Cyber Liability Insurance

Does your business need cyber liability insurance cover?

You may benefit from cyber insurance if your business uses, sends, or stores electronic data.

Cyber insurance covers the cost of recovering the data, regardless of whether it belongs to the business or is sensitive customer information.

The benefits of cyber liability insurance cover are considerable, as it provides vital financial support in the event of a cyber-attack.

How does cyber insurance work?

Almost all cyber insurance policies cover the financial and reputational damages incurred by a cyber attack on your data or electronic systems.

Policies cover expenses related to investigating a cybercrime, recovering data lost in a security breach, restoring computer systems, reputational management, extortion payments demanded by hackers, and official notification costs, if required by law.

Damages and settlements (that result from 3rd party claims against you) are also covered, as well as legal costs related to defending your business against claims of GDPR violations.

What is the cost of cyber security insurance cover?

Cyber insurance costs vary depending on various cyber risk factors, such as your business turnover, your industry, the type of data you hold, and your network security.

Cybercrime is more prevalent in certain cyber risk sectors, so they may require a higher level of protection.

Financial companies and health providers, for example, have a higher risk of identity theft than, for example, a carpentry business.

 What are the most common cybercrimes?

There are many types of online criminal activity, but here are a few of the more
common types:

Ransomware Attacks

Ransomeware viruses are malicious programs that attack your computer system and encrypt files.

As payment for the release of the data, the attacker will demand a ransom payment, hence ‘Ransomware’.

In the event that you lose your data, you should create a data recovery plan as a precaution.

Hacking

A hacker can use cyber hacking to gain access to a computer or certain functions on it.

Access to important data is generally their goal (which they can either exploit or sell), and various methods can be used.

Malware

Malicious software can be installed on your system via so called phishing scams or exploiting software weaknesses.

As soon as the attacker installs it, they can spy on your online activities and steal private information.

Phishing

This is defined as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Unsolicited emails are common of course. Rather than being compromised as a result of technical vulnerabilities, in reality, companies are more likely to suffer a digital breach through social engineering attacks (such as phishing and pretexting – an identity theft scam where information is stolen by pretending to verify one's identity).

UK cyberattacks are most commonly phishing attacks. Businesses are five times more likely to be attacked by phishing than by viruses.

A successful cyber-attack plays on the victim's emotions.

The click rate of phishing attacks is around 4%, and even highly computer savvy employees are susceptible to phishing emails that impersonate clients, suppliers and industry subscription services.

Common Phishing examples

It can be tricky to identify phishing messages, since they often seem to originate from familiar websites. Understanding what a phishing attack is in fact the first step to protecting your business from this form of cyber risk.

There are many ways in which phishing can take place. An individual who is hoping to gain access to sensitive data will often use a different approach than someone trying to steal financial details.

Spear phishing and deceptive phishing

These are the most common examples of phishing, both of which arrive in an email.

The objective of deceptive phishing is to induce someone to click a link, enter details or make a payment by impersonating a legitimate organisation.

By contrast, a spear-phishing email is a cyber risk personalised to the victim.

These emails usually feature the company name, position and name of the sender, thus giving the appearance of legitimacy.

Spear-phishing attacks are typically disguised as coming from trusted organisations that the recipient may know, like banks or the tax authorities.

Whale Phishing

Fraudsters who conduct whale phishing attacks want to take advantage of the highest-paid employees in a company.

CEO fraud is a form of phishing that targets senior business executives.

Whaling emails often use more sophisticated language and imagery than other scam emails because hackers are so interested in accessing a leading member of the company’s computer, or the sensitive business information it may contain.

Pharming

A phishing scam known as pharming redirects users from an authentic website to a fraudulent copy, where they are asked for personal information.

It can be difficult to identify when you have been phished into fraudulent website, since this is one of the more advanced phishing methods.

How to stop and avoid phishing scam attacks

First, you need to understand what to look out for. This is vital.

Phishing emails often use phrases such as 'reset your password' or 'verify your account' to give the impression that they are important and urgent.

Prior to clicking any link, you should forward the questionable email to the business that it is alleged to be from to ensure it's genuine.

It makes sense to train employees on how to recognise phishing emails and all cyber risks at your company.

Keeping your phishing software up to date can help you defend your business from malicious scams. When an inbound email is scanned for signs of fraud, the programme will alert the recipient.

In addition to ensuring your safety, cyber insurance also allows your business to recover should you suffer disruption and lose money.

How to deal with phishing attacks carried out using your name

Business can be attacked from both sides by phishing, so it's important to know how to react if an attempt is made to use your logo, brand or name in a phishing campaign.

You should inform your customers as soon as you become aware of suspicious emails that appear to be from your company.

Provide your customers with a list of real customer service email addresses on your website so that they can differentiate real from fake.

You can respond more quickly to cyberattacks by asking customers to notify you of any suspicious behaviour.

The cyber and data risk cover offered by Grove & Dean protects your business against costs associated with data recovery, reputation management, GDPR investigations, and business interruption.

Ransomware – what is it?

Infecting a computer system with ransomware – malicious software designed to lock files and extort money from business owners – can lock down business systems and lock data. Cyber-attacks of this type involve holding data or devices for ransom.

Hackers may also threaten to compromise the security of sensitive data or even shut down systems, in addition to putting pressure on system owners to part with their hard-earned cash.

This is potentially harmful to your client relationships and to your financial well-being.

Ransomware can be spread through several means, including clicking on a malicious link in phishing emails.

It is not uncommon for criminals to pose as security officials and ask the victim to pay a 'fine' to get access back to the building.

Typically, an encryption message will inform the user that their files have been encrypted.

The message will include instructions on how to exchange money for a decryption key.

What is a ransomware attack and how does it work?

In many ransomware attacks, cyber criminals use social engineering, a technique that convinces users to open links or download attachments.

Exploit kits – tools used to find vulnerabilities in computer systems – can also be used to install malicious software. Ransomware can also be hidden in deceptive adverts through what is known as ‘malvertising’.

Before demanding a ransom -– which can amount to thousands of pounds – the software locks devices or encrypts files. Cryptocurrency payments are often requested by ransomware attackers since they are less traceable.

What is the purpose of a ransomware attack besides gaining financial gain?

Criminal gangs might be interested in stealing sensitive information – such as to spy on you or cause disruption in general.

Ransomware works differently depending on the OS you're using.

Ransomware is no longer just a cyber risk for Windows users, although it used to be commonplace on those devices. Ransomware attacks on mobile devices began in 2014; these usually encrypt the entire device and are delivered via deceptive apps.

Ransomware can also infect Apple devices and ransomware techniques are constantly evolving and changing.

There are several kinds of ransomware attacks

The techniques used and harm caused by ransomware vary greatly. Despite the differences, all variants demand money for releasing files or computers that have been hijacked.

A business that experiences this type of attack may lose access to its data forever without a decryption key.

Computer, Mac, and smartphone devices are rendered useless by so called Locker ransomware. The encryption problems caused by locker ransomware can sometimes be solved without paying the ransom, but it is much more difficult to defeat crypto ransomware.

Ransomware comes in three main forms:

Originally distributed through exploit kits and emails, CryptoWall is also linked to fraudulent advertisements.

Cryptowall provides a free decryption of one file as proof a hacker has the capability to break into your data.

Even businesses that perform regular backups may find 4.0 confusing because file names are encrypted.

Malware known as Locky is distributed in the form of phishing emails disguised as invoices. The ".locky" extension is renamed by Locky once files are opened, allowing for easy identification. A ransom message displaying the Locky ransom note is another Locky characteristic.

Crypto ransomware known as Cerber operates in 12 languages. Cerber uses sophisticated phishing emails to attack Office 365 users. Cerber targets cloud-based Office 365 users via sophisticated phishing emails, enabling affiliates to utilise malware that other hackers have created.

WannaCry is a type of ransomware that encrypts files on Microsoft Windows operating systems so the user cannot access their documents or locks them out of their computer completely. WannaCry appears as a so called cryptoworm – a piece of malware capable of self-replicating and spreading from host to host.

Around the world, thousands of computers were shut down as a result of the 2017 WannaCry ransom attack. The notorious 2017 WannaCry ransom attack shut down hundreds of thousands of computers around the world.

Hundreds of organisations in over 150 countries were affected, including the National Health Service, which lost nearly £100 million.

Jigsaw can prove very dangerous. This aggressive type of ransomware deletes files on an hourly basis until the ransom is paid.

Within 72 hours, this attack can cause all your data to permanently vanish.

Samas is a particularly destructive type of ransomware which works by identifying networks with vulnerable servers running JBoss products.

Once the software is deployed, it encrypts files and deletes copies – making the situation difficult to reverse.

This type of attack can be used to harvest data, so it often targets networks holding sensitive information, such as hospitals and financial institutions.

Ransomware: how to protect yourself

With computer and date technology changing so rapidly, it’s not always possible to prevent ransomware attacks. One reason why cyber liability insurance cover is so important.

As a business owner, you may be able to protect your business to various degrees depending on the sophistication of the attack and whether phishing is used.

Most of the ways to prevent ransomware attacks involve phishing awareness.

That said, other best-practice cyber security techniques can help your business, data and operations to stay protected.

Here are some precautionary measures businesses can take:

Update software with patches.
Keep your software strong and protective by running all the recommended updates, since each new version fixes security holes. The idea is to always remain one step ahead of hackers.

Set up multi-factor authentication.
To properly secure a device, you need more than just a strong password.

Multi-factor authentication checks your identity via phone call or text message, making it much harder for hackers to gain access via your accounts.

The more ways you authenticate your identity when logging in, the better.

You can update all of your devices.
Many of the organisations worst-hit by WannaCry were using older computer devices and outdated operating systems, so investing in new machines every couple of years can help to reduce the risk.

Cyber security software makes it harder for malware to take control of your device and encrypt files within it.

As a minimum, you should use virus scans and firewalls, but more advanced options include endpoint detection and advanced threat solutions.

Even if you have cyber liability insurance in place you should, of course, backup your files. Since it isn’t always possible to eliminate ransomware attacks, the second-best scenario is having no need to pay the ransom.

Training in cyber security. Reduce the likelihood of falling prey to a phishing attack by training your employees in cyber security and awareness.

Regularly backing up your files externally can stand you in great stead should a hacker encrypt files on your main drive.

Make sure your personal information is protected. Hacking groups often use personal information – including passwords, answers to security questions and date of birth – to gain access to accounts.

Make sure everyone in your organisation follows protocol on protecting their personal information, including senior management, who may be targeted by whaling campaigns (a type of phishing attack). 

I received an email that contained ransomware – what should I do?

Stay calm and avoid making rushed decisions.

You can minimise the damage done by your compromised systems by:

Informing your cyber liability insurance provider that you have been attacked by ransomware. You may be able to receive coverage for ransom payments and system recovery, as well as indirect costs related to business interruption, reputation management and GDPR investigations, depending on your cyber liability insurance policy.

You might have been infected by crypto ransomware or locker ransomware.

It's important to distinguish between locking and non-locking attacks, since locking attacks are often easier to resolve.

You are most likely affected by locker ransomware if you can't get past the ransom note that pops up on the screen.

You may be infected with encrypting malware if your computer can be browsed but not opened.

Remove all other devices and external drives from your computer and disconnect the network.

An infection with ransomware can be minimised by using this method.

Photograph the ransomware note with information regarding the ransom and how to pay the ransom. The relevant authorities, including your cyber liability insurance provider will need this information.

Analyse which type of ransomware you have received.

With the right data recovery and decryption software, it is sometimes possible to recover the data.

The IT department at your company or an experienced cybersecurity firm can provide this if needed.

Report the crime to the police. If you want to file an insurance claim with your cyber liability insurance company or a lawsuit, you'll need evidence that the incident was reported to them.