Search
Close this search box.
Request a quote

Businesses should plan ahead for cyberattacks

pexels-sound-on-3761104

Businesses should plan ahead for cyberattacks

A significant breach may slow a company’s operations or cause it to cease business entirely.

A single breach resulting in the loss of personal consumer information can initiate multimillion-dollar lawsuits or even class-action lawsuits and reputational harm.

Recent news stories highlight just how much harm a cyberattack can cause to a business. In 2020, MGM Resorts, Zoom and Magellan Health all fell victim to cyberattacks. While these were multi-million dollar incidents, small businesses are also big targets.

A dog rescue group, a small toy company, and a two-location magazine store fell victim to cyberattacks in recent years.

Sometimes a cyber breach occurs because of a hole in network security. A business should regularly check its firewalls and security. Other times, a security breach happens due to a compromised email. The email may appear to come from a legitimate vendor but direct the employee to use a different link. When the employee clicks on the link, malware may be installed on the business’ network. Another way hackers infiltrate a business is through phishing. The criminal tries to get an employee to reveal confidential information, such as a bank account.

Even what might be considered a small breach can place valuable financial data, customer records, employee information and manufacturing facilities at risk. A single breach resulting in the loss of personal consumer information can initiate multimillion-dollar lawsuits or even class-action lawsuits and reputational harm.

In addition, a significant attack or breach may slow a business’ operations or cause it to cease entirely because of a loss of sales, the cost of rebuilding or paying government fines may be too much.

It’s not just monetary; company employees may fall victim to blackmail or extortion as a result of an attack. And there’s the added stress and time, as well as the need for internal and external resources that will be required to investigate and mitigate the breach.

Have an incident response plan ready

So, how can businesses mitigate the fallout related to a cyberattack? By ensuring an incident response plan is in place and that all employees are educated to understand the risks. An incident response plan is a set of instructions developed to assist a business in preparing, detecting, responding and recovering from a cyber incident. Though some businesses may be unaware, standards such as PCI-DSS (Payment Card Industry Data Security Standard) demand that security policies be in place and that a company’s employees be trained to understand their roles in protecting against data breaches and cardholder data theft.

Businesses can be directed to organizations, like the National Institute of Standards and Technology (NIST), that offer guidelines in responding to a cyber breach.

An incident response plan prepares a business for the unfortunate event of a security breach. Having a plan in place will outline who does what during an incident, including the roles of each member of the incident response team. It will also provide steps on how to contain the damage, the breach, and how to restore system integrity. There will also be instructions on how to document the incident and response for later review.

An example of an incident and its handling when cybersecurity insurance is involved follows:

  • The breach occurs.
  • The breach is discovered.
  • If applicable, the area where the breach occurred is secured and physical equipment collected as evidence.
  • The incident response team is notified and initiates the incident response plan.
  • Senior management is informed of the breach and provided with as much detail surrounding the breach as possible.
  • The incident is reported to the business’s cyber insurer. The insurer will connect the business to an incident response broker who will instruct it on the next steps, such as determining if the breach impacts state regulations or requires that law enforcement be involved. This may also include releasing a statement to the public describing the incident, damage and steps to containment.
  • The incident is resolved according to direction from the incident response broker and the business’ incident response plan.

It is also beneficial to retain a lawyer as part of the incident response team to ensure that all communications to outside agencies, including the business’ cyber insurer, are protected by attorney-client privilege. This becomes important in the event of a future lawsuit brought against a business as a result of a data breach. The communication between a business’ retained lawyer and others related to the incident will be considered privileged information and usually cannot be used in subsequent court proceedings.

It should be noted that once the cyber insurer is involved, they will control certain aspects related to the incident. Since the insurer will likely cover claims for loss and damage related to a breach, it wants to ensure that the business responds appropriately and quickly to reduce damages. As a result, a business may not have the final say about how a specific cybersecurity incident is handled.

When a cyber incident happens, it’s imperative that a business quickly responds to contain the breach and mitigate any future damage. By educating employees and instituting an incident response plan, small businesses will be better prepared in the event of network security infiltration.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts
Commercial P&C Insurance

Commercial Office Space Set for a Strong Comeback

The sustained increase in demand for office space across the nation since late 2022 suggests that the market has moved past its lowest point, according to insights from the real estate technology platform, VTS. Demand for office space began to rise in late 2022 and continued into early 2023. Since then, the office market has experienced a period of stability and growth, supported by favorable economic factors, indicating a market rebound. This conclusion is drawn from the VTS Office Demand Index (VODI), which tracks unique new tenant tour requests for office properties in key U.S. markets. The VODI serves as an early indicator of future office leasing activity. According to the index, demand for office space has grown consistently over the past 12 months, closing the second quarter with a 17% year-over-year increase and a 34% rise from the VODI’s lowest point in December 2022. A significant shift in office-based employment patterns further supports the belief that demand for office space has stabilized. After reaching its peak in August 2022, office-based employment declined by 3.9% in early 2024. However, this trend has since stabilized, and employment growth has remained steady. Additionally, a recent decrease in work-from-home rates has fueled the renewed demand for office space. “They say you can only recognize a market bottom after it has passed, and the office space market is no exception. Following what we now see as the bottom, the national demand has gradually increased, though it remains susceptible to economic challenges,” said Nick Romito, CEO of VTS. “However, the growth observed in VODI over the past 18 months, coupled with positive trends in the office-using workforce, suggests that the market has reset, and the worst is behind us.” It’s important to note that this national trend does not impact all local markets equally. Cities like Los Angeles and New York City have seen healthy growth in office space demand, while markets such as San Francisco and Washington, D.C., have experienced prolonged stagnation. In Los Angeles, office space demand surged in the second quarter, briefly surpassing pre-COVID levels, driven by an increase in the average size of office spaces sought by tenants. New York City followed a similar overall pattern, though with some softness in the second quarter. Conversely, San Francisco’s demand for office space remains unpredictable, largely due to its tech-focused workforce, which continues to favor remote work more than other industries. “Markets heavily dependent on the tech sector, like San Francisco and Seattle, are on a markedly different post-COVID recovery path compared to more diversified markets like Los Angeles and New York City. It may take some time before we see office demand in San Francisco and Seattle return to pre-COVID levels,” added Ryan Masiello, Chief Strategy Officer at VTS.

Read More
Cyber Liability

Global IT Outage Puts Business Interruption Insurance in the Spotlight

In July, a global IT outage had a significant impact on business interruption insurance policies, overshadowing the effects on cyber insurance coverages. “This incident wasn’t a result of a malicious attack, which is why typical cyber insurance policies may not have been activated,” explained Peter McMurtrie, a partner in West Monroe’s insurance sector, in an interview with PropertyCasualty360.com. “Where coverage was applicable, factors like deductible amounts, waiting periods, and coverage limits played a critical role in determining the extent of exposure,” McMurtrie noted. “Standard policies for small businesses were less likely to offer coverage, while more complex policies for mid-sized companies and Fortune 500 corporations may have included broader triggers for non-malicious outages caused by third-party software issues.” The outage was triggered by a software update on July 19, 2024, by cybersecurity firm CrowdStrike, which affected organizations worldwide using Microsoft Windows. This interruption had far-reaching consequences, including disrupting hospital systems, media outlets, financial institutions, delaying thousands of flights, and halting daily business operations. McMurtrie emphasized that while the initial impact of the outage was similar for both large and small businesses, the ability to recover operations and whether insurance covered the loss of business income varied. “Larger companies are more likely to have advanced disaster recovery plans that ensure service redundancy following unexpected outages,” he added. “Their insurance programs also tend to cover a wider range of incidents.” According to Microsoft, the CrowdStrike update error affected over 8.5 million Windows devices globally. The incident highlighted the interconnected nature of our global ecosystem, including cloud providers, software platforms, security services, and their clients. “It’s a stark reminder of the importance of prioritizing safe deployment and disaster recovery across the tech industry,” the company said in a blog post. McMurtrie pointed out that the outage’s widespread impact was largely due to its effect on organizations that are critical to societal infrastructure—sectors like agriculture, airlines, banking, energy, government, healthcare, manufacturing, and retail. “Insurance companies base their risk appetite on their ability to understand and price risks appropriately. This becomes increasingly challenging with emerging threats,” he said. “However, I anticipate that insurers will respond by clarifying policy language, refining risk selection criteria, and possibly developing new products specifically designed for this evolving exposure.”

Read More
Categories
Try your instant quote
Click here to proceed