Contacts
A lot of corporations may overlook cyber security as they’re inviting employees back into the office as shelter-from-home restrictions are lifted.
But according to cloud computing company VMWare, ransomware attacks jumped 148 percent this March from the previous month, and security training firm KnowBe4 reports that Q1 2020 coronavirus-related phishing email attacks are up 600 percent.
Your organization may not be prepared to respond to a security failure or privacy loss. You’re probably also depending more on technology, so malware-induced disruptions can create serious economic damage. Reliance on your supply chain means a disruption or failure could further aggravate financial loss. Even if you have an Incident Response Plan, you face the strong possibility of increased challenges especially with all or even some of your workforce working remotely.
Here are key security and privacy best practices to consider:
- Back up data and critical servers and test resiliency. In addition, run vulnerability scans before employees and their hardware connect to the corporate physical environment.
- Physical connectivity of employee hardware can introduce malware into the corporate hardware environment so it is important to upgrade your cyber hygiene with the latest anti-virus, firewall and endpoint protection, along with timely patching of systems.
- Advise employees to not connect non-corporate managed devices into the corporate environment (i.e. flash drives, USB)
- Implement use of email filters and sandboxing (quarantining) of opened links to prevent malicious links from downloading malware.
- Remind employees of the proper safeguard protocols of mobile computing devices and paper files in transit.
- Require employees to participate in privacy and security awareness training prior to returning to work.
- Safeguard sensitive individual health information especially if/when employees become diagnosed with Covid-19. In addition, organizations should be aware of privacy concerns raised with ‘contact tracing’ of their employees.
- Schedule a third-party assessment of your IT environment for a comprehensive audit of your security and privacy controls.
- As ransomware is usually deployed after several weeks of an undetected initial infiltration (upwards of 200+ days according to a recent Ponemon/IBM Study), it is important to ready your incident response plan (IRP) and cyber insurance policy to ensure you know who and how to respond when a cyber incident occurs.
- Review MSA’s of incident response firms such as legal and forensic firms that are approved by your cyber insurance carrier.
- If your organization does not purchase cyber insurance, now is the perfect time to consider coverage. Working through the application process can act as a ‘mini-assessment’ and the overall budgetary spend is less than many cyber security initiatives.
Why Cyber Insurance Is More Important Than Ever
Threats + Vulnerabilities = Risk
Threats
- Ransomware attacks jumped 148 percent in March from the previous month[1]
- Q1 2020 Coronavirus-Related Phishing Email Attacks Are Up 600 percent[2]
- Ransomware demands have continually increased over the past year due to increased sophistication of attacks (such as infiltrating critical systems and backups) with multimillion dollar demands becoming more common.
- The majority of SMBs (83%) said they do feel prepared for a ransomware attack. Forty-six percent of SMBs have been targeted by ransomware, 73 percent have paid the ransom[3]
- FBI and U.S. Secret Services have recently issued alerts for the growing threats on Business Email Compromise and Malicious Email Attacks (attached).
Vulnerabilities
- WFH Risks: As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors[4]
- IT and InfoSec budgets are stressed. Furloughs and/or illness of IT staff has occurred and may intensify at corporations and their vendors, adding to their cyber vulnerabilities.
- Wide sweeping InfoSec initiatives are delayed due to implementation issues under COVID-19 and stressed budgets.
- Contact tracing at the “employer/employee” level is at its infancy and has privacy implications (i.e. Think wrongful collection, retention, use, sharing, defamation, emotional distress, etc. in regards to the tracking of employee, customer, vendor COVID-19 diagnoses)
Risks
- Organizations may be unprepared to respond when a security failure or privacy loss occurs.
- Organizations are depending on their technology resiliency more than ever that malware induced network disruptions can exacerbate economic challenges.
- If an organization has an Incident Response Plan, they will face increased challenges especially with a remote workforce.
- Organizations’ reliance on their supply chain is more critical than ever and a supply chain disruption caused by a security failure or computer system failure of their vendors can further aggravate financial losses.
MMA Solutions
- Cyber insurance can help expedite and ensure a compliant response when an incident occurs ensuring balance sheet and reputational protection.
- Cyber Insurance can be a more cost-effective solution, especially now, compared to cyber security and can be put in place quickly.
- Marsh’s proprietary policy forms, cyber risk assessments and analytics can help assess an organizations security and privacy risk profile and build customized coverage for an organization. (See attached for an overview)
- Marsh’s local resources, claims administration and specialized cyber claim advocates provide additional accountability before, during and post incident.
MMA can help
Our proprietary policy forms, cyber risk assessments and analytics can help assess your security and privacy risk profile and build customized coverage. And our local resources, claims administration and specialized cyber claim advocates provide additional accountability before, during and post incident. To learn more, go to marshmma.com/offerings/cyber-liability or call your local Marsh & McLennan Agency consultant.
1 Source: VMWare
2 Source: KnowBe4
3 Source: Infrascale)
4 Source: DHS' Cybersecurity and Infrastructure Security Agency
You May Also Be Interested In
- Event
02.09.2021
Webinar | Back to Basics: Insurance Program Options
- Blog
12.23.2020
Solarwinds Cyber Incident
- Blog
12.16.2020
Insurance Insights: Digital Health & Emerging MedTech
- Blog
12.04.2020
Winter Weather Safety
- Blog
11.16.2020
Q3/2020 Business Insurance Marketplace
- Event
11.05.2020
Webinar | Auto Liability Strategies When Premiums Soar
- Blog
11.04.2020
Beyond the Pandemic: What your broker should be talking with you about right now
- Blog
10.19.2020
Client Advisory: Increasing Cyber Risks in the Transportation Industry
- Blog
10.16.2020
Client Advisory: Dealing with Increasing Cyber Risks in the Biotech Industry
- Blog
10.14.2020
Client Advisory: Dealing with Increasing Cyber Risks in Manufacturing
- Blog
10.14.2020
Cyber Risk in Our New World
- Blog
10.14.2020
INSIGHTS Newsletter
- Blog
10.12.2020
Client Advisory: Dealing with Increasing Cyber Risks in the Health Care Industry
- Blog
10.09.2020
Client Advisory: Dealing with Increasing Cyber Risks in the Construction Industry
- Event
10.08.2020
Webcast | A Tale of Two Breaches
- Blog
10.07.2020
Cybersecurity: Managing Risk in the COVID-19 Era
- Blog
10.05.2020
Why HR is a Key Stakeholder in Cyber Risk Management
- Blog
09.30.2020
Elements of Cyber Insurance Coverage
- Blog
09.28.2020
Cyber Security and Privacy Concerns: COVID-19
- Event
09.16.2020
Webinar | Cyber Incident Response
- Blog
09.16.2020
Business Interruption Insurance
- Blog
09.04.2020
Insurance Insights: Real Estate & Hospitality
- Blog
09.02.2020
Insurance Insights: Construction
- Blog
08.31.2020
Insurance Insights: Manufacturing
- Blog
08.28.2020
Insurance Insights: Healthcare
- Event
08.27.2020
Webcast | MMA Q2 2020 Business Insurance Marketplace Update
- Blog
08.26.2020
Insurance Insights: Transportation
- Blog
08.24.2020
Q2/2020 Business Insurance Marketplace
- News
08.06.2020
Charlie Filisko's Article Featured in Properties Magazine
- Event
07.21.2020
Webcast | Senior Care - The New Normal
- Event
07.14.2020
Webinar | Cyber Security-The Complex & Inevitable Exposure
- Event
06.25.2020
Webcast | Navigating the Cyber Liability as Organizations Return to the Workplace
- Event
06.25.2020
Webinar | Paycheck Protection Program- Q & A Town Hall
- Event
06.18.2020
Webcast | Navigating the D&O Market Through Unprecedented Times
- Event
06.04.2020
Webcast | Navigating Challenging Business Insurance Market Shifts
- Blog
05.18.2020
Q1/2020 Business Insurance Marketplace
- Event
04.30.2020
Webcast | COVID-19: Managing the Impact- Weekly Update 4.30.20
- Blog
04.27.2020
Client Advisory: Dealing with increasing retail cyber risks during the COVID-19 crisis
- Blog
04.23.2020
Workers’ Compensation Insurance
- Event
04.06.2020
WEBCAST | Cares Act Overview
- Event
03.26.2020
WEBCAST | COVID-19: Navigating Insurance Implications
- Event
03.24.2020
Webinar | Navigating the Coronavirus and Managing the Impact
- Blog
03.24.2020
MMA COVID-19 Coverage 2020
- Blog
01.15.2020
Business Insurance Marketplace Outlook 2020
- Blog
01.08.2020
The 2020 Cyber Outlook
- Event
10.15.2019
Webinar | New Cyber Privacy Regulations & Risks Affecting U.S. Businesses
- Blog
10.14.2019
Tornado Preparation and Recovery Tips for Ohio Businesses
- Blog
10.09.2019
FDA to Begin Food Defense Plan Inspections on Food Facilities in 2020
- Blog
10.07.2019
The State of Cyber Security
- Blog
09.03.2019
12 Best Practices to Secure and Protect Passwords
- Blog
08.02.2019
Podcast | Choosing Your Broker
- Blog
03.28.2019
Five Trends in the Business Aviation Industry
- Blog
03.11.2019
Protect Your Business from these 5 Cybersecurity Risks
- Blog
02.25.2019
Top Challenges Facing the Banking and Financial Services Industry
- Blog
02.19.2019
How Technology is Impacting the Wholesale Distribution Industry
- Blog
02.08.2019
Businesses Required to Obtain a Spotted Lanternfly Permit
- Blog
01.16.2019
How Technology is Reshaping the Agriculture Industry
- Blog
01.11.2019
Is Ocean Wave Power the Next Big Thing in Renewable Energy?
- Blog
01.10.2019
Property & Casualty Marketplace Expectations for 2019
- Blog
01.08.2019
Five Technologies Impacting Safety and Productivity in the Construction Industry
- Blog
01.03.2019
Four New Advances that are Revolutionizing the Hospitality Industry
- News
12.21.2018
Social Engineering Fraud
- Blog
12.19.2018
Does Your Company Know What To Do After a Cyber-Attack?
- Blog
12.17.2018
Brain Injuries in the Workplace
- Blog
12.14.2018
New Algorithms to Spot Fake Pictures for Insurance Claim Verification
- Blog
12.10.2018
Digital Transformation Unlocks New Opportunities for Financial Services Industry
- Blog
11.26.2018
Five Critical Risks Impacting Public Sector Organizations Today
- Event
10.25.2018
Framework of a Cyber Breach
- Blog
10.19.2018
IoT-connected Devices Are Increasing Cyber Risk Exposure
- Event
10.18.2018
Workers Compensation Red Flags
- Blog
10.17.2018
What's Keeping CEOs Awake These Nights?
- Blog
09.04.2018
15 Best Practices to Protect Your Website From Malware & Cyber-Hacking
- Blog
08.28.2018
Why Manufacturing Companies are Now More Susceptible to Data Breaches
- Blog
07.24.2018
Mid-Year Economic, Insurance and Risk Management Marketplace Update
- Blog
07.05.2018
Construction Industry Employee Engagement
- Blog
06.28.2018
Subcontractors without Workers’ Compensation Coverage May Cost You
- Blog
06.19.2018
2018 Cyber & Data Security Risk Survey Report
- Blog
06.15.2018
Lightning: Protect Your Property and Your People
- Blog
05.11.2018
Drones: The New Highway in the Sky
- Blog
05.10.2018
Identity Protection: The Right Voluntary Employee Benefit
- Blog
05.09.2018
Flood: Understanding the Risk, Navigating Insurance Options
- Blog
05.08.2018
OSHA Compliance Alert
- Blog
05.08.2018
GDPR is Coming. Are You Ready?
- Blog
05.07.2018
Consider the Fair Labor Standard Act for Internships
- Blog
04.30.2018
Plan Sponsor Quarterly Calendar
- Blog
04.25.2018
Hours of Service Rules for Commercial Drivers
- Blog
04.24.2018
Severe Weather: Why it Matters
- Blog
04.17.2018
Understanding Your Investment Policy Statement
- Blog
04.17.2018
Preparing for a Product Recall
- Blog
04.05.2018
Safety Resources - Excavation Safety Stand Down
- Blog
04.04.2018
Electronic Logging Devices - A Hacker's New Window?
- Blog
04.03.2018
Aviation CGL Coverage and Contracts
- Blog
03.21.2018
Recap of MMA Seminar: Employment Law 2018
- Blog
03.13.2018
Understanding Your Aviation Policy: There's More to Consider Than Price
- Blog
02.07.2018
Social Engineering Fraud
- Blog
02.01.2018
Construction Contracts
- Blog
01.31.2018
Texting While Driving
- Blog
10.06.2017
The 4 Myths of IT Data Security
- Blog
09.25.2017
Catastrophic Disasters
- Blog
09.25.2017
Got Hail?
- Blog
09.15.2017
Cyber Breach - Equifax
- Blog
09.05.2017
Employee Retention
- Blog
02.01.2017
A Gap In Coverage
- Blog
01.17.2017
Property and Casualty Commercial Insurance 2017
- Blog
10.17.2016
Drones expand business' horizons - and their liability
- Blog
06.08.2016
2015 & 2016 Cyber & Data Security Risk Survey Report