. The breach reportedly occurred when hackers used the retailer’s heating and cooling vendor’s system to navigate their way into the retailer’s records. The resulting publicity cost the company a significant amount in lost sales, loss of reputation, class action lawsuits, and may have contributed to the ouster of the chief executive officer. And most recently, a U.S.-based online auction site announced that hackers accessed the company’s 145 million user accounts and urged customers to change their passwords.

More recently, home improvement chain Home Depot became the victim of another credit card data breach and the FBI is reportedly investigating cyberattacks at some of the largest banks in the United States.

As cyber incidents affect both consumers and institutions, governments everywhere are putting more data privacy laws and regulations in place in regard to disclosure and other related safeguards. In the United States, there are laws that require the protection of both personal financial and health information. Last year, the U.S. Securities and Exchange Commission, which oversees publicly-traded companies, adopted a directive requiring certain regulated financial institutions and creditors to adopt and implement identity theft programs in light of the new cyber threats.

Risk mitigation and insurance

With governments considering and enacting new laws in response to the rising number of cyber events, companies, especially those in the United States, are taking a closer look at cyberrisk mitigation, including insurance coverage of breaches and attacks.

Media reports of serious data breaches have prompted more companies to buy cyber coverage of $100 million or more compared to the prior year, Marsh said in its March 2014 report Benchmarking Trends: Interest in Cyber Insurance Continues to Climb.

Traditional insurance products often do not cover risks that cover damages resulting from an incident like a computer breach.

buy neurontin online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/neurontin.html no prescription pharmacy

As such, specific cyber liability insurance may be necessary.

The very process of applying for cyberrisk insurance is a constructive exercise for raising awareness and identifying potential vulnerabilities.

buy zantac online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/zantac.html no prescription pharmacy

By engaging in that process, a company can perform a review of information security protocols with respect to access control, physical security, incident response and business continuity planning.

buy diflucan online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/diflucan.html no prescription pharmacy

As a result, businesses and other institutions are finding that cyberinsurance products have been broadened to include coverage that now addresses nearly all aspects of technology-based risk faced by today’s companies. Carriers have been adapting their policies to include a variety of loss prevention and risk mitigation tools, ranging from turnkey breach response teams to pre-emptive risk analytics.

As cyberthreats become more severe, more frequent, and continue to change along with technological advances, the (re)insurance industry will continue to stay one step ahead by creating new forms of cyberrisk coverage to meet the needs of their clients.