How to Get the Most Cost-Effective Cyber Policy

By

If you were to ask any company representative if cyber insurance is worth it, you’d undoubtedly be met with a resounding YES. The potential financial havoc that a cyber attack unleashes is significant enough for businesses both large and small to actively seek out cyber insurance coverage. The question therefore isn’t whether you require cyber insurance for your business. Instead, it’s: How much cyber insurance do I need?

Just like all insurance coverages, the answer is personal. You would not pay a higher level of homeowners insurance premium for a larger house than you own; so too should you not pay for more cyber coverage than your business needs. One-size-fits-all cyber insurance does not exist, and there are ways to drive the cost of coverage down by being proactive in your security efforts.

One business may need to purchase more cyber insurance, while others may need less. An organization that deals primarily online may have more potential exposure than another, for example. To get the most cost-effective cyber policy, do not just request a quote from the Internet. Instead, trust the cyber insurance advisors at W3 Insurance to learn about your company’s risks and to help you select a policy to mitigate them. 

Every day, cyber attackers become more savvy at draining company coffers. Those businesses who choose to pretend that they are not at risk stand to pay higher rates than those who actively protect themselves. Read below as we examine how cyber attack prevention can in fact be cost-effective and how a business can go about securing such coverage.

10 ways to reduce the cost of your cyber insurance policy

Think of this as akin to the ‘safe driving’ discount offered by some car insurance companies. If your business operates with safeguards in mind against cyber attack,  it is possible to reduce the cost of your cyber insurance policy. By reducing your risk, you also drive the cost of coverage down.

Some of these ways include the following:

1. Multi-Factor Authentication (MFA)

Are you who you say you are? That is the simple (yet effective) impetus behind multi-factor authentication. Also known as “two step” verification, this effective means to thwart cyber attack takes the standard ‘enter username and password’ command to a new level. Sure, you will need both of the above – and then some. Often, this added failsafe comes in the form of a code that is sent to a person’s cell phone. That way, even if a password and username are stolen, the attacker is stuck. 

2. Password managers

The days of the simple password are passe – pun intended. Password managers take complex combinations of letters, numbers and symbols and make undecipherable passwords that are nearly non-hackable. One of the type of cyber attack involves a hacker learning personal information about a mark on social media and then trying those elements as passwords. With password managers storing these intricate passwords, it’s not necessary to use the same one multiple times. 

The days of “I hate passwords 123” should be over. Thank you, password manager.

3. Keep your employees trained and up-to-date

In the event your business suffers from a successful cyber attack, don’t point fingers at the computer, because it is likely not the machine’s fault.. Nine times out of ten, security breaches are caused by human error. Cyber attack is a very human game, after all; human error is the reason many attacks do succeed. 

That’s why employee training is paramount. Have your employees been brought up-to-speed about the latest phishing attacks? Do they know not to respond to emails that demand sensitive information? Constant vigilance is required to fend off cyber attacks, and that means consistent, timely training for your employees about the latest threats and information regarding how to combat them.

4. Update your software when possible

Keep pressing ‘cancel’ when prompted for a software update? -Think again. Take a few minutes and let the software update; it most likely has built-in security protocols to protect against the latest cyber threats. Cyber attacks vary widely in their creativity and personalization; software updates can help thwart some attempts before they become a problem. 

5. Invest in cybersecurity tools

When it comes to protecting your business from cyber attack, cybersecurity tools are the weapons that can keep the threat at bay. Often, they are not exorbitantly expensive, either – at least, not in comparison to how much a successful cyber attack an potentially cause your business.

Consider the list below a good start:

  • Firewalls
  • Anti-virus software
  • Application whitelisting software
  • Intrusion detection/prevention systems
  • Managed detection and response systems

6. Create an adequate response plan

Even after all your best efforts, a cyber attack may crack your defenses and affect your business. Due to the ever-changing nature of cyber attack, this is a sad reality; knowing what to do if one occurs can minimize the damage. If you suspect your business has been a victim of cyber attack, first call your cyber insurance coverage provider. Then, use your response plan to move forward.

7. Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are your friends

Plan for the worst and hope for the best. The adage is at the heart of business continuity planning (BCP) and disaster recovery planning (DRP). Have protocols in place as backups, and should a cyber attack occur, you may be able to continue business as (almost) usual while you work to restore prior workflows.

8. Continuously monitor your systems

Understanding what is normal for your business and what is not is a surefire way to spot a cyber attack. Watch for activity that is out of the ordinary, and if you spot something unusual in your data, dig into the cause. It may well be due to user error – or it may be a cyber attack in its infancy.

9. Hire a cybersecurity expert

Overwhelmed by the concept of cyber-securing your business? Professionals can assist you in deducing your business risk and implementing tools to address it. Consider hiring an expert to be an investment in your company’s wellbeing. The time you will spend to put all these measures in place may be better used elsewhere, and, if these protections are left undone, cyber attacks can have drastic fiscal consequences.

10. Be proactive

Simply follow the above advice, and you’ll be on your way to protecting your business from cyber attack. The proactive business owner understands that if it’s possible to prepare for an attack, fortifications should be made. Act early to prevent cyber attacks in the long run. What’s more, having these protections in place can result in a lower premium. After all, such a business is less risky than one that just buys coverage but does not put any safeguards into place.

Get an affordable quote from W3

The cyber advisors at W3 Insurance can help protect your business from cyber attack. For coverage that protects your business and advice that allows for personalization of your cyber policy, trust the W3 advantage. 

Cyber attack is a persistent threat. Contact us today for more information regarding how to protect your organization.

How Likely is Your Company to Be Cyber Attacked?

By

If you’re worried about how likely your company is to be cyber attacked, you’re not alone. As the world increasingly embraces the digital marketplace, valuable data is more at risk than ever, and it can be difficult to know whether a business is fully protected against a breach.

Just as you would secure your home against intruders, so too must your business be kept as secure as possible. Of course, a business is more difficult to protect than a physical abode. Lock the doors and windows of a home and enlist a solid alarm system, and you’re likely set. Conversely, cyber attacks enter the foundation of your business through tiny (and not so tiny) cracks in the online mortar left vulnerable by business owners and employees alike. 

While the likelihood that your company could get cyber attacked is out of your hands, how it affects your company is largely up to you and depends on how carefully you’ve prepared for the attack.

What is a cyber attack?

Cue the virtual mugshots: cyber criminals hide behind their PCs and Macs to forcibly extract data from other computers (or networks). Depending on the sophistication of the attack and how targeted it is, these criminals’ actions can result in the shuttering of the victimized devices completely. Other attacks just use that single compromised computer as a stepping stone for other attacks, and still others suck the data out of the device, compromising personal and financial information and sparking a whole onslaught of trouble.

Cyber attacks occur at every level of commerce (and are now even part of modern day warfare). Take, for example, the Apache Log4j vulnerability, which results in java-based web servers getting hitchhiked and used for a variety of ill effects such as the spreading of malware or ransomware.

Cyber attacks are now a regular part of actual war; for example, when the Russia-Ukraine conflict began, Ukraine saw cyber attacks directed at its military increase by 196%.  

Another well-known attack with a deceptively positive name is the Solarwinds Sunburst attack, which targeted more than 18,000 organizations by enticing them to download what seemed like a normal software update. Unfortunately, the ‘software update’ made it possible for cyber criminals to access data. This cyber attack is ongoing and extremely destructive.

These big cyber attacks are what make the headlines, and they could lead you to assume that only large organizations get targeted. But you’d be wrong. Every day, businesses and individuals suffer cyber attacks that never make the news. What should make the news is how devastating these attacks can be for small businesses: 60% of small businesses close within 6 months of suffering a cyber attack. That’s why it’s imperative to enact safeguards in the cyber realm on a consistent basis.

6 Industries at Risk of Cyber Attack

Small Businesses

Resist the urge to believe that a business that is small is not attractive to cyber criminals; the small businesses sometimes make the biggest targets. After all, what type of training does a small business offer to inform employees what data should and shouldn’t be shared with outside entities? Without proper security protocols, employees are more likely to download programs they don’t recognize or offer login credentials to cyber criminals posing as fellow employees.

The list of possibilities is long, and it’s tough for a training to cover all of them (and that’s assuming the small business has a training at all). That vulnerability makes a small business low-hanging fruit to cyber criminals.

Healthcare

COVID-19 made a mess of so many things in our world – the healthcare industry included. Lots of healthcare entities were targeted during the pandemic because the pandemic opened up new vulnerabilities, and ransomware has been rampant. This software puts a proverbial wall up between a person and their data, keeping them apart until a ransom is paid. Healthcare organizations see these attacks as virtual emergency situations. Not being able to access patient data or other important health information can literally be a matter of life and death. 

Government agencies

Cyber criminals who want to make problems for state and municipal governments have their weapons at the ready, and the results are costly. Ransomware cost the United States government $18.8 billion dollars in 2020 (estimated using cost of recovery, etc.). Education for government employees regarding cyber security is a definite necessity, given the popularity of this type of attack.

Financial institutions

Online banking is widespread, and with it comes the risk of online theft. All it takes is for a hacker to make a fake login page that looks legitimate and, voila! Sensitive information falls into the hands of those who seek to do harm. Trojan horses are widespread problems in this sector – and they don’t have anything to do with the ancient city of Troy.

A Trojan horse is a type of malware disguised as a legitimate program in order to gain access to a server. Data and server attacks upon financial institutions go straight to the sources of delicate information – ripping credit cards and social security numbers from supposedly ‘safe’ storage places and making them visible for hackers to exploit. In this type of cyber attack, malicious code is deployed to steal that information. 

Education

Online education platforms have drastically increased over the past few years (remember the online learning boom during the pandemic?). This use of technology for educational purposes has opened more schools up to cyber attack – specifically, to malware and spam. 

Energy and utility companies

If the United State’s largest fuel pipeline can be compromised due to ransomware, anything and anyone is at risk for cyber attack. In 2021 hackers shut down the Colonial Pipeline which originates in Texas and serves the southeastern U.S. The resulting gas shortages across the country resulted in an increase in fuel prices and a loss in consumer confidence. And while that example may be extraordinary, still there are (and continue to be) many other attacks on smaller utilities.

Cyber Attack Statistics

If you’re still not convinced of the importance of keeping your online data secure from cyber attacks, consider these figures:

  • 50% of all cyber attacks are against small to mid-sized businesses.
  • The average cost of a data breach for small businesses ranges from $120,000 to $1.24 million.
  • Between 2018 and 2020, over two thirds of all small to mid-sized businesses reported a cyber crime incident.
  • Cyber crime went up by 600% during the Covid pandemic.

Any web search of ‘cyber attack statistics’ will reveal the danger you and your organization are in on a daily basis. 

The 10 Most Common Cyber Attacks 

While there are many types of cyber attacks, the ones listed below are currently the most common. 

  • DOS and DDoS Attacks
  • MITM Attacks
  • Phishing Attacks
  • Whale-phishing Attacks
  • Ransomware
  • Password Attacks
  • SQL Injection Attacks
  • URL Interpretation
  • DNS Spoofing

Remember: a full-scale strategy to protect your business (and yourself) from cyber attack is the best strategy. Work with a professional who understands the risks you face and knows how to mitigate them. 

Is Cyber Insurance Worth the Cost?

Cyber attacks can be devastating – both personally and professionally. The cost of cyber insurance hinges on the type of business being protected and the level of risk it experiences. If the amount of personal data a business handles is significant, the cost will likely be more. One way to lower cost and protect the business at the same time is to put security protocols in place that lower your business’s risk for a breach. The coverage limits you select, along with the size of the deductible, will also determine the cost.

Just as with historical warfare, protection and preparation are important to a defense. Don’t be left vulnerable to cyber attack. Instead, have a clear and ongoing strategy to combat it. And if cyber criminals do slip through your systems and take sensitive data or release ransomware into the equation, know that you have cyber insurance to back you up.

Cyber insurance can protect different industries from popular types of cyber attacks. Contact Wallace Welch & Willingham to find out how our cyber liability insurance products can help protect your business. Request a quote today!