A fresh ransomware attack on Mac OS X users has Apple issuing a security response, and highlights just how vulnerable businesses can be to security attempts on their valuable data. Ransomware is a type of malicious software, often unknowingly downloaded via attachments in phishing emails, that infiltrates and encrypts all the data on a business’s network. In order to regain access to their propriety files, businesses are then forced to pay the attacker to restore the data.
It’s the fastest-growing form of cyber attack, according to Cyber Product Leader James Burns from
CFC Underwriting – and what’s worrisome is businesses incorrectly believe they’re covered by their traditional business policies.
“Insurance coverage is really important because the traditional policies that businesses buy only cover first party costs – so lots of businesses will have policies such as general liability, which will protect against any suits from injury or damage. (Middle market) tends to buy first party property policies that protect against their physical business assets being damaged or destroyed,” he says, adding small and middle-market businesses are most often targeted.
“What a cyber policy does is it protects against this new, emerging type of threat – it’s basically plugging the gaps that traditional policies have, because traditional policies haven’t considered such threats because they were written so long ago.”
Burns says that in addition to businesses, a knowledge gap exists among brokers about adequate cyber coverage, which makes it challenging for them to in turn educate their clients. “The key to conquering this is exposure and the combination of insurance analyst management,” he says. “Specialty insurers need to get better at communicating the exposures to their brokers and that will in turn empower the brokers to have those conversations with their clients.”
Despite the anticipated growth of ransomware over the coming years, it’s often ignored in lieu of U.S.-style privacy concerns as a main cyber focus, says Burns.
“I think there’s a lot of noise in Canada around privacy exposures – and I think a lot of times the insurance market is focused on privacy concerns when really it’s not the same as the U.S. in terms of the landscape,” he says. “I think it takes the attention from the real threat – it’s important to keep an eye on the regulatory landscape, but a lot of brokers have tried selling cyber insurance in Canada based on U.S.-style exposures, and with Canadian businesses, it doesn’t resonate with them because we don’t have the same landscape.”