What Happens when a Cyber Threat Hits your Business but your Policy doesn’t Cover it?
Businesses face a multitude of cyber threats in this complex time, from defective wire transfers to social engineering, malware attacks to system compromises. Yet keeping up with the new risks means that your security posture and cyber policy still need to be up to date.
If your strategy is not compatible with cyber developments, you will not be protected by common scenarios. Social engineering is one example of how scammers are attempting to trick your workers into giving up username, income, or other properties .Social engineering claims denials are growing and few companies offer coverage for social engineering attacks.
Based on the work with technology / communications businesses, our experience has shown us that wording issues and gaps in coverage often exist, which could seriously impact the company balance sheet:
- Cyber Risk – cover for business’ own first party risks for denial of service attacks, viruses and hacking in addition to third party exposures is often an exclusion, or offers low limits of protection.
- Professional Risk – cover for third party losses arising from your own negligent errors and omissions, including data breaches and losses of third party data, is a key coverage but can contain onerous cover carve-outs that may mean you are not covered to the full extent.
- Contract Employee Risk – we can help ensure that you are covering everyone you should be, both in terms of exposures to them and via them to your clients.
- Cyber Crime – including deception losses as a result of social engineering, where fraudsters use emails and invoicing systems to impersonate someone known to the business to obtain funds.
Examining real-life cyber incidents with and without the right coverages
A tech company was hit by a ransomware attack. Their backup was months old and incomplete. Their internal IT support was minimal and their cyber policy hadn’t been reviewed in years. With few options available, they decided to pay the ransom. Even with the decryption key, restoring their data was an arduous task. they couldn’t deal with clients for two weeks as they rebuilt their systems. The out-of-pocket expenses totaled nearly £70,000 and the companies reputation sank as clients lost trust in their ability to safeguard their information.
Alternatively, a tech company with an up-to-date ransomware policy also suffered a ransomware attack. They had an experienced IT vendor maintaining their systems and ensuring their backups were reliable. With a secure copy of their data in hand and the know-how to bring their systems back online, this company restored its information, lost less than half a day of work and incurred expenses under £2,000.
The lack of adequate coverage can put your business in a terrible bind, financially and operationally. In this era of change and uncertainty, you need to know you’re well protected—across your systems and within your cyber policy. Now is the time to review your situation and be sure you’re prepared for the latest cyber threats.