Cyber Bytes is S.H Smith & Company's Cyber, Security & Privacy blog – written by the experts you trust.
I have been asked by quite a few of my clients to explain this part of a cyber risk insurance policy recently so I thought I would share my answer with all of my faithful readers.
Cyber Business Interruption is one coverage part available on a cyber risk insurance policy to reimburse the Insured for lost income (typically net profit before income taxes) and extra expenses resulting from a network security breach (i.e. denial of service attack or virus) which causes a disruption to the Insured’s business and the disruption exceeds a certain amount of time (waiting period) specified by the insurance carrier.
Please bear in mind, when discussing cyber risk insurance we are working with general definitions as opposed to standard ones since language on these policies vary greatly (that’s why you need me).
Sounds pretty straight forward, right? Well here are some things you need to consider with this coverage part. Is the waiting period a deductible or coverage trigger? Is there an hourly maximum amount the policy will pay? Do extra expenses include overtime salaries of employees? Do extra expenses include the costs to hire a forensic account or other expenses incurred to process the claim? Does the coverage respond to dependent cyber business interruption? Yes, it can be pretty confusing but I am here to help!
Not stratus or cumulus clouds but Infrastructure as a Service, Platform as a Service, and software as a Service.
Cloud computing can deliver your organization’s computing power, computing infrastructure, applications and business processes as a service wherever and whenever you need it. The use of cloud computing is consistently growing in popularity because of its cost efficiencies, ease of deployment and scalability.
Unfortunately, there is no silver lining behind every cloud. The biggest concerns about cloud computing are security and privacy. If you can access your data anytime, anywhere while it is stored in the cloud so can the bad guys. Will your cloud provider indemnify you if your data is accessed by the bad guys? Is it possible your cloud provider can deny you access to your data stored in the cloud? If your cloud provider experiences a disruption in service how will that affect your business? Is it possible to transfer any of these risks?
That is according to the most recent Data Breach Investigations Report conducted by the Verizon RISK Team. This group has responded to, investigated and reported their analysis of data breaches for the past nine years.
In their 2013 report, organizations experiencing data breaches in 2012 span multiple industry segments including restaurants, retailers, media companies, banks, utilities, engineering firms, security providers and defense contractors.
It shouldn’t surprise anyone that data breaches are driven by financial motives, but some occur just because the opportunity exists. A large percentage of breaches in this study did not include a high level of difficulty to achieve any many took months to discover.
Here are some tips Verizon RISK Team recommends to assist in avoiding data breaches (and their financial impact):
Ok, I added the last one…
Our IT Manager sent out an email our employees this week warning them of a potential email scam that is currently being circulated. Like many email scams, the scammers were posing as a common, reputable company. In this case, it was American Express. Our IT Manager warned, “If you receive an e-mail with the following text do not click on the link to download the file. Delete the e-mail immediately.” The scam email read:
Dear Customer, Account Requires Complete Profile Update. We have recently detected that different computer user had attempted gaining access to your Online account, and multiple password was attempted with your user ID.
It is now necessary to re-confirm your account information to us. If this process is not completed within 24-48 hours. We will be forced to suspend your Account Online Access as it may have been used for fraudulent purposes. Please update profile immediately by downloading the attached file.
Note: After completing your update process log-in to your Online Account to take effect on updates. American Express is dedicated to protecting your information. Thank you for your Card membership. We look forward to continuing to serve you.
Sincerely, American Express Customer Care.
It is a sad but true reality of our ever-growing cyber world. Scammers are getting increasingly clever with their tactics, which means that we need to be extra protective of our personal information. And unfortunately, this does not exclude businesses. As individuals, it’s a little easier to monitor our personal information and the third parties we share it with, but businesses have their hands full with thousands of records and sensitive information handled everyday.
Yet another reason why Cyber Security & Privacy Insurance is so important. In case we do fall for that cleverly disguised scam, or use a third party that is not as careful as we are, let the insurance do it’s job and protect your assets when a security breach does occur.
Not too long ago, one of our retail clients was notified by a bank of a potential breach. Some of the bank’s credit card holders reported fraudulent charges on their account. One of the places these card holder shoppers had in common was our client’s website. The bank then informed our client to conduct a forensic investigation to determine if they in fact suffered a network security breach. A thorough investigation concluded that our client did not incur a breach. However, our client did incur close to $40,000 in legal and forensic fees. It’s a good thing the purchased cyber risk insurance because these fees were paid by their cyber risk insurance carrier.