Cyber

The Growing Need for Personal Cyber Coverage

Date: February 22, 2023 Author: Rinehart Insurance
personal cyber coverage

personal cyber coverageToday’s society has grown increasingly digital in nature, with many individuals leveraging smart devices within their daily lives. Although this technology can offer various benefits, it can also make individuals more susceptible to cybercrime. Such incidents have steadily become more common and costly. In fact, the FBI reported receiving more than 800,000 complaints regarding cybercrimes in the past year, totaling $4.2 billion in overall expenses.

These findings emphasize how critical it is for individuals to safeguard themselves and their families from cyber events. That’s where personal cyber insurance can help. Typically offered as an endorsement to a homeowners policy, this form of coverage can provide financial protection for losses resulting from a range of cyber incidents—including fraud, identity theft and data breaches. Keep reading to learn more about the growing need for this coverage and the key types of personal cyber insurance available.

The Growing Need for Personal Cyber Coverage

Technology has continued to advance in the past decade, playing a larger role in how individuals live, work, and entertain. A variety of online platforms have given individuals the ability to stream content, communicate with others, shop for goods and make electronic payments at the click of a button. Additionally, smart devices have allowed individuals to upgrade a number of household appliances (e.g., thermostats, fridges, doorbells and security systems). Altogether, this technology has contributed to the growing adoption of the Internet of Things (IoT), which refers to any devices that connect or send information to the internet. Looking ahead, insurance experts anticipate that the average household will possess as many as 50 IoT-capable gadgets by 2023.

While these devices certainly offer several advantages, increased technology utilization also comes with greater cyber vulnerabilities. As technology advances, so do the tactics of cybercriminals—resulting in more frequent and severe cyber events. Here are some of the most common cyber incident scenarios that individuals and their families may encounter:

  • Bank fraud—This form of fraud entails a cybercriminal gaining unauthorized access to an individual’s electronic bank credentials, allowing them to transfer and steal funds from the individual’s account. According to a recent report from NortonLifeLock, cybercriminals steal over $170 billion each year via bank fraud.
  • Identity theft—Such theft refers to a cybercriminal accessing an individual’s personal information (e.g., Social Security number or credit card number) and using it to commit fraud or other crimes under the individual’s name. The Federal Trade Commission confirmed that nearly 1.4 million complaints related to identity theft were filed last year, up 113% from the previous year.
  • Data loss—In the event that an individual’s device gets infected with a virus or other malicious software (also called malware), they face the risk of losing any valuable data stored on that device. Viruses and malware can come from numerous avenues, including harmful websites, dangerous email attachments or infected USB flash drives—thus making data loss a major threat.
  • Extortion—Ransomware incidents have contributed to a substantial rise in cyber extortion over the last few years. These incidents stem from a cybercriminal using malware to compromise an individual’s device (and any data stored on it) and demanding a ransom payment in exchange for restoration. In some cases, the cybercriminal may even threaten to publicly share the individual’s data if they don’t receive payment. According to cybersecurity experts, ransomware incidents have increased 500% since 2018, with the average ransom payment totaling over $300,000.
  • Cyberbullying—While social media platforms allow individuals to connect with others, these platforms can also, unfortunately, be used for negative purposes, such as cyberbullying. This type of bullying includes refers to harassment, threats or other intimidating language that occurs via electronic means. Although anyone can be a victim of cyberbullying, kids and teenagers are particularly vulnerable. The latest data from Pew Research revealed that 59% of teens have experienced cyberbullying.

Considering these risks, it’s clear that individuals can’t afford to ignore cybercrime. In addition to implementing effective cybersecurity practices (e.g., using trusted devices, browsing secure websites, conducting software updates, backing up data, creating unique passwords and knowing how to identify potential scams), having adequate insurance in place is crucial. By investing in personal cyber coverage, individuals can properly protect themselves and their families amid cyber-related losses.

Types of Personal Cyber Coverage

Personal cyber insurance varies between insurers. However, there are a number of key coverage offerings available:

  • Online fraud coverage—This coverage can offer reimbursement for financial losses that may result from the various types of online fraud, such as phishing scams, identity theft or unauthorized banking.
  • Online shopping coverage—Such coverage can help pay for the cost of any goods that were purchased online but arrived damaged upon delivery or didn’t get delivered whatsoever.
  • Identity recovery coverage—This coverage can provide reimbursement for the expenses associated with recovering from an identity theft incident (e.g., rectifying records with banks or other authorities, hiring a consultant to assist with credit restoration and taking unpaid time off from work to recover from the incident).
  • Data restoration coverage—Such coverage can help compensate the cost of having an IT specialist recover a device and restore any data stored on it if the device gets infected with a virus or malware.
  • Data breach coverage—This coverage can offer reimbursement for the necessary notification and recovery services in the event that private, nonbusiness data entrusted to the policyholder becomes lost, stolen or published.
  • Cyber extortion coverage—Such coverage can help pay for the expenses associated with responding to a ransomware event (e.g., consulting an IT specialist to mitigate the extortion attempt and restoring compromised devices or data).
  • Cyberbullying coverage—This coverage can provide reimbursement for the costs that come with recovering from a cyberbullying incident resulting in unlawful harassment or defamation of character. These costs may include psychological counseling services, legal advice, temporary relocation expenses and social media monitoring software. This coverage can also offer protection if an individual or their child faces engages in cyberbullying and faces subsequent legal action from the victim.

Because personal cyber insurance is still a relatively new type of coverage, it is usually only available as an add-on to an existing homeowners policy. Further, certain insurers only provide this coverage as an endorsement for high-value homeowners policies. Yet, some insurers may offer standalone personal cyber coverage. Moving forward, insurance experts expect the personal cyber coverage market to continue growing, allowing for more widely available policy options. In any case, individuals should consult trusted insurance professionals to discuss their specific coverage capabilities.

For further risk management resources and insurance solutions, contact us today.

Are You Using Penetration Testing To Keep Your Business Safe From Cyber Risks?

Date: September 1, 2021 Author: Rinehart Insurance
penetration testing

Keeping workplace technology up and running is vital to any organization’s success. While this task seems feasible, it’s growing harder and harder each year as cybercriminals expand their reach. It’s not enough to simply protect workplace technology with software and security protocols. It’s also critical for your organization to test the overall effectiveness of these protocols on a regular basis. That’s where penetration testing can help.

Essentially, penetration testing consists of an IT professional mimicking the actions of a malicious cybercriminal to determine whether an organization’s workplace technology possesses any vulnerabilities and can withstand their attack efforts. Conducting a penetration test can help your organization review the effectiveness of workplace cybersecurity measures, identify the most likely avenues for a cyberattack and better understand potential weaknesses.

Review this guidance to learn more about what penetration testing is, the benefits of such testing and best practices for carrying out a successful test within your organization.

What is Penetration Testing?

Put simply, penetration testing refers to the simulation of an actual cyberattack to analyze an organization’s cybersecurity strengths and weaknesses. This testing usually targets a specific type of workplace technology, such as the organization’s network(s), website, applications, software, security systems or physical assets (e.g., computers and smart devices). Penetration testing can leverage various attack methods, including malware, social engineering, password cracking and network hacking, among others.

Generally speaking, penetration testing is often performed by a professional from a contracted IT firm who is not associated with the organization being assessed in any way. This helps the cyberattack simulation seem as authentic as possible. Penetration testing is typically either external or internal in nature. The primary differences between these forms of testing are as follows:

  • External penetration testing requires the IT expert to attack an organization’s external-facing workplace technology from an outside perspective. In most cases, the IT professional won’t even be permitted to enter the organization’s physical establishment during external penetration testing. Rather, they must execute the cyberattack remotely—often from a vehicle or building nearby—to imitate the methods of an actual cybercriminal.
  • Internal penetration testing allows the IT expert to attack an organization’s internal-facing workplace technology from an inside perspective. This form of testing can help the organization understand the amount of damage that an aggrieved employee could potentially inflict through a cyberattack.

In addition to these testing formats, there are also two distinct types of penetration tests. How much information an organization provides the IT professional prior to the cyberattack simulation will determine the penetration test type. Specifically:

  • An open-box test occurs when the IT expert is given some details regarding the organization’s workplace technology or cybersecurity protocols before launching the attack.
  • A closed-box test occurs when the IT expert is provided with no details other than the organization’s name before conducting the attack.

Ultimately, the penetration testing format and type should be selected based on the particular workplace technology elements or cybersecurity measures that an organization is looking to evaluate.

Benefits of Penetration Testing

Penetration testing can offer numerous advantages to your organization, including:

  • Improved cybersecurity evaluations—By simulating realistic cyberattack situations, penetration testing can help your organization more accurately evaluate its varying security strengths and weaknesses—as well as reveal the true costs and of any security concerns.
  • Greater detection of potential vulnerabilities—If any of your workplace technology or other cybersecurity protocols fail during a penetration test, you will have a clearer picture of where your organization is most vulnerable. You can then use this information to rectify any security gaps or invest further in certain cyber initiatives.
  • Increased compliance capabilities—In some sectors, organizations are legally required to engage in penetration testing. For example, the Payment Card Industry Data Security Standard calls for organizations that accept or process payment transactions to execute routine penetration tests. As such, conducting these tests may help your organization remain compliant and uphold sector-specific expectations.
  • Bolstered cybersecurity awareness—Mimicking real-life cyberattack circumstances will highlight the value of having effective prevention measures in place for your employees, thus encouraging them to prioritize workplace cybersecurity protocols.

Penetration Testing Best Practices

Consider these top tips for executing a successful penetration test within your organization:

  • Establish goals. It’s crucial for you to decide what your organization’s goals are regarding the penetration test. In particular, be sure to ask:
    o What is my organization looking to gain or better understand from penetration testing?
    o Which cybersecurity threats and trends are currently most prevalent within my organization or industry? How can these threats and trends be applied to the penetration test?
    o What specific workplace technology elements or cybersecurity protocols will the penetration test target?
  • Select a trusted IT professional. Consult an experienced IT expert to assist your organization with the penetration test. Make sure to share your organization’s goals with the IT professional to help them understand how to best execute the test.
  • Have a plan. Before beginning the penetration test, work with the IT expert to create an appropriate plan. This plan should outline:
    o The general testing timeframe
    o Who will be made aware of the test
    o The test type and format
    o Which regulatory requirements (if any) must be satisfied through the test
    o The boundaries of the test (e.g., which cyberattack simulations can be utilized and what workplace technology can be targeted)
  • Document and review the results. Take detailed notes as the penetration test occurs and review test results with the IT expert. Look closely at which cybersecurity tactics were successful during the attack simulation and which measures fell short, as well as the consequences of these shortcomings. Ask the IT professional for suggestions on how to rectify security gaps properly.
  • Make changes as needed. Based on penetration test results, make any necessary adjustments to workplace technology or cybersecurity protocols. This may entail updating security software or revising workplace policies.
  • Follow a schedule. Conduct penetration testing at least once every year, as well as after implementing any new workplace technology.

For more risk management guidance and insurance solutions, contact us today.