Montera just recently attended a captive insurance conference, and one of the hot topics was how to protect your business against cybercrime. We hear that term all the time, but what exactly does it mean, and what does it entail?
In its simplest terms, cybercrime is any form of criminal activity or mischief involving electronic transmission of data. This could include confidential records, credit cards, digital images, and entire computer systems. When you consider how far-reaching this can be, cybercrime includes:
1. Theft of financial assets. Someone can steal a password, an identity, a credit card, not only steal financial information, but use that financial information to purchase things for themselves.
2. Data theft/destruction/interruption. Every individual and every business is at risk for virus infection. These viruses can interrupt business flow, destroy data, and even steal personal and confidential information. In addition, businesses are at risk for distributed denial of service (DDOS) attack, disrupting their services, and costing potentially thousands, or even millions of dollars in service restoration and loss of business costs.
3. Third Party Data Loss. Does your business maintain private and confidential information of others, including your clients and customers? What are the risks to you if that data is stolen or destroyed?
4. Extortion. Many businesses and individuals have had their confidential data stolen by cybercriminals, who then threaten to reveal that information to the public unless they get paid, sometimes exorbitant amounts of money.
5. Trade Secrets/Brand Damage. Perhaps the biggest loss or damage for businesses is damage to their reputation, to their brand, if their confidential information is revealed, or if they are the victims of a significant cybercrime. How long does it take to restore the public’s confidence if there is a major security breach of a trusted business?
So, what does one do to protect against cybercrime? It’s been said that “cybercrime is not a matter of IF, but WHEN! Cybercrime cannot be prevented, only managed.” The steps involved in protecting against cybercrime are:
1. Assess your risks. Determine all your areas of vulnerability. Perform a penetration test.
2. Assess your possible damages. What is the cost of loss of data? Reputational damage? Loss of services? Loss of physical assets? If there is a data breach of a publicly traded company, count on a major lawsuit against the directors and officers.
3. Assess your protection. Is your computer system bulletproof? How secure is “cloud storage?” Do you carry cyber insurance? Cyber insurance is readily available on the commercial market. And, those commercial policies will offer discounted premiums if your business has taken certain measures for data security. But cyber insurance policies may not provide thorough protection for all your cyber risks, with all the ramifications and potential financial losses! Make sure your protection is adequate!
If you really want to bulletproof your cyber risks, consider captive insurance. Within your own captive insurance company, you can set up cyber risk policies, and customize them to cover your business against every type of cybercrime to which you are exposed. In addition, you can include policies to cover any other losses you may incur as a result of cybercrime. These potential losses include: loss of key clients, supply chain interruption, reputational damage, loss of trade secrets and proprietary data, litigation protection, etc.