By: Jameson P. McShea
“How will I get hacked? I barely use the internet!”…Sound familiar?
This seems to be a common response from businesses who are smaller in size. Business owners seem to have this common misconception that the malicious hackers of this world only target larger companies; this is not the case. 43% of cyber attacks target small businesses. And, even when those hackers are not targeting YOUR business, they could be using your business to get to a larger business- say, one of your clients.
If a hacker uses YOUR business to hack one of your clients of substantial size, are you properly insured to cover the cost?
SMALL BUSINESS THREAT EXAMPLE:
Fazio Mechanical Services, an small HVAC company contracted by Target Corporation, did a job for a local Target store branch. Target has a web hosted application for vendors like Fazio to submit contracts, electronically bill, and provide project management information. Hackers were informed of the business conducted between the vendor and Target, and decided to “phish” the HVAC company.
Phishing is a scam scheme, typically in the form of a email. The email usually appears to be from a company you use or have sensitive information in, like a bank. The email will “phish” to extract sensitive information, usually by scaring you into thinking your information has been breached and asking to confirm some personal information- say your social security number, credit card number, etc.
Succeeding with the phishing tactics, the hackers attained access to the web hosting service Target provides for vendors. Now all the hackers had to do was upload a file that seemed legitimate. Using a hacking tactic called, “hiding in plain sight”, the hackers were able to upload a file to Target that ultimately gained them access to 40 million credit card numbers.
The hackers sold this information on the black market for a price. A day later Target was informed of the breach.
CYBER INSURANCE helps a business manage the risk of threats and errors online concerning liability to others. Coverage, depending on the company, reimburses companies for expenses related to a consumer data breach, including legal counsel and defense, notification costs, crisis communications and setting up a call center and credit monitoring for those affected by the data breach. Coverage could cover destruction of data, virus transmission, and cyber extortion. Coverage could also be provided for a lost laptop or a personal file sent to the wrong email address.
WHAT MOST INSURERS PROVIDE:
1st PARTY COSTS:
- Forensic Investigation
- Legal Advice
- Notification costs to the third parties
- Loss of profits while the network is down (but not after the network is back up)
3rd PARTY COSTS:
- Legal defense and Settlements
- Cost for banks to re-issue credit cards
- Regulatory fines and penalties
The example above is just one notable case of many cyber hacks. So how can cyber insurance help transfer this risk?