CyberScout

What Happens when a Cyber Threat Hits your Business but your Policy doesn’t Cover it?

cyber risk assessments

Businesses face a multitude of cyber risks in this dynamic time, from faulty wire transfers to social engineering, ransomware attacks to system compromises. But keeping up with the latest threats means your security posture and your cyber coverage also need to be up to date.

When your policy isn’t aligned with cyber trends, you may not be covered for even common scenarios. Social engineering is one example, where scammers try to trick your employees into giving up login credentials, money or other assets. Social engineering claims denials are growing and few companies offer coverage for social engineering attacks.

The shift to WFH has also created gaps between risks and coverage. Employees working remotely are often using their home computers, but do those personal devices have the latest security features? If they're connecting into your corporate network, they could create openings for malware—or worse. Most cyber policies don’t cover that scenario, but if your teams are now working from home then your risk has grown exponentially.

There’s another big problem, and that’s the coverage limits themselves. A ransomware policy with a $10,000 limit is obsolete. You'll be left paying another $25,000 of your own money if you suffer an attack. Ransoms are going up and restoration costs have increased. Though the complexity of cyber threats has grown, policy limits haven’t always followed suit. The result? Hefty out-of-pocket expenses.

Align your defenses and your coverages against today’s threats

First, take stock of your systems. Do you have backups and have they been tested under real-world conditions? Having the right internal IT expertise or a trusted vendor in place allows you to boost your security and your resilience. This will save your company from downtime as well as expenditures over the long run.

Next, evaluate your insurance position considering today’s threats. An insurance specialist should review your cyber policy and determine where it needs shoring up either in coverages and/or limits based on your company’s size and risk profile. Limits start as low as $5,000. In any modern cyberattack scenario, that money could be gone in the first day and you'll be paying remaining costs yourself.

Examining real-life cyber incidents with and without the right coverages

A healthcare office was hit by a ransomware attack. Their backup was months old and incomplete. Their internal IT support was minimal and their cyber policy hadn’t been reviewed in years. With few options available, they decided to pay the ransom. Even with the decryption key, restoring their data was an arduous task. Doctors couldn’t see patients for two weeks as they rebuilt their systems. The out-of-pocket expenses totaled nearly $70,000 and the office’s reputation sank as patients lost trust in its ability to safeguard their information.

Alternatively, a dental practice with an up-to-date ransomware policy also suffered a ransomware attack. They had an experienced IT vendor maintaining their systems and ensuring their backups were reliable. With a secure copy of their data in hand and the know-how to bring their systems back online, this dental practice restored its information, lost less than half a day of work and incurred expenses under $2,000.

The lack of adequate coverage can put your business in a terrible bind, financially and operationally. In this era of change and uncertainty, you need to know you're well protected—across your systems and within your cyber policy. Now is the time to review your situation and be sure you're prepared for the latest cyber threats.