It’s hard to make business transactions without the use of the internet. Whether tracking inventory, storing customer information or managing payroll systems, the web is part of our daily lives. The internet is like a car – we know how to drive it, but not necessarily what makes the engine run. We need experts in that field to secure our information.
Businesses may either have an internal IT department or an IT support company to manage the company’s virtual engine and provide certain protections so email is secure, the supply chain is updated in real time and the business runs efficiently.
But what happens when a system is breached and held for ransom? Maybe an employee mistakenly clicks a link in an email that looks legitimate but has unknowingly downloaded malicious software onto their device. Their system is now locked up and the business comes to a standstill. The company has been hit with ransomware, a type of malware designed to encrypt files and make them unusable. The bad guys will release the system, for a price.
Americans lost more than $10.3 billion last year due to cybercrimes, according to a
2022 Internet Crime Report produced by the FBI’s Internet Crime Complaint Center (IC3)
. Among the complaints received in 2022, phishing, personal data breach and non-payment/non-delivery were the top incidents reported.
David Colter, owner of the DJ Colter Agency, American Family Insurance, with offices in Fargo, Grand Forks, Rugby and Cando, wants the region’s business community to be aware of cyberthreats and know there’s protection available.
“There’s this big myth and fallacy: ‘I have everything backed up with an IT company, I don’t need cyber insurance.’ That is a huge fallacy. Not only do you need cyber, you need to have certain coverages,” Colter said.
Cybertheft is on the rise and isn’t relegated to large corporations in big cities – it’s happening to small organizations across the U.S., including the upper Plains region.
Chicago-based Hiscox, a leader in business insurance,
reports the top three drivers of the increase
are the higher number of attacks, more people working from home and more employees using their own devices for work.
Cyber insurance protects against computer-related crimes and losses. This could include targeted attacks such as malware and phishing, as well as the occasional misplaced laptop containing confidential material, according to Hiscox.
Zac Paulson, CEO of TrueIT in Fargo, said his company has seen an increase in email takeovers, where somebody is taking over an email account and sending emails on a person’s behalf.
“Typically what’s happening is wire transfers – they’re changing bank routing information,” he said.
Colter said cyber insurance is a new type of coverage in the insurance industry and there’s a lot to learn. He relies on experts like Paulson to help his customers understand how cybercrimes can happen, and what businesses can do to make sure they have the correct protection.
“My biggest fear is people assume it’s part of their general liability, and it’s not,” Colter said. “I talked to someone in town, a business owner and this (ransomware) shut them down for months. They told me that if they didn’t have the coverage, they’d be done.”
Paulson said he wants to make clear that the coverage an IT department or business offers is not the same coverage as insurance protection.
“There are some companies, that’s what they do, but they’re the firefighters, the hotshot people that dive into forest fires and have a whole other level of excitement,” Paulson said. “That’s not what a managed IT company does. The IT company is doing their best effort to protect you, but that’s like saying the sprinkler system is keeping the building from burning down.
“That’s not right – the sprinkler system is turned on once the fire starts to help put out the fire. But they’re not a guarantee. You don’t buy a sprinkler system and not buy insurance, which is also why you’re seeing insurance companies demanding a certain level of protection from the IT organizations, too.”
IT security costs a company about $25-50 a month per employee on average, Paulson said, and he expects that cost to double in the next three years.
“From a support standpoint, it’s somewhere between $50-100 a month per employee. Now it’s about half the cost of supporting an employee to securing them. In the future, three years from now, I’d say it would be the exact same cost, if not more, just to secure them.”
So what does cybersecurity cover? It may vary but typically protects the following: breach costs, cyberextortion, cybercrime, business interruption and data recovery. Additional coverage may include a digital media upgrade.
What’s not covered may include claims brought in the form of criminal proceedings, transfer of funds lost due to cyber crimes, infrastructure interruption, intentional acts by the business or employees, prior acts or knowledge, subsidiary outside control of named insured and business interruption from systems under the control of third parties.
“It doesn’t have to be complicated. We just want to educate people,” Colter said. “We have someone like Zac that can help in that realm, and like us, to determine what policy best fits their situation. Getting something in place is better than nothing.”
The Federal Trade Commission has
that can help small businesses when reaching out to insurance providers.
Based in New York, Stephen Freeman is a Senior Editor at Trending Insurance News. Previously he has worked for Forbes and The Huffington Post. Steven is a graduate of Risk Management at the University of New York.