Cyber Bytes is S.H Smith & Company's Cyber, Security & Privacy blog – written by the experts you trust.
Our IT Manager sent out an email our employees this week warning them of a potential email scam that is currently being circulated. Like many email scams, the scammers were posing as a common, reputable company. In this case, it was American Express. Our IT Manager warned, “If you receive an e-mail with the following text do not click on the link to download the file. Delete the e-mail immediately.” The scam email read:
Dear Customer, Account Requires Complete Profile Update. We have recently detected that different computer user had attempted gaining access to your Online account, and multiple password was attempted with your user ID.
It is now necessary to re-confirm your account information to us. If this process is not completed within 24-48 hours. We will be forced to suspend your Account Online Access as it may have been used for fraudulent purposes. Please update profile immediately by downloading the attached file.
Note: After completing your update process log-in to your Online Account to take effect on updates. American Express is dedicated to protecting your information. Thank you for your Card membership. We look forward to continuing to serve you.
Sincerely, American Express Customer Care.
It is a sad but true reality of our ever-growing cyber world. Scammers are getting increasingly clever with their tactics, which means that we need to be extra protective of our personal information. And unfortunately, this does not exclude businesses. As individuals, it’s a little easier to monitor our personal information and the third parties we share it with, but businesses have their hands full with thousands of records and sensitive information handled everyday.
Yet another reason why Cyber Security & Privacy Insurance is so important. In case we do fall for that cleverly disguised scam, or use a third party that is not as careful as we are, let the insurance do it’s job and protect your assets when a security breach does occur.
Not too long ago, one of our retail clients was notified by a bank of a potential breach. Some of the bank’s credit card holders reported fraudulent charges on their account. One of the places these card holder shoppers had in common was our client’s website. The bank then informed our client to conduct a forensic investigation to determine if they in fact suffered a network security breach. A thorough investigation concluded that our client did not incur a breach. However, our client did incur close to $40,000 in legal and forensic fees. It’s a good thing the purchased cyber risk insurance because these fees were paid by their cyber risk insurance carrier.
As most of you know, last week I attended the PLUS 2013 Professional Risk Symposium. I am pleased to report there were two cyber sessions, one I moderated and the other discussed cyber threats of professional service firms (including law firms).
It shouldn’t surprise you that many breaches experienced by law firms are the result of lost or stolen mobile computing devices. It also shouldn’t surprise you law firms are a target for cyber criminals due to the amount and type of data that flows through the organization. What may surprise you is that all of the panelists agreed an E&O policy (even with a cyber/privacy endorsement) does not provide adequate coverage for costs associated with a data breach. In fact one of the panelists questioned the wisdom of trying to force an E&O policy to respond to data breach exposures thereby eroding the limit and not having enough coverage available just in case a lawyer makes a good old fashion mistake in representing his/her client. Hopefully that raises a couple of eyebrows.
Greetings from Chicago, IL! The 2013 PLUS Professional Risk Symposium is in full swing in The Windy City.
Earlier today I was asked to chime in on the hot topic of data security and cyber liability coverage. Specifically, I was asked, "Where are data security breaches coming from?". The short answer? Data breaches can pose a threat from many different sources, but there are some that we should keep our eye on. For my full answer to this and other questions like, "What should brokers be discussing with their clients to encourage them to buy data security coverage?" visit the PLUS Blog for a video of the interview.
A recent study conducted by Marsh shows a growth in the purchase of cyber risk insurance by 33% in 2012 compared to 2011. That makes cyber risk insurance one of the fast growing lines of insurance coverage.
An AIG survey reveals that cyber attacks and data breaches rank higher among executives and business owners than property damage or investment risks. Perhaps this explains the significant growth increase the cyber risk insurance industry is experiencing.
More likely the growth is attributable to a combination of exposure awareness (on the part of the business owner) as well as the fact that cyber risk insurance has become more affordable, includes various breach response services and the application process has become less complicated.
In any event, all indicators point to the fact that the purchase of cyber risk insurance is on the rise and I predict will continue its robust growth trajectory in 2013.