Whether they were Russian or Iranian or Martian, the hackers were very, very good.
For months, they lurked inside the computer networks of our departments of Defense, State, Homeland Security, Treasury, Commerce and Energy.
Undetected, and thereby unimpeded, they had their way with some of our most sensitive national security files.
In all, at least 40 government agencies, think tanks and private companies were infiltrated, not only in the U.S., but also in the U.K., UAE, Canada, Mexico, Belgium and Spain.
As a number of cybersecurity experts put it, if this had been a physical attack on America’s secrets, we could be at war.
To those of us in the insurance world, this should be the mother of all wake-up calls after years of rising cybersecurity worldwide. And yet we know that many companies – about half of all U.S. corporations, according to some estimates – still have no cyber coverage in place.
We also know that even among those with a policy, coverage gaps can be created by uninformed choices.
Scope of coverage
At a minimum, cybersecurity insurance typically helps with:
- Notifying customers about a data breach;
- restoring personal identities of affected customers;
- recovering compromised data;
- repairing damaged computer systems.
A more robust cybersecurity policy also will cover regulatory costs, and will offer reimbursement for business interruption.
You’ll also want to be sure you work with an insurer with a well-staffed, in-house cyber incident team with experience dealing with cyber threats. These are the experts who will complement your own IT department in the event of a cyber incident.
Protecting your business from cyberattacks
Aside from buying the right coverage, there’s plenty you can do to manage your cyber risks. Here are five quick tips:
- Do a thorough IT security assessment of company’s data breach risks. Evaluate employee exit strategies (HR), remote work protocols, on- and off-site data storage practices and more — then establish and enforce new policies, procedures and physical safeguards appropriate to the findings.
- Educate employees on how to handle and protect sensitive data. Your company can take extensive measures to prevent breaches, but your vulnerability increases when employees aren’t properly trained.
- Provide training and technical support to remote workers. Ensure that the same standards for data security are applied regardless of location, by providing remote workers with straightforward policies and procedures, adequate training and technical support, and security and authentication software installed and updated on mobile devices.
- Keep current with security software updates/patches. An unpatched system is, by definition, operating with a weak spot that hackers can exploit.
- Hold vendors and partners to the same standards. It's important to define your security requirements upfront with vendors. Ensure that your organization maintains control of data at all times, especially with data storage or services.
Doing any or even all of the above does not, unfortunately, guarantee you’re protected against sophisticated hackers, Russian or otherwise. But with the right insurance policy in place, you can at least expect to recover many of the expenses related to a breach and get the help you need to retain your customers’ faith and trust.
- SCORE – How to Protect Your Small Business from a Cyber Attack
- SCORE – Small Business Cybersecurity Preparedness 101 (Webinar)
- SCORE – Internet Security Challenges for Small Business (Webinar)
- National Initiative for Cybersecurity Education
The Mahoney Group, based in Mesa, Ariz., is one of the largest independent insurance and employee benefits brokerages in the nation. As an employee-owned organization, we’ve been protecting what’s yours since 1915. Contact us at firstname.lastname@example.org or 480-730-4920.
This article is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.