Organizations are now more reliant on technology than ever before. With the COVID-19 pandemic kickstarting a global work from home experiment, companies are relying on technology to connect (both internally and externally) and to transact business. As such, businesses are more in need of solutions not just to survive the catastrophic effects of the pandemic but also to protect themselves against the continued catastrophic risks they face from security failures, data breaches and cyberattacks.
“Cyber risks are largely uncorrelated with pandemic risk or the risk of a recession, which is to say that cyber risk is always present,” said Joshua Motta (pictured below), CEO of Coalition, a technology-enabled cyber insurance and security firm which recently entered the Canadian market. “In fact, you could argue that cyber risk has increased [amid COVID-19] because organizations have a greater dependency on technology, and they’re making a number of different technological changes that can provide an opening for cyber criminals to be more effective in their campaigns.”
Over the past few months, there has been a huge surge in cyberattacks targeting
remote workers. Most notably, hackers are using phishing scams and business email compromise to try to trick people into sharing their credentials. They’re playing on human vulnerabilities and public interest in the coronavirus to get people to click on corrupt links - perhaps by suggesting the link contains an important COVID-19 update – and to fill in online forms for specific pandemic updates and so on.
“Since countries around the world went into lockdown, the types of incidents that our cyber claims team are dealing with shows that while there hasn’t yet been a change in frequency of attacks, the likelihood of companies falling victim to these scams in a vulnerable and remote working scenario are escalated in comparison to what we were experiencing pre-COVID-19,” said Lindsey Nelson (pictured top), cyber development leader for CFC.
“This new era of home working couldn’t be a better situation for cyber criminals,” she added. “Employees are working on potentially insecure devices and businesses may not have implemented any additional training to help them spot things like phishing links that play on, for example, human curiosity about coronavirus.”
Most companies have asked employees working remotely to use a virtual private network (VPN) to connect to their company’s IT network. This adds some extra cybersecurity, but with so many employees relying on instructions from their employers on how to connect to internal networks from home, the vulnerability remains “enormous,” according to SecDev Group of Companies CEO Rafal Rohozinski. There are still many “openings”, as Motta put it, for cyber criminals to prey on vulnerabilities.
According to Motta, the need for a holistic cyber solution in Canada, and elsewhere around the world, is greater than it ever has been. Simultaneously, the ability for some businesses to prepare and respond to cyber events - particularly those that have been affected greatly by COVID-19 – is dramatically reduced. With the economic outlook in dire straits, companies have less capital to invest in cybersecurity solutions.
Read more: CSE to take down over 1,000 scam websites
“For larger organizations, the solution for cybersecurity seems to be technology – purchasing this myriad of [risk prevention and cybersecurity] technology goods and services,” Motta told Insurance Business. “Our thesis at Coalition is that for smaller businesses, the solution is risk transfer – the insurance product. Instead of paying a small fortune for antivirus solutions, firewalls and other things like that, small businesses can pay a couple of hundred dollars a year for cyber insurance, which comes with a lot of these cybersecurity tools. Small businesses are far less likely to survive any type of exogenous shock, whether it’s a recession, a pandemic, or a cyberattack or data breach. We’ve seen the demand for cyber insurance surging [among small businesses] in April and May after a slight blip at the end of March when we believe a lot of people were adjusting to working remotely.”
Pandemic or no pandemic, cyber is an all-inclusive risk in that everybody is vulnerable. Whether you’re a big business or a small business, working in an office or working from home, a public entity or a private corporation, the list goes on – everybody is impacted. And that’s where insurance brokers have an essential role to play in educating all policyholders – personal and commercial - of their potential cyber exposure and how to mitigate it.
