The top three cyber policy gaps

By Mike McCluskey

It’s no secret that the need for cyber insurance is growing. Almost weekly, we see big companies hacked by cyber criminals and the exposure of sensitive data alerting customers and consumers that their financial information has been made public. Adding to that, cybercriminals are getting more sophisticated by the day. They use tactics that result in more than the leak of data, and make cybercrimes almost impossible to detect until it is too late.

But cybercrimes are not a problem only for large corporations. The middle market (think companies with revenue between $10 million and $1 billion) is equally at risk. Even though enterprise-level organizations are larger than mid-market companies, cybercriminals still prey on them, holding businesses up for ransom, and demanding huge paydays that could cripple any business. For the mid-market company, it is especially imperative to make certain their cyber policy is robust, covers as many risks as possible and includes policy gaps that cover the ever-evolving methods used by bad actors.

Top policy gaps that should be included in a comprehensive cyber policy

Ransomware attacks. Ransomware is a type of malware that locks up a victim’s data, including devices and systems, and leaves the data unusable. Phishing emails that contain malicious attachments are the most common ways ransomware is spread. The bounty demanded from the cybercriminal, called a ransom payment, leaves companies scrambling to pay, with the lock-up leaving day-to-day operations interrupted. Ransomware criminals can leave a business crippled even after payment. Recovering data, when possible, can be equally expensive in terms of time and cost.

Social engineering attacks. Social engineering attacks occur when cybercriminals target a company’s employees and use psychological manipulation to trick them into sharing sensitive information or transferring funds. A four-step sequence to social engineering attacks begins with information gathering, followed by establishing a relationship with the target, exploitation and then execution. Criminals prey on employees’ fears, their need to help, greed and other human emotions - all for financial gain.

Bricking. Cyber-attacks often cause damage to a computer system. If the damage is so extensive that the device (or devices) can no longer be used and become, essentially, a brick, this is referred to as ‘bricking’ in the cyber insurance world. Because companies and employees rely on their computers to run the business, becoming a victim of bricking can lead to financial loss, business interruption and exposure of sensitive data. The addition of bricking to a cyber policy allows for the cost to replace, reinstall or reconfigure a device or network.

A comprehensive cyber policy includes coverage for major gaps

While cybercriminals continually devise new schemes and it’s not possible to cover every single cyber incident, a comprehensive policy should cover the most common gaps. Review your cyber policy for coverage against ransomware attacks, social engineering incidents and bricking.