Author, Sam Brown, Account Executive, Rancho Mesa Insurance Services, Inc.

On Friday, July 14th Rancho Mesa hosted a popular workshop titled “Cyber Liability Explained: Hacking Trends for 2023” with presenter Beau Bechelli of Evolve MGA. His 60-minute presentation educated the audience on the cost of cyber attacks, the most common types of attacks, and practical ways to help reduce the threat of a breach.

This article will cover recommended steps an organization should take immediately following a data breach.

Call Insurance Agent

Immediately call the business’ insurance agent or the cyber insurance policy’s claim reporting line to report details of the incident.  

Secure Operations

According to the FTC.gov’s Data Breach Response Guide, an organization should first take steps to quickly secure its operations. This may require:

• New locks and access codes to physical areas

• Taking all affected equipment offline immediately

• Remove improperly posted information from the organization’s website

• Search for the organization’s exposed information on the web

FTC.gov also recommends interviewing individuals who discovered the breach and advises against destroying evidence.

Address Vulnerabilities

The organization should next address the system’s vulnerabilities compromised in the breach. Contact any service providers involved to assess the personal information to which the provider had access and determine if it’s necessary to change access privileges.

Work with the forensics team to understand if the breach is contained and determine the status of the network’s backup data. This process should also produce the number and types of records compromised. Begin corrective measures as soon as possible.   

Notify Appropriate Parties

The guide instructs businesses to notify law enforcement, other affected businesses, and affected individuals. Work with the insurance company’s assigned legal counsel to ensure compliance with all state and federal notification requirements.

Please refer to the Federal Trade Commission’s Data Breach Response Guide for more detailed steps.

For those who are interested in learning more about how cyber-crimes affect real businesses, watch “Cyber Liability Explained: Hacking Trends for 2023.”

 Contact me to discuss the merits of cyber liability insurance or a possible data breach at (619) 937-0175 or sbrown@ranchomesa.com.

Author, Jeremy Hoolihan, Account Executive, Rancho Mesa Insurance Services, Inc.

Cybercrimes are at an all-time high. News sources report cybercrimes almost on a daily basis with most of the press relating to company breaches and cyber extortion. However, one of the biggest cyber threats that is often overlooked is Business Email Compromise (BEC).

BEC is a type of email cybercrime scam in which an attacker targets a business to defraud the company. BEC attacks use real or impersonated business email accounts to defraud employees. In 2020, BEC scammers made over $1.8 billion – far more than any other type of cybercrime.

In this type of cybercrime, the scammer sends an email that looks like it came from someone the recipient knows, like a superior or co-worker, and asks them to do perform a task. For example, the email may request:

• A change to a vendor’s mailing address so future payments are sent to the scammer and not to the actual vendor.

• An employee to purchase gift cards for a charity auction or employee rewards and then asks for the serial numbers on the cards so the scammers can use them without ever having the physical card.

• A client is sent an email with wire instructions for payment of an invoice that appears to come from your company, but instead it is for the scammer’s bank account.

BEC scams use a variety of impersonation techniques. The following 3 techniques tend to be the most common:

• A spoofed email address or website often has a slight variation from the legitimate address or URL. At a quick glance, the spoofed email address may fool victims into thinking it’s authentic. However, upon a closer look, an “L” might be switched out for a “I” or an “0” for an “o.”

• Phishing emails appear to come from a trusted sender in order to trick the victim into providing personal or confidential information like account numbers, usernames, personal identification numbers, passwords or answers to security questions. Then, the information is used to gain access to networks, accounts, and other data.

• Cyber criminals can infiltrate a company’s network using malicious software and gain access to networks and legitimate emails, often getting information about billing and invoices. This type of cybercrime is often unnoticed until it is too late.

For ways on how to protect your business from BEC claims, Rancho Mesa recommends first starting with a Cyber Liability policy. A comprehensive Cyber Liability policy will not only respond to BEC claims, but it can also provide coverage for other cybercrimes such as cyber extortion, cyber breach, and network security. If you have an interest in obtaining a Cyber Liability policy please feel free to reach out to me at 619-937-0174 or jhoolihan@ranchomesa.com.

Author, Sam Brown, Vice President of the Human Services Group, Rancho Mesa Insurance Services, Inc.

The dramatic increase in cyber-attacks since 2020 has resulted in employer pain and made headlines as the economic cost skyrockets. The recent Hiscox Cyber Readiness Report 2021 states that the number of firms attacked rose from 38% to 43%. Not surprisingly, more than 28% of those employers suffered multiple cyber-attacks.

Determining the cost of a breach can be difficult, but the report states that one-in-six firms’ survival was threatened. Over 58% of firms hit with a ransom paid the threat-actors to regain access to the computer system and vital information. In 2020, the standalone cyber loss ratio increased to 73%, its highest level since separate cyber data were included in financial reporting, six years ago.

The increase in cyber-attacks and claim payouts is causing alarm in both insurance companies and businesses. According to the Insurance Journal, insurance companies are quoting significant premium rate increases and tighter coverage terms to improve underwriting performance and profitability. The average cyber renewal premium rate increased 11%. Meanwhile, written premiums for standalone cyber coverage increased 29% in 2020, a sign of growing demand.

The shift to a remote workforce and an increase in phishing email has tested network security systems. Fortunately, many insurance carriers now offer a cyber readiness assessment to help policyholders address vulnerabilities and avoid cyber-attacks.

As cyber-attacks continue, it is important for all employers to learn more about the specific exposures that cyber insurance coverage can cover along with ways to improve cyber security.

We will be offering a Cyber Liability workshop in the coming weeks, so be sure to look for that information on our workshops and webinars webpage.

Please contact me at (619) 937-0175 or sbrown@ranchomesa.com to discuss our process of developing competitive quote options.