Cybersecurity Awareness Month - October 2023
October is Cybersecurity Awareness Month, and here at Sentinel we are committed to Safeguarding Your Success in an ever-changing cyber market. Cyber has been paramount in most risk and insurance discussions for the past several years. With claims activity and complexity still rising, many suggest it is not IF you suffer a breach but WHEN.
Every firm has cyber exposure, no matter the industry or size of the operation. Currently, small to medium enterprises are the target of 98% of cyberattacks. The genesis of Cybersecurity Awareness month is to emphasize the importance of Cybersecurity and offer further education to stay safe online.
Steps To Increase Your Cybersecurity
Start with these simple steps to increase your Cybersecurity:
- Use Strong Passwords
Gone are the days of using Password123 for all programs. Strong passwords should be long, random, unique, and include all four-character types (uppercase, lowercase, numbers, and symbols). Consider implementing a password manager to help create strong passwords for each account.
- Use Multi-Factor Authentication (MFA)
Enabling MFA may make you less likely to get hacked. Be sure to enable it on every account that offers it; especially email, social media, and anything financial related. According to Travelers Insurance Company, 99.9% of cyberattacks would be avoided through consistent use of MFA.
- Be Aware of Phishing
Be cautious around messages asking for personal information. Do not share sensitive information with any unknown source. Report all phishing attempts and delete messages accordingly.
- Keep Software Updated
Ensuring your software is up-to-date means you have the latest security patches and updates on your device. Make it a habit to regularly check for updates and allow automatic updating when available.
- Obtain Cyber Liability Coverage
It is important to build strong cybersecurity protocols and invest in a robust Cyber Liability policy to protect your firm. Not all cyber policies are created equally. Coverage terms and premiums vary widely from carrier to carrier. It is crucial to understand the policy language and how to engage your coverage when a claim occurs.
Claim Frequency and Severity
While 2023 has seen a decrease in premium rates on average of -10% to +5% across the board, claim frequency and severity are back on the rise in the first half of this year. Carriers are reporting higher claim incidents and higher claim payouts in many cases. The main drivers of these claims are Ransomware and Funds Transfer Fraud (FTF).
According to reports by Coalition, Ransomware has been the biggest driver in claims frequency with a 27% increase over the past six months. Ransomware is a type of malware that prevents you from accessing your own devices or data stored unless a ransom is paid to release the encryption. Most ransomware payments are done through cryptocurrency to ensure anonymity.
Not only is ransomware activity dramatically rising, but average ransom demands have also increased drastically (74% year over year) to $1.62 million. This has consequently led to a record-high average loss of $365,000, an 117% increase year over year. These figures are representative of businesses with revenues of less than $25 million to over $100 million. Like all areas of cyber hacking, ransomware demands span many at-risk industry classes, manufacturing, public entities, healthcare, law firms, and more. Regardless of your firm’s size or industry, your business is at risk.
Funds Transfer Fraud also remains a steady and prominent driver of cyber risk for businesses. FTF is defined as a ploy in which hackers redirect funds from an account before or during a money transfer such that the hackers receive payment instead of the intended recipient. FTF claim severity increased 39% in the first half of 2023, equating to an average loss of $297,000.
As threat actors grow more and more sophisticated, it is widely believed that FTF will continue to increase in both frequency and severity. In fact, hackers often remain in business email accounts for months before intercepting or redirecting large payments. This means it is increasingly difficult for businesses to recognize abnormal activity in their systems and take steps to protect them.
Critical Controls To Implement
- Maintain Offline Backups of Critical Business Data
Backups allow you to restore data and avoid paying a large demand in the event of a ransomware attack.
- Endpoint Detection
Endpoint Detection and Response (EDR) is an endpoint security solution that monitors end user devices continuously to detect and respond to cyber threats including malware and ransomware.
- Cybersecurity Awareness and Phishing Training
Stanford University states that approximately 88% of all data breaches are caused by an employee error. Businesses with well trained and informed employees are less likely to be the victims of a cyberattack.
- Controlling Assets, Privileges, and Configurations
Tracking hardware devices and software applications that reside on the network with restricted privileges to a limited number of appropriate personnel with proper browser protections, configurations, and defenses is key
Safeguarding Your Success
Sentinel is your partner for Cybersecurity with a dedicated team of cyber specialists available. Not only will we help you identify security risks, understand coverage, and educate your employees; but we will also provide you access to a wealth of Information Technology security resources and vendors to strengthen your overall cyber position. Furthermore, in the event of a breach, our team of claims professionals will stand with you until the cyber incident is resolved.
No organization is immune to cyberattacks and no budgeted dollar amount is large enough to ever insulate a company fully from experiencing unauthorized access, ransomware, or social engineering threats. Integrating risk mitigation techniques with an internal playbook and practicing incident response scenarios will put any organization in the best possible position for dealing with a security incident when the time occurs. Contact us today to learn more!
