Catherine Smola, President & CEO | Canadian Underwriter insBlogs
Nearly 70% of businesses experienced at least one hacking incident in the last year – an alarming though not unexpected statistic, given the ever-growing demand for remote database connections and wireless devices.
Despite this risk, there is more pressure to adopt technology than ever before in order to meet the expectations of today’s evolving customer. The broker channel has responded to this pressure admirably, with adoption of solutions such as eSignatures on the rise, BMS vendors offering mobile apps and customer portals, and increasing use of online quoting.
Amid the rush to adopt new, customer-friendly solutions, cyber security is at risk of being forgotten. Small businesses may be especially vulnerable, with one cyber risk expert estimating that one in five will be hit by a cyber attack.
Impact of Cyber Crime
Cyber criminals are typically interested in gathering information such as customer records, contact lists, employee information, banking information – everything they need to commit identity theft or fraud. Some attacks will establish an ongoing connection between the victim’s computer and the perpetrator’s, allowing continuous exploitation over a long period of time.
The consequences can be costly, including lost customers, damage to the brand, increased expenses and decreased revenue, and no type or size of organization is exempt; even the Government of Canada and enormous corporations such as Sony and JPMorgan Chase have been successfully targeted. Small companies, however, typically pay a higher cost to recover from an attack: up to $1,088 per capita, whereas large businesses may pay as little as $288.
Invest in Prevention, Not the Cure
While the interest among risk professionals in purchasing cyber insurance is on the rise (74% who do not have it now intend to purchase it within two years), there are steps brokers can take to protect their own business from suffering a cyber attack.
Educate Your Staff — Ensure that employees are aware of and trained in themost current practices regarding cyber security, and conduct a regular review to ensure your policies meet the latest changes. This can protect your brokerage from scams such as “phishing” (posing as a legitimate entity to gain trust and information) that exploit human judgment rather than technological loopholes.
Test Your Network — Cyber security is its own specialty – find a reputable third party to conduct a thorough review, identify security gaps and recommend a course of action.
Enforce a Password Policy — Between email, shopping, banking, social media and mobile devices, the average person is required to remember dozens of passwords on any given day. As a result, many people use a single, default password for their various accounts and may keep their work passwords on a sticky note in their workspace. Until a superior means of identity verification is commonly available in the insurance industry, ensure your system requires unique passwords that change often.
Secure Mobile Devices — While mobile access to your network enables telecommuting and can improve employee productivity, a lost or stolen device can be a serious security risk. Ensure that security measures such as automatic lock, tracking technologies and encryption are enabled, and consider investigating third-party solutions to separate work data from personal uses.
No system will ever be 100% secure, but consider that most cyber attacks are crimes of opportunity – perpetrators typically pick the easiest target. You may very well be one of the 74% of companies intending to purchase a cyber policy in the next two years, but with sound security practices in place, you reduce the chance of ever filing a claim.