Use this guide to determine your data risks, then learn how to choose a good cyber insurance provider. The Two-Fold Approach that Protects Your Company from Cybercriminals A Guide to Cyber Insurance & Business Continuity for Business Owners By Hilary Buckley NetUp IT - White Paper Protect Your Company from Cybercriminals2 Contents Executive Summary ..................................................................................... 3 Protecting Your Company ......................................................................... 3 A New Age of Cybercrime ............................................................................ 3 Cybercriminals Can Come from Anywhere ............................................... 4 The Dangers of Cybercrime ......................................................................... 4 1. Cybercrimes High Costs ....................................................................... 4 2. Easy Criminal Access ............................................................................ 5 3. Staff Misinformation ............................................................................... 5 How Can You Protect Your Business? ........................................................ 6 What Is Business Continuity? .................................................................... 6 What Is Cyber Insurance? ......................................................................... 6 What to Expect from Cyber Insurance ......................................................... 7 What to Look For ....................................................................................... 7 Benefits ........................................................................................................ 8 Financial Help in the Event of a Cybercrime ............................................. 8 Protection in All Places, at All Times, on All Covered Devices ................. 8 Guaranteed Increased Data Protection and Possible Cost Incentives ...... 9 How to Choose a Good Provider ................................................................. 9 Take Your Next Step .................................................................................. 10 NetUp IT - White Paper Protect Your Company from Cybercriminals3 Executive Summary Businesses today face difficulties far surpassing any of their previous challenges. In the past, companies were able to protect private customer information with careful management and well-secured offices. Now, no matter the security measures in place, cybercriminals are able to steal computer files with seeming ease. Even worse, companies attacked in these "cybercrimes" have an obligation to inform the public, which brings down their brand reliability and can negatively impact sales. To complicate the matter, companies today are not just at risk when their information is maliciously stolen. If companies misplace critical information or if they open data up to attack through simple user errors or absentmindedness, they are still held liable by the federal government to inform their clients and the general public that they have faced a potential security breach. Protecting Your Company The best way to safeguard your company against data theft is to take a two-fold approach. First, get a good business continuity solution that backs up your client information, orders and transactions, and other valuable data, in case you do become the victim of a cyber attack. This helps ensure that your data, the lifeblood of your company, will survive even if the criminal destroys your hardware as evidence. Second, make sure that you can cover the significant costs of a data breach by choosing a reliable cyber-insurer. This white paper will focus on cyber insurance: why coverage is important, what a good cyber-insurer will offer, and what you can do to leverage your cyber-insurance costs. A New Age of Cybercrime In 2014, it seemed that every day, or at least every week, the news reported another data breach. Most of us remember constantly worrying as we read the news. "Have I shopped there? we wondered. Did I use my credit card? Which credit card did I use? Is my personal information exposed?" It is 90% more likely that a data breach will shut you down than a fire.John SciroccoScirocco Group InsuranceNetUp IT - White Paper Protect Your Company from Cybercriminals4 Luckily, most of us escaped from the data-breaches unscathed. However, that wasn't everyone's experience. The shoppers who weren't as lucky had to deal with surprising costs and effort to remedy their losses. In some cases, customers were unable to restore their financial records to pre-breach strength. Cybercriminals Can Come from Anywhere Companies that suffer from data breaches conduct both business-to-consumer (B2C) and business-to-business (B2B) transactions which gives criminals access to valuable network-access data they can use to leapfrog into the systems and records of connected businesses. In fact, thats how Target was attacked. One of their vendors had been the victim of a cyber attack, and the vendors relationship with Target led to one of the largest data breaches in corporate history.1 The Dangers of Cybercrime It's a fact that small businesses are hit more often by cybercrime. According to a 2013 Ponemon Institute study, more than half of US businesses with less than $10 million in revenue reported at least one data breach, and 53% of those businesses were compromised multiple times throughout the year.2 True business protection is more than just making sure you have the right policies in place. It also includes protecting your company against cybercrimes high costs, cybercriminals easy access to data, and staff misinformation. 1. Cybercrimes High Costs The breach-recovery process is expensive. Not only does cybercrime cause business interruptions, cybercrime-related costs typically include public relations, litigation, ongoing customer protection, government investigation fees, and many other unexpected expenses. Suffering from a combined lack of funds and high costs, more than 60% of small businesses fail within six months of a cyber attack.3 For small businesses, the average cost of a data breach was $36,000 - $50,000,4and IBM reported that data breach costs had risen 23% by 2015.5 1 BrianKrebs,TargetHackersBrokeinViaHVACCompany,KrebsonSecurity(blog),February5,2014,http://krebsonsecurity.com/2014/02/targethackersbrokeinviahvaccompany/ 2 HartfordSteamBoiler,SurveyShowsSmallBusinessesHaveBigDataBreachExposure,newsrelease,March6,2013,http://www.munichre.com/HSB/pr06032013/index.html 3 RobertStrohmeyer,Hackersputabullseyeonsmallbusiness,PCWorld,August12,2013,http://www.pcworld.com/article/2046300/hackersputabullseyeonsmallbusiness.html 4 FirstData,SmallBusinesses:TheCostofaDataBreachIsHigherThanYouThink,May2014,https://www.firstdata.com/downloads/thoughtleadership/Small_Businesses_Cost_of_a_Data_Breach_Article.pdf 5 IBMandPonemonInstitute,2015CostofDataBreachStudy:GlobalAnalysis,May2015,http://www01.ibm.com/common/ssi/cgibin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03053WWEN&attachment=SEW03053WWEN.PDF NetUp IT - White Paper Protect Your Company from Cybercriminals5 By protecting your data and your business properly, you can lower all of your cybercrime-related costs significantly. 2. Easy Criminal Access According to Symantec, 40% of small and mid-sized businesses have no data protection plan at all, though cybercrime continues to rise.6In addition, a 2014 survey of 1,257 executives determined that the average company had about 2.7 services in the cloud.7 Those numbers also continue to rise. These two statistics suggest trouble ahead for SMBs. Though cloud storage is extremely secure, when you access your data using an unsecured network, such as a coffee shop, hotel, or at home, everything you have access to may also be available to thieves. In each of these places, youre likely to enter passwords, download reports, and access client data any of which, if captured, would count as a data breach. 3. Staff Misinformation To explain why data security policies are so important, you must understand where data security fails in your own business. Usually, your employees constitute the weakest link in your security practices; human errors are responsible for 45% of computer downtime.8 Not only do employees commonly open suspicious emails or attachments, they visit unsecured websites, sign in to password protected wireless routers, such as a home or coffee shop network to access data, and endanger your company data in many other ways. It is a rare staff that contains the knowledge or skills to even identify a data breach. There are ways to protect your data no matter where you are. However, unless youve trained your employees to use safer methods, they wont. These three problems creates significant risk for cyber insurers. If your insurers job is to provide coverage when your data is compromised, they may be hesitant to do so if your company is putting that data at risk with lax security practices. To make an analogy: If your house insurance policy kicks in when your house burns down will they still owe you if set the curtains on fire? 6Symantec, 2011 SMB Disaster Preparedness Survey: Global Results, J anuary 2011, http://www.symantec.com/content/en/us/about/media/pdfs/symc_2011_SMB_DP_Survey_Report_Global.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2011J an_worldwide_dpsurvey 7Evolve IP, Cloud of Dreams: The Adoption of Cloud Services 2014, accessed J une 3, 2015, http://pages.evolveip.net/2014-cloud-of-dreams-survey-bundle.html 8J oseph McKendrick, Enterprise Data and the Cost of Downtime: 2012 IOUG Database Availability Survey, J uly 2012, http://www.oracle.com/us/products/database/2012-ioug-db-survey-1695554.pdf NetUp IT - White Paper Protect Your Company from Cybercriminals6 How Can You Protect Your Business? Its clear that todays companies face many possible data security pitfalls. To lower your costs for lost or exposed data, the two-fold approach of business continuity protection and cyber insurance may be the right choice for your business. What Is Business Continuity? For a first line of defense, most businesses turn to Business Continuity services. With access to a comprehensive business continuity solution, businesses get automatic backups, data encryption, in-depth email and Web threat blocking, as well as virus, spyware, and malware protection. These coverages help businesses protect their own data so that it stays safe in the event of theft or a disaster. If you think your antivirus software protects your company, think again. In May 2014, Symantec, the maker of Norton antivirus, admitted that anti-virus software can no longer detect most malware attacks and that antivirus products miss more than half (55%) of cyber attacks.9 With the high prevalence of cyber attacks, it is now nearly impossible to predict exactly where and how hackers will strike. In many cases, businesses can't even identify when a hacker has struck and it can be months or years before a data breach is discovered. The Heartbleed bug lay inside the code of millions of websites for two years before it was exposed in 2014. Cybercriminals are nearly unstoppable. Thats why your business needs a safe way to manage the fall-out if you do become the victim of a cyber attack. That's where cyber-insurance comes in. What Is Cyber Insurance? Cyber insurance is a specific part of a business insurance package that covers your company if you and your customers suffer a data breach. Cyber insurance differs significantly from the insurance youre used to because it must offset users who do not understand how to maintain a safe environment, and it must protect them at all times and in all places. If your business is insured against fire damage, your insurance company is responsible for protecting one location (your business address) if it happens to burn down. Cyber insurance protects your virtual locations, meaning that it covers your business in the event of a website or data breach, and also offers liability insurance to help cover the costs that your customers may incur if your company is attacked. 9 SamuelGibbs,Antivirussoftwareisdead,sayssecurityexpertatSymantec,TheGuardian,May6,2014,http://www.theguardian.com/technology/2014/may/06/antivirussoftwarefailscatchattackssecurityexpertsymantec NetUp IT - White Paper Protect Your Company from Cybercriminals7 What to Expect from Cyber Insurance Cyber-insurance takes two distinct forms: first party coverage, which covers your personal company and assets; and third-party protection, which covers losses that directly affect your customers or the government. Cyber insurance reimburses your company (up to a capped amount) for: Claim expenses Privacy event expenses Extortion payments (such as Cryptolocker ransomware) Privacy regulation investigation expenses First-party loss Surprisingly, all this coverage is affordable as well. For only a $5,000 - $10,000 deductible, your company should be able to get comprehensive coverage with a high cap that will protect you even in the worst cases of cybercrime. What to Look For Make sure that your business is covered in these five crucial areas. When you meet with a cyber insurer, ask them about other options that may apply to your specific industry. 1.Media Liability Coverage Protect your business from allegations of defamation, libel, slander, emotional distress, invasion of privacy, copyright infringement, and more. Coverage extends to website and social media, as well as non-electronic forms of media. 2.Network Security Liability Coverage Protect your finances from third-party claims that result when your computer system is inaccessible, experiences unauthorized access, suffers a Denial-of-Service (DoS) attack, or if your email becomes the victim of a destructive virus. COVERAGE TO CONSIDERMedia LiabilityNetwork Security LiabilityPrivacy Injury LiabilityPrivacy Regulations LiabilityPrivacy Regulation FinesEvent ExpenseExtortion DemandRegulation InvestigationCrisis ResponseBusiness Interruption and ExpenseFirst-Party Network Loss or DamageBasic E-theftNetUp IT - White Paper Protect Your Company from Cybercriminals8 3.Privacy Injury Liability Coverage If you inadvertently release personally identifiable information (PII) or protected health information (PHI) through cyber theft or user error, this coverage will help your business recover from notification costs, PR costs, litigation costs, and more. 4.Privacy Regulation Proceedings Coverage When the government has reason to suspect youve been the victim of a cyber attack, they come knocking on your door and demand to look at your systems. Their investigation process is costly and disruptive, and this coverage helps you with that. 5.Privacy Regulation Fines Coverage Protect your business if your records are suspected to be non-compliant with federal, state, local, or foreign statute or regulations. This is costly and your business could be paying $18,000 per week because the way you run your records is opening them up to release. Benefits With a combination of Business Continuity services and cyber insurance, businesses can protect against all the main dangers of cybercrime. Financial Help in the Event of a Cybercrime With mounting costs for litigation, PR, ongoing credit and fraud monitoring in addition to the loss of funds and loss of income having peace of mind that the costs of a data breach wont destroy your business is important. Its easy and affordable to get the data protection that big businesses have, and its also affordable to get cyber insurance coverage. Many cyber insurance plans hold low premiums while offering impressive levels of coverage. Protection in All Places, at All Times, on All Covered Devices Because cybercriminals are always active, its a smart idea to guard your companys data everywhere, at all times. As in most cases, the best cyber defense consists of a good offense. With a business continuity solution that offers you 24/7 protection and backups at least every 15 minutes, you know that your data will be protected and secured, no matter who accesses it. Mobile device coverage is also a smart choice in todays BYOD world. With this coverage, you and your employees can use your devices freely. If a laptop, tablet, or smartphone is lost or stolen, mobile device plans offer the option to instantly wipe your company data from it. NetUp IT - White Paper Protect Your Company from Cybercriminals9 Guaranteed Increased Data Protection and Possible Cost Incentives To get the best deals on cyber insurance coverage, you should be able to prove that your business has taken steps to lower your risk. Having a strong business continuity solution in place, paired with email and web security services and domain-name-level blocking shows your cyber insurer that you mean business. Though these measures all help to protect you from staff errors, again, the best defense is a good offense. If your staff has been trained to be caution on the Internet and your company has clear policies in place that follow best-practices recommendations, cyber insurers may offer you negotiation wiggle room. How to Choose a Good Provider To find the best cyber insurer for your needs, look for: An established company Clear policies and an understandable insurance quote A range of coverage options If you want total protection from your cyber insurance (and possibly some leverage in negotiation) you have to have a protected system. In fact, as this white paper has shown, cyber insurance works best and is most cost effective when it's carefully supported by a network security policy that follows best practices. When you need a network security solution that works, you want NetUp IT. The Complete Protection of NetUp IT With NetUp IT, your business is covered from data loss in the event of a fire, flood, hurricane, cybercriminal, and more. With NetUps round-the-clock coverage, your business will get: Multiple Backups Backups are stored both on- and off-site, with images, so your data is secure at all times and so that you can find the trail of even hard-to-find cybercriminals. Over 20 Years of Experience Ease your cyber insurer's worries by working with an established and trustworthy business continuity provider. Our CompTIA Trustmark shows that youll always get the service and protection you were promised. Complete Business Continuity Solutions With email and web security services, domain-name security for protection on the go, on-call emergency services, and round-the-clock network monitoring that protects your business from threats, you can trust that your data is protected no matter what. NetUp IT - White Paper Protect Your Company from Cybercriminals10 Take Your Next Step Instead of worrying that you or your staff may have unintentionally exposed your data, take action. Learn exactly where your data policies or practices have failed. Confidently negotiate your business cyber insurance plan. Be prepared with the information you need. Schedule your free Network Security Assessment to learn: Where your network stands now Your companys current cybercrime risk Where your company does well in cyber security... and where youre not as secure Get the facts you need to get your perfect cyber insurance quote. Start with a free Network Security Assessment from NetUp IT. Schedule Your Free Network Security Assessment http://netup-it.com/free-network-assessment-new-jersey/ NetUp IT helps clients build, maintain, manage, and secure corporate IT infrastructure and networks in the New Jersey and New York Metropolitan area. Visit us on the web at www.netup-it.com.