Imagine coming into work one day, you turn on your computer, grab a coffee and when you come back you can’t log on. Up pops a notification. You’ve been hacked and your details are being held ransom by a hacker. Your heart starts racing - all of your client details and the company’s private data are in your system.
Sadly this isn’t a fictional tale. It happens to businesses globally every day, and the threat of ransomware and hacks is only increasing. In just the past week a number of hospitals in the United States have fallen victim to the latest culprit, Locky. And we only know about it because they’ve made it public - it’s impossible to know how many companies have been victims of attacks, but are keeping the data breaches quiet to protect their reputation.
Locky is a ransomware that takes over computer systems and forces victims to cough up bitcoin dollars to get a passcode to unlock the system. The malicious ransomware is a hidden code being spread by seemingly innocent Word documents. Updated virus scans are picking it up today - but more malware will be released tomorrow. And the next day.
The fact of the matter is that the chances of a business being hacked are increasing by the day. The 2015 Government Security Breaches survey in the UK found 74% of small businesses reported a security breach in the last year. But it’s not just small business that are at risk, there’s been a rise in all data breaches across businesses of all sizes. Industry predictions are that 80% of companies are likely to suffer a data breach within 12 months. And here in Australia we’re the second most likely, after the USA, to get attacked with ransomware — An estimated 50-60% of the globally generated attacks [using] ransomware were detected in Australia. While prevention is paramount - if the damage is done you need to recoup the financial loss your business has suffered.
We took some time out to speak with Jared Gilkison, a Senior Insurance Broker at R&M Insurance Brokers about cyber insurance options for businesses. He and his team will be exhibiting at CeBIT this year — if you’re interested in learning more about Hacker Insurance don’t miss them!
What are the benefits of getting cyber insurance for business?
Insurance exists to protect business against unforeseen loss. It's purpose is to reinstate them to their original position. This product is no different and will cover the cost to rectify the situation and restore the business to its financial and operational position before they were hacked.
What does Hacker Insurance actually cover?
- A client's financial loss associated with downtime
- Replacement of hardware/software
- Third Party reimbursement claims (eg. if credit card details were stolen and used)
- Necessary ongoing credit monitoring of those credit cards
- Costs associated with reputational loss to our client
How many claims of this nature do you see in a 12-month period? Has there been an increase in the past few years?
Claims are still low because of a lack of awareness that this product exists. Even worldwide claims data is limited because businesses will attempt to bear the cost themselves, and keep the intrusion away from the attention of their clients.
It’s worth noting that new legislation is currently being considered. It would mean that all business with turnover greater than $3million will, by law, be required to notify their clients of all data breaches. This will change the way that business approaches the problem and is also part of the insurance offering.
What kind of organisations does this insurance work best for?
It's a universal product. Very few businesses operate without the internet these days. Obviously online retailers are extremely susceptible and it's of great benefit to them. Having said that, anyone who holds customer details, financial records or relies on email access will benefit from Hacker Insurance protection to look after them.
What kind of claims have you seen in the past 12 months?
Two come to mind.
Our most recent claim is a transport company who was hacked by a disgruntled employee. They were unaware that their ordering system had been compromised for more than 30 days. Orders being placed by their clients, which are predominantly supermarkets, were not being received and it was only noticed after complaints were made when supermarket shelves were depleting.
It's not a quick fix to fulfil unrecognised orders, and our client had to work 24hr shifts for more than 7 days to rectify the situation. Insurance paid for additional wages, replacement of computer hardware and ongoing reputational restoration. The current costs paid by insurance are in excess of $250,000. We're proud to say that Hacker Insurance Cover has saved our client from significant financial hardship and cash flow issues.
The second is a current small claim from an accountant who was locked out by ransomware. They did not pay, but had their IT guys restore their system. Hacker Insurance Cover fully paid for the IT invoice.
What would you say to organisations on the fence about getting this type of insurance?
Insurance is always an expense that needs to be considered within the context of an individual business' risk management strategy. Sometimes it's just not necessary and we completely understand that. So it's a cost that needs to be considered and it's not for everyone. However, financial loss from a malicious IT breach has recently become business’ number one most likely risk. So if you are going to purchase any insurance at all, next to public liability, this is your most valuable risk management strategy.