Cyber-attacks are increasing in frequency and sophistication. Businesses of all sizes are at risk causing coverage to broaden with blanket contingent business interruption and no sublimit or custom policies.
In order to secure a renewal or new business quote, companies must have:
- Multifactor authentication (MFA)
- Closed (remote desktop protocol (RDP)
- Endpoint Detection & Response Solution
Cyber Market Conditions
Cyber has continued hard market conditions due to losses and increased systemic risk conditions but is seeing signs of moderation. Attackers will target anyone from executives to human resources, trying to access the most sensitive information.
Preparing for a Cyber-Attack
- Asses your company’s risk and ensure you have the appropriate security software.
- Have employee trainings and send out fake phishing emails to test your workers and show them how real some attacks can seem.
- Make sure you have a written response plan and test your system with common scenarios to ensure you are most effectively prepared for an attack.
Most Common Types of Attacks
Social Engineering, commonly known as Phishing is how 93% of all breaches start, typically with an email or phone call pretending to be someone else. By clicking on a link or opening attachments, attackers can deliver malware and viruses. Employees are targeted the most with phishing as they are the weakest link in IT security.
Ransomware attacks affected 51% of businesses in 2021 and majority resulted in data being encrypted. These attacks target your computer and limits access until you pay ransom with the average amount being around $800,000. With the cost of ransom increasing, the total average cost of claim in 2021 was $1.85M. A majority of the time ransom is paid and data is given back. However, the costs don’t end after paying a ransom. There are loss and claim costs adding to the cost if the attack.
What to do?
Insurers are starting to revise their models to factor in a higher frequency of attacks. Work with and train your employees to prevent cyber-attacks from happening in the first place. Employee training for identifying spam emails could be key to protecting your business again a cyber-attack. If a breach does happen, having a written and tested response plan will help the process go more smoothly.
Work with a Marsh McLennan Agency (MMA) advisor to develop a cyber strategy and policy structure.