In this week’s episode of CYBER24, we take a look at some interesting polling information that shows exactly who Americans trust and distrust with their data. But does it make a difference in how we actually behave? We also take a deep dive into the world of cyber insurance with a local expert.
Trust no one
According to a recently released study by the Pew Research Center shows that nearly two-thirds of all Americans (64 percent) have had their personal information compromised at some point. Not surprisingly, nearly half of Americans distrust both the government and social media sites when it comes to protecting their personal data. What may (or may not) surprise you is that this significant lack of trust, doesn’t lead to better cyber hygiene. As Pew puts it, “just 12 percent of internet users say that they ever use password management software themselves – and only 3 percent say that this is the password technique they rely on most. Instead, roughly two-thirds (65 percent) of internet users say that memorization is the main or only way they keep track of their online passwords – and another 18 just rely primarily on writing their passwords down on a piece of paper. In other words, fully 84 just of online adults rely primarily on memorization or pen and paper as their main (or only) approach to password management.”
Cyber Insurance
As we covered more and more of the potential threats to your organization’s cybersecurity – both internal and external – it has become evident that a cyber breach is more a matter of “when” not “if.” And that is why businesses are increasingly investing in cyber insurance. These are policies that cover you for damages incurred by a cyber breach.
But these policies should be anything but one-size-fits-all.
We sat down with Dave Wittwer, the senior vice president of Hays Companies, which works to custom fit a cyber policy to meet your business. Wittwer says a good insurance broker will work with you and a tech partner to really understand the type of data you need to protect, evaluate your options to protect that data and then write a policy to protect you in the event those defenses are penetrated.
Wittwer says there are several things a business can do to improve its security rating and, subsequently, lower the cost of coverage. After undergoing a Gap Risk Assessment (GRA), he and his team work to identify the business’ priorities – meaning anything from protecting the brand and reputation of a business to intellectual property to covering the cost of remediation.
Having the right policy can make a significant difference. Hays Companies has seen it firsthand. Wittwer tells of a CEO received an email from the CFO asking that the CFO wire $150,000 to a third party. The CFO was unavailable and the e-mail was marked as urgent. A well meaning assistant, sent the wire request to the and the money was wired. By the time the CFO and CEO were contacted, the money was long gone and the request was proven to be fraudulent. Because the business had the right internal policies in place, and because it had the appropriate insurance policy, the business was covered for the loss.
How common is cyber insurance?
Wittwer says businesses are purchasing cyber insurance at an increasing rate, but still not frequently enough. He says every business has the exposure and every business needs the coverage. He does caution that not all cyber insurance policies are created equal. Each business and every industry has unique challenges and each policy should be designed specifically for each client.
You can get more important insight on cyber insurance from Wittwer by listening to Episode 8 of the CYBER24 podcast.
The story/situation provided by the Hays insurance broker is not a representative example of cyber insurance, in fact, most cyber policies provide no coverage for funds transfer fraud loss caused by social engineering, a crime insurance policy does. To have a pod cast talk about cyber insurance and provide this as a loss example could be misleading to those listening or reading your podcast.
– Jon Stutz
Moreton & Company