The pervasive nature of cyber claims is highlighting how improving cyber hygiene is more important than ever, especially as ransomware attacks and phishing campaigns persist with a vengeance.
“Those types of data and security breaches will never truly go away,” said Danion Beckford (pictured), senior underwriter, professional liability at Burns & Wilcox Canada.
“There is still a wealth of people who these hackers can prey on because of their lack of knowledge towards recognizing potential cyber threats.”
In conversation with Insurance Business, Beckford spoke about what types of businesses might need additional training on proper cyber practices, some standard procedures to help rebound from a loss faster and why some clients may need multiple forms of coverage for higher limits.
For those without a robust legal or IT team helping streamline a business and smooth out any risky operational kinks, adapting and implementing proper security measures may not come naturally.
“Small businesses are not as well equipped as larger ones,” Beckford said. “They do not have departments that are dedicated to preventing these types of threats, and that is showing in the growing number of businesses who are falling victim to ransomware or phishing.”
In order to help create and maintain a more safeguarded operation, a prospective client can work with a broker, who has this specific information at their disposal, to implement some best practices.
“The head of an organization can do monthly check-ins with their employees to make sure that risk management objectives are being followed,” Beckford said.
“That can be as simple as reminding employees to change their passwords monthly to avoid any data breaches, or you can sign up for 20-to-30-minute webinars that each employee must watch and complete at certain intervals to stay on top of industry-approved best practices.”
For some, acquiring cyber coverage may be a contractual element to do certain business, which makes regulating this type of precautionary behaviour important.
Throughout the past year, business have increasingly adopted multi factor authentication.
“It is definitely more standardized now, which is a huge sigh of relief,” Beckford said.
However, there are other obvious, but not as widely acknowledged steps that businesses can take to help rebound faster in the event of a loss.
Backing up information and documents on a separate, trusted external hard drive is top of mind for Beckford.
“I know it sounds so elementary, but people often forget to adopt this practice because they don’t think they will be victim to a threat actor or malicious attacks,” he said.
Shredding physical documents, emptying out a computer’s trash can at the end of each day or fully exiting out of any accounts that contain classified information are also simple but effective measures that need to become more commonplace.
This notion of invincibility or accidental negligence is still prevalent, and these vulnerabilities create a doorway for hackers to exploit errors in judgement.
“I would also advise that people selling cyber coverage help relay important social media etiquette rules to a client,” Beckford said.
“You don’t want an individual posting that they are away on vacation, essentially allowing a hacker — who is always trying to be one step ahead — to use this to their advantage.”
As cyber insurance evolves to meet the unique concerns of contemporary businesses, there needs to be discussions had on how it can be customizable.
“Coverage is not one size fits all,” Beckford said. “What’s important is acquiring the right policies to make sure that an organization or entity can get back to being whole again in the event of a loss.”
This may include providing ransom coverage in an event when a payment must be made to mitigate a loss more quickly. There is also coverage for media communication plans that in the event of a data, network and security or privacy breach.
When cyber coverage was first introduced, businesses were able to get higher limits to fit their individualized requirements. However, as the marketplace has matured, limits have shrunk, which has necessitated the need for clients to shop for more than one coverage.
“This is referred to as ‘building a tower’,” Beckford said.
“Shopping around from different carriers is the best way for these organizations who may need higher limits because of their exposure profile to suit those concerns.”