JBS attack
In June 2021, JBS, the world’s largest beef supplier and meat processing company, was a victim of a Russian cyberattack. The attack caused operations in 13 of JBS' processing plants across three countries to stand still.
The company reportedly paid $11 million in Bitcoin to the attackers once back online to prevent a future attack and protect customer well-being.
Colonial pipeline attack
In May 2021, Colonia Pipeline, the largest supplier of gas on the eastern coast of the United States, discovered malware on its systems.
On May 7, pipeline operations halted, impacting customers who had to wait hours to fill-up their tanks, if they were able to find gas at all. The disruption lasted until May 17, when full operations were restored.
The breach cost the company $4.4 million in Bitcoin. Company leadership resorted to hiring a consultant to negotiate with the attackers.
How does a data breach affect bank loan covenants?
In the past, banks would ask businesses for a copy of the balance sheet, financials, and quarterly projections.
In an increasingly digital and virtual world, financial institutions are considering plans to incorporate requirements to obtain an organization’s cyberattack plans and any investment in cyberattack insurance.
Banks and other depository institutions will evaluate their customer base. Based on risk assessment — the nature and volume of customer data held by a business, for example — the institution will assess the level of requirement as to any cybersecurity-related covenants. The requirements will largely depend on the nature of the borrower’s business.
Commercial business loans obtained from businesses that deal with large amounts of customer data will generally be the focus of a financial institution’s requirement for cyberattack plans and proof of cyberattack insurance. While cyberattack insurance isn’t mandatory, that does seem to be the direction banks are headed.
Consider the following example. You’re a small business that’s hit by a breach. You ask the bank to loan you money to mitigate the costs. It doesn’t impact the bank, but it does impact you.
How does a data breach affect vendor liability?
With so many organizations relying on third-party service providers to handle employee and customer data, it’s important to be aware of your liabilities as an organization.
Vendors are increasingly limiting their liability during contract negotiations, which leaves your company responsible if a breach with your vendor releases medical data, payment details, or other personally identifiable information of your employees and customers.
Some new laws, such as the California Consumer Privacy Act passed in 2020, make it possible for victims to file lawsuits for damages. In most cases, however, the entity responsible for controlling the data is primarily the one liable.
How does a data breach affect insurance premiums?
Companies are subject to greater underwriting scrutiny and ultimately increased premiums as attackers become more innovative and their attacks more sophisticated. This trend is anticipated to continue.
When it comes to cyber liability insurance, it’s important to understand the connection between controls, insurance companies, and underwriters when determining cost — and how solid cybersecurity policies could bolster your banking relationships, which can potentially lower your cyber liability premium.
A U.S. Government Accountability Office (GAO) report on Cyber Insurance: Insurers and Policyholders Face Challenges in an Evolving Market revealed that more frequent and severe cyberattacks resulted in increased demand for cybersecurity coverage and higher insurer costs. In a survey of insurance brokers, more than half of respondents’ clients saw prices go up 10%–30% in late 2020.
