Articles

Demystifying Cyber Insurance: Common Myths & Real-World Scenarios

Categories: Business Management, Innovations, Trends & Technology, ISSA Insights

In today’s digital landscape, the prevalence of successful cyberattacks amplifies the importance of cybersecurity and cyber insurance. This fact cannot be overstated as members of our industry have been recently targeted. Regrettably, prevalent myths often discourage businesses, particularly smaller ones, from realizing the genuine benefits of purchasing cyber insurance. Consequently, the absence of such insurance can lead small to midsize organizations to the brink of closure in the face of an incident. This underscores the need for organizations to forego the myths surrounding cyber insurance and face the realities of the cyber threats that exist today. Our cyber-protection partners, CyberControls powered by Elpha Secure, the first company to offer the combination of active cyber crime protection based upon proprietary software and free security tools together with cyber insurance offering robust coverages, are committed to ending the myths surrounding cyber insurance and championing its vital role of protecting small to midsize organizations. In this article, we are pleased to share how Elpha Secure addresses these common myths and showcases examples that affect organizations akin to ISSA members, underscoring the financial ramifications and the importance of cybersecurity in combination with maintaining cyber insurance.

Myths about Cyber Insurance

Myths 1: We’re too small to be a target.
Reality: Cybercriminals don’t look at small to mid-sized companies as undeserving of their criminal intentions. Quite to the contrary, the smaller company is right in the “sweet spot” of these criminals because these companies do not generally have the resources to adequately protect themselves. According to the FBI, the majority of victims of cyberattacks are smaller companies. Indeed, the FBI also reports that 50% of small companies have been the victims of cyberattack and over 60% of those attacked go out of business within 6 months. Smaller businesses are often more vulnerable due to their lack of robust security controls. The truth is cybercriminals engage in “spray and pray” campaigns, targeting thousands of organizations at once. These bad actors use advanced scanning technology to exploit common vulnerabilities and exposures (CVEs), akin to a cat burglar searching for open windows or unlocked vehicles. Small businesses need to understand that cybersecurity is essential for everyone, particularly the smaller businesses.

Myth 2: We barely exist online; we just use email.
Reality: Cyber threats are multifaceted and pervasive, affecting businesses in various ways. While you might think having a limited digital presence makes you immune, the truth is that online exposure encompasses more than just web activities. From employee negligence, disgruntled staff, and stolen paper records, to malware on websites and unsecured Wi-Fi networks, there are numerous entry points for cybercriminals. Even simple actions like opening a malicious email can trigger costly and debilitating incidents.

Myth 3: We outsource our IT and security so it’s their responsibility.
Reality: While outsourcing IT services is common, it does not absolve businesses of their risks. In the event of a data breach, your company remains responsible for the legal, regulatory, and compliance burdens. Cyber insurance covers the costs associated with mitigating breaches within policy limits, including remediation, notification, and regulatory compliance, ensuring that your business remains protected even when outsourcing IT services to third-party providers.

Myth 4: Cyber insurance is an unnecessary expense.
Reality: The cost of an incident can greatly exceed the premiums of a cyber insurance policy. This becomes evident when considering the potential financial losses, legal expenses, regulatory fines, and reputational damage that can result from a breach. Cyber insurance serves as a crucial safety net, allowing businesses to navigate the aftermath of an infiltration without enduring crippling financial consequences.

Myth 5: Cyber Insurance does not pay out.
Reality: The perception that cyber insurance fails to pay out is countered by statistics indicating that approximately 85% of cyber insurance claims are paid out according to the Betterley Report. Elpha Secure, which offers comprehensive Stand-alone Cyber Policies (in combination with its cyber protection plan), places a strong emphasis on transparency and cooperation to ensure the seamless processing of valid claims which are paid by the insurance company The efficacy of a cyber insurance policy hinges on variables like policy terms and the specifics of the incident, highlighting the significance of selecting a reliable provider and grasping the nuances of coverage for a streamlined claims process. The policies provided by Elpha Secure (through Bolton Street Programs) are with the most reliable providers of cyber insurance.

Myth 6: Our IT team is skeptical about new software offered by a cyber insurance provider.
Reality: Addressing skepticism within your IT department is crucial. Elpha Secure understands this concern and actively collaborates with your in-house IT persons or outsourced IT firms, as well as ISSA, to ensure alignment.  Before selecting our partners, CyberControls powered by Elpha Secure, ISSA engaged in extensive vetting and had the Elpha Secure system installed on ISSA’s own IT infrastructure. ISSA has monitored its systems with the installed Elpha Secure software as a “test” to assure ISSA’s management of the value of the program. The result is that ISSA unequivocally recommends to its small and mid-sized members that they, too, should be part of the program and benefit from the reliable and affordable protection against on-line intruders just as ISSA does. Additionally, Elpha Secure’s customer success team is ready to engage with your IT partners, educating them about its capabilities and providing answers to their questions. Elpha Secure offers free demo accounts to showcase the power of its security tools, and its compliance credentials, independent evaluations, and partnerships with major insurance organizations further reinforcing their credibility. If your IT resources or any outsourced vendors have any questions please contact Elpha Secure where its “concierge” level of personal attention will be available for you as an ISSA member.

Myth 7: We are unsure about our security needs and believe it’s too costly to address these needs.
Reality: Embarking on a cybersecurity journey can be overwhelming, especially for small businesses. Elpha Secure understands this hesitation and offers a range of tools designed to jumpstart your security measures. Included within the program’s policy premium, you’ll find multi-factor authentication (MFA) for remote access, backups, and endpoint detection and response—a real-time threat detector. Elpha Secure’s 24/7 Security Operations Center provides ongoing monitoring and support. Because Elpha Secure offers a proprietary suite of software tools, they are able to include them within the policy premium with no added technology or license fees. The suite of Elpha Secure’s services provided within the policy premium are not provided in any other insurance program. To get those services in addition to a basic cyber insurance policy, you would have to spend multiples of the cost of Elpha Secure’s combined cyber protection and cyber insurance. We are confident there are no other similar software solutions on the market at this price, especially with the additional discount for ISSA members.

Myth 8: Implementing security measures is too complex.
Reality: Implementing security measures doesn’t have to be complex. Elpha Secure simplifies the process. Their MFA and other tools have straightforward implementation processes. MFA, for instance, requires only a cell phone to confirm your identity. Their customer success team can guide you through the process, ensuring that your business gains vital security measures without hassle.

Myth 9: Software security tools are too invasive.
Reality: Elpha Secure understands the concerns about invasiveness and the “Big Brother” perception. Elpha Secure’s proprietary software is built for proactive cybersecurity, not intrusive monitoring, focusing on protecting your organization’s safekeeping while respecting your organization’s privacy. Elpha Secure adheres to industry standards for endpoint security and only collects standard information such as event logs, system processes, and network traffic to empower human-powered threat hunting, enhancing your organization’s security without compromising its privacy.

A Few Cyber Claim Examples—This could be you!

Phishing Attack on a Cleaning Contractor:
Scenario: A commercial cleaning contractor’s employees receive phishing emails purportedly from a regulatory authority, requiring immediate submission of sensitive customer information and payment details. Several employees fall for the scam, resulting in a data breach, customer complaints, and potential regulatory fines for mishandling personal information.

Estimated Loss: US$120,000 (including costs of investigating the breach, notifying affected customers, and potential regulatory fines)

Cyber Extortion of a Cleaning Solution Manufacturer:
Scenario: A medium-sized cleaning solution manufacturer faces a cyber extortion attempt. After opening their computers one morning, they are faced with the ransomware criminals’ welcome screen informing them that all their systems and have been taken and the demand for a huge ransom to regain control of the company’s systems. Hackers threaten to release sensitive intellectual property and proprietary formulas unless a substantial ransom is paid. The company struggles to decide whether to pay the ransom.

Estimated Loss: $1,500,000 (including costs of the ransom, investigating the breach, and reputation damage)

Data Breach at a Cleaning Supply Chain Partner:
Scenario: A cleaning supply company’s data is compromised when a third-party logistics partner experiences a data breach. The incident exposes sensitive customer and supplier information shared during supply chain operations, leading to reputational damage and potential lawsuits for negligence in vendor management.

Estimated Loss: $300,000 (including legal costs, customer compensation, and supplier relationship remediation)

Social Engineering: Fraudulent Invoice Scheme on a Cleaning Equipment Distributor:
Scenario: A cleaning equipment distributor falls victim to a social engineering attack when cybercriminals send altered invoices to the company. The fraudulent invoices lead to unauthorized payments to the attackers’ accounts, causing financial losses, supply chain disruptions, and strained relationships with suppliers.

Estimated Loss: $180,000 (including fraudulent payment losses, supply chain disruptions, and recovery efforts)

Navigating the ever-changing digital landscape requires dispelling myths that could potentially leave businesses exposed to cyber risks. ISSA is dedicated to protecting its members and has therefore created the new CyberSecurity Program with CyberControls and Elpha Secure to dismantle these barriers and highlight the essential role of cyber insurance for small to midsize businesses. By ending common myths, showcasing real-life claim scenarios, and offering access to robust cyber insurance coverage with proprietary security software, our members can be empowered with the knowledge and tools necessary to protect against ever evolving online threats.

To learn more about the ISSA CyberSecurity Program, click here.

About the Author.

Perry Tsao is Vice President of Cyber Claims at Elpha Secure.