Cyber Exposures: Understanding and Managing the Risks

A brief overview of cyber risks, risk management strategies, and insurance solutions

By:  Kelly Zebrowski, CPCU, AIA, CIC, CRM

Cyber-attacks continue at an alarming rate. At this point we do not foresee anything to curb the trend as our economy and world are relying more on technology and Artificial intelligence (AI) every day. We urge you to consider working with an IT professional to make sure your systems are up to date and protected as much as possible. In the same vein we encourage you to have a risk management plan in place to know what to do if you or your organization is attacked.

This past week a major municipality was the victim of a ransomware attack. When a major municipality experiences a data breach, it can lead to several critical issues. The municipality may lose access to essential data and be unable to perform key services for an extended period. Sensitive data may be withheld unless a ransom is paid, leaving the government entity powerless and vulnerable. The municipality will likely incur unplanned expenses related to investigation, restoration, and recovery costs.

About the same time, a company that provides auto dealerships across the U.S. with software for managing sales and other services was partially shut down due to a cyber-attack. In dealing with the attack the service provider ended up shutting down all of their systems. The outage has impacted more than 15,000 dealerships. Some dealers were able to transact business without the use of computers, but others had to delay or even turn down sales opportunities.

Oftentimes, in these situations, cyber thieves—or, “bad actors”, use ransomware to encrypt and lock victims’ files before demanding a ransom in exchange for a decryption key.

What are cyber exposures?
Cyber exposures are the potential losses or damages that individuals or organizations may face due to cyberattacks, data breaches, or other malicious or accidental incidents involving systems or information technology. Cyber exposures can affect various aspects of a person’s or a business’s operations, such as data privacy, network security, business interruption, reputation, legal liability, and regulatory compliance.

How can cyber risks be managed?
Cyber risks are complex and dynamic, and they cannot be eliminated completely. However, they can be managed through a combination of preventive, detective, and corrective measures. Preventive measures aim to reduce the likelihood or severity of cyber incidents, such as implementing security policies, conducting regular audits, and educating employees. Detective measures aim to identify and monitor cyber threats, such as installing antivirus software, using firewalls, and performing vulnerability assessments. Corrective measures aim to mitigate the impact and recover from cyber incidents, such as having backup systems, developing contingency plans, and reporting incidents.

How can insurance transfer cyber risk?
Insurance can provide coverage and reimbursement for various types of cyber losses, such as data breach response costs, cyber extortion payments, business interruption losses, third-party liability claims, and regulatory fines and penalties.

One of the types of cyber losses that insurance can cover is business interruption loss. This refers to the loss of income or profit that a business suffers as a result of a cyber incident that disrupts its normal operations. For example, if a ransomware attack locks up your computer systems and prevents you from serving your customers, you may incur business interruption loss. Cyber insurance can reimburse you for this loss, as well as for the extra expenses that you may incur to restore your operations, such as hiring IT consultants or renting alternative equipment. Business interruption loss can have a significant impact on your financial situation, so it is important to consider cyber insurance as a way to mitigate this risk

Let us know how we can assist you with your cyber insurance needs. Contact us today.