Targeted hacks, phishing, malware, viruses and other attacks aimed at information technology systems are an everyday occurrence. While the first line of defense is trained personnel, businesses need to be aware of the availability of insurance, and how it can be used to mitigate losses from cyberattacks.
These attacks come in 10 main forms:
- Denial of Service (“DOS”) Attacks – an attack that overwhelms a business’s system, causing it to crash.
- Man in the Middle (“MitM”) Attacks – an attack that allows the hacker to intercept communications from the business to its server.
- Phishing – the sending of emails that appear to be from trusted sources in order to gain personal information or influence the receiver to do something.
- Drive-by Attacks – an attack that embeds code into unprotected websites that automatically downloads malware to the servers of anyone who visits that website.
- Password Attacks – an attack designed to ferret out passwords.
- SQL Injection Attacks – an attack that injects SQL code into a business’s data repository, thereby diverting that data to the hacker.
- Cross-Site Scripting Attacks – an attack targeted at collecting metadata from a user’s browser.
- Eavesdropping Attacks – an attack that collects information as it is transmitted over a network by a computer, smartphone, or another connected device.
- Birthday Attacks – an attack that uses an algorithm to undermine the authenticity mechanisms of messages or signatures so that a substitution cannot be detected.
- Malware Attacks – an attack that involves downloading malicious software onto a user’s system.
Work-From-Home (“WFH”) programs implemented during the COVID-19 pandemic have increased the threat of cyber attacks for countless workplaces. A report released last year by the Solicitors Regulation Authority, based on a survey of 40 law firms in the UK, revealed that three-quarters of British law firms were targeted by hackers in 2020, with over 4 million pounds of client and firm funds stolen from the surveyed firms.
Other losses take the form of forced business shutdowns, productivity losses, lost revenue from destroyed billing records and the public dissemination of confidential personal and business information.
Facing increased risk, businesses vulnerable to cyber attacks have turned to eInsurance, or cyber insurance, for coverage. Twelve of the firms in the UK survey had eInsurance, and 3.4 million pounds of their losses were covered. Since WFH has became the new normal, the industry has blown up; eInsurance enrollment increased more than 950% in 2020.
Cyber insurance is a relatively new specialty coverage. In addition, existing coverages, first party and liability policies may offer coverage depending on the type of loss.