Cybersecurity risks have increased as more employees work from home during the pandemic. While many traditional insurance policies exclude losses resulting from a cyber incident, the right cyber insurance policy will help mitigate losses arising from such attacks.
More than one-third of senior technology executives say cybersecurity risks have increased as a majority of their employees work from home during the coronavirus pandemic, according to a CNBC survey. What's more, 53% say their firm hasn't stress-tested their system for an event like this.
Employers expect the proportion of full-time employees working from home will level off at 19%, according to a July survey by Willis Towers Watson—but that's still nearly three times what the level was in 2019.
With this risk comes increases in phishing and other cyber scams. One respondent to the CNBC survey estimates their organization has seen such incidents rise by 40%.
The cyber world's risks don't stop there, as cybercriminals are also capitalizing on coronavirus-related fear to implement attacks. Between January and March 2020, over 4,000 coronavirus-related domains were registered globally according to Check Point's Global Threat Index. Of these, at least 5% were suspicious. Coronavirus-related domains are also 50% more likely to be malicious than other domains registered in the same period, including seasonal domains. Between January 29 and March 18, 80% of cyber threats were using coronavirus as a theme, according to Proofpoint.
In addition to monitoring for breaches, maintaining cybersecurity programs, providing secure access, and training employees in cyber safety, your business clients need to take these concerning numbers as a warning and invest in a robust cyber insurance policy.
As many traditional insurance policies specifically exclude losses resulting from a cyber incident, the right cyber insurance policy is key to helping business owners mitigate many of the potential losses the coronavirus outbreak has given rise to.
Costs and payments to resolve a ransomware attack are typically covered under a cyber insurance policy's network extortion insuring agreement. The resulting incident response costs—forensic investigations that determine the extent of the attack, legal advice, customer notification requirements, public relations and data restoration—are also usually covered.
In the event of a cyberattack or data breach, companies will also likely face significant loss of income until they restore systems. Customers' inability to access dashboards or complete purchases, the accounting department's inability to generate and pay invoices, or employees' inability to access critical systems or equipment can all lead to revenue loss.
Companies will also have ongoing expenses, such as utility payments and payroll, and may incur new or additional costs to mitigate the effects of a breach—such as paying employees overtime, renting or leasing new equipment, or hiring third-parties to support business continuity.
A properly structured cyber insurance policy covers all of these expenses. Some policies may also offer endorsements—sometimes for additional premium—that add valuable protections to the insurance. Reputational events coverage indemnifies business owners for a loss of customers due to a breach, while preventative shutdown coverage allows for reimbursement in the event the insured voluntarily shuts down their network to prevent a virus or other threat from spreading. A system failure endorsement can reimburse downtime due to cyber incidents resulting from human or programming error or infrastructure outage, and additional insured coverage automatically insures contractual partners who mandate indemnification.
In the present environment, it's also important to pay attention to policy definitions. Make sure protected information includes data like biometrics, internet browsing history and personally identifiable photos and videos. Confirm extortion expenses explicitly include ransom payment in bitcoin or other cryptocurrencies, which are popular among hackers due to difficulty in tracing the transaction.
As businesses adapt to new cyber threats brought on by the coronavirus, it is essential to review cybersecurity protocols and employee training. However, it is also important to remember that nothing can guarantee protection from all cyber threats. Cyber insurance is an especially critical component of holistic cyber risk management.
Kirsten Bay is cofounder and CEO of Cysurance. This article was originally posted on Agency Nation.