Cyber security consultants have noticed a rise in external threats to organizations. One of the main objectives of an external cyber attack is to extract credentials that will allow a hacker to move freely within an organization’s network. Once the hacker has gained access to a computer system, they are able to extract important personal and health records at will. But the attacks do not always originate from the outside. More and more companies are taking notice of the risks that insiders can pose to their data security.
According to a survey, “insiders - current and former employees, in particular - have become the most-cited culprits of cyber crime.”1 Your colleagues, employees and volunteers all have access to your organization’s systems and data – and whether intentionally or not, they could damage a system, destroy it, or even steal data. Insiders’ cyber crimes usually fall into one of the following main categories:
Negligence. Your employees or volunteers may accidentally delete or modify critical information, or even share personal client information. For example, they might not realize that by posting information on a public-facing websites or on social media, they are disclosing personal information.
Exploitation. Your employees’ user credentials can be stolen in many different ways. Phishing, malware and web-based attacks are just some of the means used by external parties to find their way into your organization’s network.
Malice. Employees who willfully intend to steal critical company information are the most challenging to identify. Their intent is to sell or profit from the stolen information, and can cause great harm to any organization.
Social Engineering. Hackers might find ways to manipulate people into releasing or providing illegal access to your organization’s computer system and the confidential information that resides there. A hacker employing Social Engineering techniques may try to access your system by posing as a new employee, a consultant or repair person. Hackers like these sometimes employ strategies such as Phishing attacks to gain enter into your computer system. A “Phishing attack” uses a link in an email, or a discarded “jump drive/ USB flash drive” to introduce malware into your system to extract data or to infect your system with a virus, in order to extort money from your organization.
Your organization most likely takes protective measures to help prevent cyber attacks, but cyber crime cannot be eliminated. Identification, authentication, firewalls, encryption of data, and standardized policies and procedures might not be enough.
One of your volunteers or employees gets an urgent yet convincing call from somebody claiming to be a calling from a healthcare facility, requesting personal information about some of your clients. The volunteer complies with the request, and faxes personal data such as address and medical information. The criminal, who played on the employee or volunteer’s tendency to respond to authority, is now in possession of personal client information that could be sold or published on public-facing websites.
A criminal steals a manager’s login details and information so they can pose as a person of authority in a company. The criminal emails your finance department and asks for an immediate wire transfer of funds. One of your volunteers or employees might unwittingly comply.
How can Cyber insurance help you?
Cyber insurance has been developed to address the first and third-party risks associated with e-business, the internet, computer networks and confidential information. It helps protect your organization in the event of malicious acts, negligent acts of employees, or system malfunctions by covering:
- Loss of revenue from network downtime
- Liability to third parties
- Customer notification and credit monitoring services
- Data restoration costs
- Regulatory defense costs, fines and penalties
- Reputation and crisis management costs
- Cyber extortion costs
In response to the complex and varied nature of the losses that can result from a cyber incident, a key benefit of cyber policies is access to specialist third party services, such as IT security/forensics, legal representation and public relations consultants. These services all play a key role in containing a cyber incident and minimizing its impact in the long term.
Not all organizations have the same risk profile and face the same cyber risks. To ensure you get the right coverage tailored to your organization’s needs, talk to your insurance broker.