In recent news, it was announced that hackers allied with the Russian government developed a cyber weapon, dubbed CrashOverride, that can disrupt power grids remotely for days at a time in what is the culmination of over a decade of theory and attack scenarios. This sounds catastrophic, but it is not a doomsday scenario. Operators are used to restoring power by hand, due, in large part, to the manual processes that have been in place for years.
But, we’re not in the clear just yet. This new development is part of a larger framework and a breeding ground for future attacks and increased malware effectiveness. Take, for instance, the WannaCry ransomware, which recently exploited a flaw in Microsoft’s software and affected hundreds of thousands of organizations across 150 countries.
Malware such as WannaCry is increasingly becoming a threat to our daily lives as everything we do today is online, where there are few, if any, manual options to defending our own personal matters. There is a growing need for businesses and organizations to create a cyber security plan with a multi-layered approach. Trends are showing that with frequently changing approaches and software, there are many different places for malware to attack and few ways to defend against them all. According to an article on Dice.com, “Hacking, cracking and other forms of cybermischief have reached a level of sophistication equaling (and in many cases surpassing) the capability of most organizations to defend against”. Cyber security experts are now warning that attempts at prevention are futile, but creating awareness and response plans within an organization can keep damages and losses at bay.
Risk can be mitigated first by identifying it, and second by insuring against it. If you read our blog on Risk Management, you’ll notice that a large part of protecting your business has to do with risk transference. So, how does one create a cyber security strategy? If you’re reading this, you’re already on your way to gaining the proper information to protect yourself and your business.
Cyber Liability Insurance coverage (CLIC) has been available for around a decade, yet few know what it does or that it even exists. However, according to an article by Canadian Underwriter, “when it comes to purchasing cyber insurance, clients are beginning to ask the right questions as they become more familiar with the risk”. Cyber risk is a relatively new exposure, and because there isn’t a lot of historical data on the cost of a loss, underwriting for that particular coverage becomes a challenge. However, with increased exposure, brokers are becoming aware of the risks as more data becomes available.
Cyber insurance is a major mitigating factor for businesses that maintain electronic data or systems, and has become the more attractive option over incurring high costs trying to recover from a breach. Cover can include data breach, privacy crisis management, and expenses related to the management of the incident such as legal costs, court attendance and regulatory fines. It can also protect you in the case of intellectual property rights infringement, extortion, theft of data and more.
Be prepared to work closely with your broker. You will require a specialist who can help save time and stress while working to determine your risks and the costs associated with insuring them. Your broker must understand the implications of a breach and provide you with coverage that will be effective in the event of a breach.
As previously mentioned, a cyber-attack can target multiple areas at a time, so it is important to cover as many aspects of your operation as possible. This includes preparing staff with cyber security workshops, which can help to identify risks, and establish a frontline defense, as well as backing up files on another system in avoidance of a catastrophic loss. You can also take steps to appoint a third-party to manage a data breach. Just remember, preventing a cyber-attack is futile, but setting up a response strategy can mean the difference between a business that sinks and one that swims.
Contact PAIB Insurance Inc. for more information on how you can protect yourself from a data breach by adding the endorsement to your existing policy with Gore Mutual.
 Nakashima, Ellen. Russia has developed a cyberweapon that can disrupt power grids, according to new research. The Washington Post, 12 June 2017, https://www.washingtonpost.com/world/national-security/russia-has-developed-a-cyber-weapon-that-can-disrupt-power-grids-according-to-new-research/2017/06/11/b91b773e-4eed-11e7-91eb-9611861a988f_story.html?utm_campaign=0e7b52b659-EMAIL_CAMPAIGN_2017_06_13&utm_medium=email&utm_source=I.I.I.%20Daily%20Newsletter&utm_term=.b30617502b99. Accessed 13 June 2017.
 Lahanas, Stephen. 10 Reasons Why You Need a Cybersecurity Plan. Dice, 16, February 2015, http://insights.dice.com/2015/02/16/10-reasons-need-cybersecurity-plan/. Accessed 13 June 2017.
 Canadian Underwriter. “Slow but steady” trend in take-up rates among U.S. cyber insurance clients: Council of Insurance Agents & Brokers. Canadian Underwriter, 19 May 2017, http://www.canadianunderwriter.ca/insurance/slow-steady-trend-take-rates-among-u-s-cyber-insurance-clients-council-insurance-agents-brokers-1004113879/. Accessed 13 June 2017.