NAIC Update: South Carolina adopts Insurance Data Security Model Law

Cyber Attacks – the ever-changing threat

Not a day goes by when our screens are not filled with news of a new cyber attack being reported. Where does it end? Why is this happening? And why are there so many?

Looking back at history, most of the criminals would target high profile entities, such as, Banks (armed robbery), Post Offices (armed robbery) and other lucrative targets. The digital world provides a conduit to companies and individuals which makes them an easier target, regardless of where they are in the world. There would be no reason to actually go to the location or indeed use any physical force. We are all connected via network cables spanning the globe relying on outdated usernames and passwords.

The weakest link in the network is often the users themselves. Internal threats are just as prevalent as the external ones. Individuals or groups, such as disgruntled employees, victims of social engineering, or people simply downloading and running a file not known to be a Virus or Malware are introducing intrusive software used by cyber criminals. It is this cross section of people who are frequently and inadvertently causing harm and allowing criminals to gain access to the network.

We have seen a whole host of differing incidents that have been coupled together under the one umbrella of “cyber”. The most common trend we see is what is known in the market place as ‘Fake President’ or ‘Spear Phishing’ emails. This is where funds are requested by what seems a legitimate source, but asks for them to be redirected to a new bank account. What we need to decipher is whether this is a cyber attack or is simply an error on the part of the employee.

On the flip side, we have seen system attacks where someone has gained unauthorised access to the network, by breaking the external security perimeter and has either stolen data or encrypted the contents (e.g. CryptoLocker). Both of these incidents, at face value, would be classified as pure cyber breaches. These breaches will cause the most disruption both on a technical level and a reputational damage perspective for a company or individual.

We are involved with working with Underwriters, Brokers, and Insurers on qualifying the cyber claims that hit their desk. The market is playing catch-up as this is a new service line which involves the same fundamental principles of a claim such as Property, but the trigger is the complicated part. We have been reviewing work that others have completed during the incident and advising the instructing party whether it is necessary, reasonable or classified as betterment.

From a personal point of view, I believe that cyber incidents are continuing to grow, but with all computer related claims falling under one umbrella, we are seeing skewed data / reports. New and improved security techniques need to be adopted along with on-going security awareness training for all staff from very junior to the CEO.

Bernard Regan

Related sections

Why do governments provide incentives?
Next up

Why do governments provide incentives?