Cyber liability insurance was first offered back in the 90’s, however it wasn’t until the late 2000’s that it gained traction. Cyber attacks continue to evolve and target business at all levels. It is not just major corporations that are at risk, small businesses are the victims in the majority of all attacks. Companies big and small have been forced to invest in cyber insurance as a way to stave off the looming threat and gain peace of mind. The problem is that over the years the premiums for these policies have dramatically increased, the coverage has decreased and they have increased their deductible for attacks stemming from phishing, the most common threat.
For example, a recent policy we were asked to review was for $3 million worth of coverage. However, the coverage for a hack was $3M but the coverage for phishing/social engineering attacks was $100K with a $10K deductible. While companies might feel protected with a $3M cyber security policy, the reality is that the most likely type of attack they will fall victim to is a phishing attack and in that case their payout is a maximum of $90,000.
What is a social engineering attack?
The term “social engineering” is used for a broad range of malicious online activities, such as baiting, phishing and user spoofing to name a few. These attacks may look like links that download malware, emails that lead users to enter information that is then exploited or getting you to a malicious website where again, a user may enter personal information.
The biggest difference between social engineering and more traditional cybercrime techniques is that the user is the target, not your company’s network. You used to hear about some company’s computer network being hacked and the bad actors gaining access to key data that way. The most successful attacks now are those that target a company’s employees and hope that someone opens a back door inadvertently.
How can I protect myself?
The best and most effective tool companies have against these types of attacks is education. Technology safeguards can only go so far and no amount of technology can prevent a user from clicking on a malicious link or falling for a phishing attack.
Hybridge offers a robust cyber security education platform with a program that includes phishing of your users on a regular basis mimicking the latest attacks we are seeing. You get a full report of who clicked on the link, who entered information and who became fully compromised. Users that are fully compromised in a simulated attack are then enrolled in a phishing training course to help them identify future potential threats.
This approach builds knowledge and vigilance so that your users are aware of what techniques are being used and know what to look for.
If you want to learn more about our cybersecurity training options or need advice on your cyber security policy reach out to us at info (at) hybridge.com
Share this blog: