by Joy Beland and KnowBe4.

The WanaCry ransomworm has caused insurance companies really to take notice.  Customers have started to file damage claims, however it is a bit early to see the insurance industry's full exposure to this recent malware pandemic. For insurers, the main threat regarding WanaCry is not about any one individual company that gets infected - but rather as an aggregated risk.

The estimated total financial damage caused by WanaCry in just the initial four days would exceed $1 billion, looking at the massive downtime caused for large organizations worldwide.

Cyber-security policies are a fast-growing new insurance market, and pundits predict 5 billion in premiums by 2020. Organizations buy policies so that in the event of a data breach or ransomware infection they can file a claim and get help to recover costs and remediate damage.  But... How About Pre-existing Conditions?

That’s what we’re looking at now, because the WannaCry worm is causing the insurance industry to protect themselves and redefine some terms.

"Insurers underwriting cyber-risk can handle ten losses or a hundred losses, but when there is a major systemic event that can lead to thousands or tens of thousands of simultaneous claims," Millaire said in an E-Week article, "at that point there are solvency issues that can threaten the future of an insurer."

So insurers try to limit their risk, similar to medical insurance where the issue of pre-existing conditions has seen a lot of controversy.  It just makes sense, right?

Three Things to Be Aware of in the Fine Print

There are several issues you need to be aware of when you buy a cyber security policy, or when you review your existing policy:

  • Is a known vulnerability that you have not patched a pre-existing condition? This is pretty critical to pay attention to, as the tolerance for what is considered “patched to the most recent standards” varies from carrier to carrier.
  • Should an un-patched system be covered under a clause for errors and omissions? Most likely, it is not.
  • When an employee falls for a phishing attack which infects the network, or CEO Fraud

(paying money to a fake recipient after being tricked in an email interaction) is that covered?  Again, most likely not, in the standard policy.  These are policy add-ons that need to be purchased, in most circumstances.

"Different policies will respond in different ways on what is covered and what is not," means you need to have your legal and IT department look into this carefully.

That’s why we created our Pro Security Assessment and Security Awareness Staff Training programs.  Both of these solutions can help secure a new Cyber Liability policy and, in some cases, reduce the premiums.

We’ve been LA’s go-to firm for the Security Awareness Training for over two years now.  At only 60 minutes long, this customized, interactive education about the threats facing your business is engaging and packed with valuable tools. Most of our clients make it mandatory for their entire staff to attend.

We customize the training to your business! Prior to this session we will review with you your company culture, and go over your existing Acceptable Usage Policy to make the most out of your Staff Training. We’ll also ask permission to secretly phish email your staff, to have some real stats for how many people unwittingly opened an attachment or clicked a link they shouldn’t have.

What will they learn? Here’s just a partial list of what we cover, with real-life examples!

  • What to watch for when opening email attachments and links?
  • How to do a safe web search?
  • Incident response – what do you do when you suspect an infection?

And our Pro Security Assessment has helped dozens of LA Businesses to circumvent a serious data breach or infection.  We systematically review, test, and compile the data about the internal and external network you maintain, then produce a digestible but detailed report on our findings with suggested remediation tactics.  The assessment is thorough and surprisingly affordable.

And, of course, we have outstanding references for both of these solutions. Click or call us at 424-789-8208 to learn more or request a quote.