cyber attack magnifying glassWhile I wrote this article for a wine industry audience, the information in it is relevant to every company that is in any way connected to the internet. You should consider whether your insurance coverage adequately addresses your actual cyber risks today.

Cyber insurance can cover some of the more well-known risks, such as the costs to investigate and respond to the loss or theft of personally identifiable information. But cyber insurance won’t cover everything. It often will not cover bodily injury and property damage due to a cyber attack, which now is a real risk for certain companies whose critical infrastructure or products are internet-connected. Cyber insurance can provide business interruption coverage due to a cyber attack, but this coverage is often quite limited, though broader and better coverage is now starting to emerge in the market.

As a result, my article suggests that companies take a close look at what their real cyber risks are and then holistically review their insurance programs (not just the cyber policy, but also “traditional” policies such as property insurance) to ensure they are adequately protected.

Read the full article on fbm.com: Winery, Vineyard Cyber Attack Risk Grows With Web-Connected Systems

shutterstock_109214660-Cyber-Attack-BlogThe Internet of Things gives rise to many risks and exposures that companies and their insurers were not thinking about as recently as a couple years ago, and probably aren’t fully cognizant of today.

The DDoS attack late last week on internet infrastructure company Dyn should act as a wake-up call.  It shows how large and disruptive a cyber attack can become because of all the seemingly benign “things” connected to the internet.  And it should cause companies to think about what their risks really are and whether their current risk management approaches address them.

Just one example from this latest attack – I’m reading that one or more of the manufacturers of the devices that were used as bots in this attack must recall a very large number of products because the passwords (which were easily cracked) cannot be changed by the user.  The software that runs those products came ready installed on components bought from China, and it is this software that contains the vulnerability.  Now that the passwords are known, the devices can no longer be considered secure.  Maybe the manufacturers have product recall insurance or maybe they don’t.  But they likely never thought they would have to conduct a product recall under these circumstances and whether such a recall might be covered under their current insurance program.

Protect your company by:

  • Understanding your company’s IoT exposures.
  • Using your company’s broker and coverage counsel to review all insurance policies with IoT exposures in mind and negotiate favorable policy terms.
  • Revisiting the policies annually at renewal time because of quickly changing risks and policy terms.

Law firms are important gatekeepers between cybercriminals and clients’ sensitive data. The release of the Panama Papers and several other recent high-profile breaches have brought to light vulnerabilities in law firm cyber security.

I recently participated in a podcast with journalist Ben Hammersley and eSentire’s VP and industry security strategist Mark Sangster. Our discussion focused on cyber risks that law firms face and risk mitigation strategies to protect themselves and the data they hold, including cyber insurance.

Listen to the podcast here