Here at BCF Group we’ve been talking about cyber risk heavily the last year or two, and for good reason. This is a legitimate and growing risk to businesses and organizations of all types, and of all sizes. Most of this discussion focuses on the new, cutting-edge tactics that cyber criminals have been using in order to steal from their victims. This includes ransomware, social engineering, and phishing attacks. But a recent report released by Beazley, one of the foremost Cyber Insurance carriers in the world, revealed that nearly 40% of Cyber claims that were reported to them could be attributed to other causes. Causes that we typically don’t think about. Causes that, frankly, are boring. Nevertheless, it’s important to understand that these causes are legitimate risks as well, so let’s review them!
- Accidental Exposure: These accidents accounted for nearly 20% of Cyber claims. This refers to someone (typically an employee) who has legitimate access to sensitive data but accidentally exposes it to third parties who had no rights to see it. For example, an employee might send an email attachment with sensitive data to the wrong recipient, or personally identifiable information (PII) might mistakenly be posted on a public website due to a coding error.
- Malicious Insider Activity: These incidents accounted for 7% of claims. Generally, these situations involve a disgruntled employee who deliberately seeks to harm the business by stealing corporate data. They may do this simply to damage their former employer or to make money by selling the stolen data. These attackers are particularly insidious because they are familiar with the organization’s cyber systems, security policies, and procedures, which can make them more difficult to detect than outsider threats.
- Portable devices made up 4% of claims. These are situations in which unencrypted laptops, flash drives, or cell phones are lost or stolen, potentially exposing all of the data to a third party. According to a Kensington study, more than 4% of company-issued smartphones are lost or stolen every year. When coupled with Verizon’s data that says 1%–2% of all mobile phones and tablets do not have a lock screen configured, it is understandable why the loss of portable devices can represent a real security threat.
- Physical loss/non-electronic records were involved in 3% of claims. These might be the scenarios that we think about the least because they are really the opposite of “cyber,” but nevertheless they involve the breach of sensitive information and are typically covered by Cyber policies. These are losses that happen when physical, paper records are lost or stolen, resulting in the potential breach of private information. This could happen if old office filing cabinets are disposed of, but someone neglects to clean them out. It can happen if files are disposed of in a dumpster without being shredded, or if files sent to a shredding company are lost or stolen before they get shredded. In all of these scenarios there is the potential for loss of information and the need to notify customers about a potential breach.
In closing, keep in mind that while the new and cutting-edge risk issues probably dominate your thinking when it comes to cyber risk, you shouldn’t forget about the standard, old-fashioned risks that can still pose a threat to your organization. You should protect yourself from these issues through a quality Cyber Insurance policy and through the implementation of policies and procedures to prevent losses from happening.
Would you like to learn more about how YOU can protect yourself from cybercrime?
Join Trent Hess and his guest, Erin Burns from InsureTrust, for a webinar on April 6, 2021 at 9:00 a.m. as they break down:
- Emerging trends in cybercrime and related coverages
- Best practices to manage this risk
- What to do when you’re attacked