Recent data breaches like those involving
Aussie Travel Cover, US retail giant Target and Sony have received attention for the size, scale and sophistication behind the attacks.
Hackers are portrayed as well-moneyed operatives with a great degree of skill and stealth – yet in the majority of cases, hackers succeed due to simple errors on the part of company owners and employees.
According to two new reports from Verizon Communications and Symantec Corp., an overwhelming majority of cyber attacks occur because employees open or click on links in tainted emails, employers fail to address software flaws or technicians don’t properly configure their systems.
In fact, the Verizon Communications report found that more than two-thirds of the 290 hacking cases in 2014 involved phishing, or trick emails.
By getting employees to click on bad links or attachments, hackers are able to steal employee credentials and access company networks, files, programs and customer information.
Phishing is so effective, hackers succeed in accessing corporate databases 90% of the time – even when sending tainted emails to just 10 employees.
“There’s an overarching pattern,” Verizon scientist Bob Rudis told Reuters.
The Symantec Corp. report, meanwhile, found that despite the success rate of phishing operations, they often fly under the radar from online defenders due to their lack of sophistication.
Once inside the system, however, the schemes increase in efficiency and are able to write customized software to further avoid detection.
The report also suggested that hackers are increasingly using “ransomware,” a form of software that encrypts computer files and promises to return them only if the user pays a ransom. Even then, only 20% of hackers actually decrypt the files.
In the midst of these changing trends and increasing costs, interest in cyber insurance is increasing – though not sufficiently. That’s where independent agents may be able to assist.
“The demand [for cyber] is increasing, but not at a rate we think is quick enough,” said John Tiene, who represents thousands of agents in the Northeastern US as CEO of Agency Network Exchange (ANE).
“Our job is really to educate the business owner as to the variety of exposures they are presented with and help them understand how the coverage can protect them.”
Most important is ensuring agents are sufficiently comfortable with the cyber product to discuss it with clients. Going forward, failure to discuss cyber protection could be a major E&O exposure for independents.
“This should now be a standard conversation with clients because every client has the exposure at some level,” said Tiene.
“A breach may only cost a client $10,000 to $30,000, but for a small business client, that is a lot of money.”
“They may turn to the agent and say, ‘Why didn’t you talk to me about this?’.
“This is a coverage need of the 21st Century."
