• Contact Us
  • 833-476-2487
  • 833-4-SOCIUS

    Socius LogoSocius LogoSocius LogoSocius Logo

    • Brokerage
      • Management & Professional Liability
      • Property
      • Casualty
    • Applications
      • Crime
      • Cyber
      • EPLI
      • Errors and Omissions
      • Management Liability
      • Property and Casualty
    • Continuing Education
    • About Us
      • Meet Our Team
      • A Decade or More
      • Mission & Vision Statement
      • Testimonials
      • Philanthropy
      • Careers
    • Resources
      • Articles
      • Reference Documents
      • Socius Scoop
      • Diversity & Inclusion Newsletters
      • Press Releases
    • Make a Payment

    Don’t Forget Cyber Hygiene When Returning to the Office

    September 26, 2022

    Cybersecurity and privacy concepts to protect data. Lock icon and internet network security technology. Businessmen protecting personal data on tablets and virtual interfaces.

    By: Brett Klein and Cynthia Zimmerman

    During the pandemic, many employees switched to remote work – and cyberattacks surged. Now, many workers are returning to the office, but cyberattacks aren’t decreasing. Ransomware and other cyber incidents remain a growing problem. As a result, cyber insurers are enforcing good cyber hygiene.

    Brokers – As your clients’ workplaces return to normal, make sure that old habits and outdated practices don’t undermine their cybersecurity. Be sure to share the following information.

    Remote Work and Cyberattacks

    The switch to remote work occurred out of necessity – and it did not always go smoothly. As workers adjusted to new procedures, cybercriminals took advantage of both the confusion associated with rapidly changing processes and the technical vulnerabilities associated with home office and remote access.

    The Internet Crime Complaint Center (IC3) says that criminals used phishing, spoofing, extortion, and other tactics to target victims during the pandemic. Ransomware proliferated as hackers launched phishing attacks and exploited Remote Desktop Protocol and software vulnerabilities to access systems.

    One might have expected cyberattacks to lessen once workers ironed out their remote work arrangements, but this did not happen. The attacks continued in 2021: in particular, ransomware attacks increased in both frequency and severity. According to the State of Ransomware 2022 report from Sophos, 66 percent of organizations were hit with ransomware in 2021, up from 37 percent in 2020. The average ransomware payment was $812,360, up significantly from $170,000 in 2020, but only 4 percent of organizations that paid received all their data back.

    The Impact on Insurance

    The rise in cyberattacks has led to increased interest in cyber insurance, but it has also made insurers more wary of underwriting risky accounts. Insurers need to manage their loss ratio. If they are constantly paying massive claims, the situation simply is not sustainable.

    The Q1 2022 Commercial Property/Casualty Market Report from Council of Insurance Agents & Brokers (CIAB) shows that premiums for cyber insurance increased an average of 27.5 percent the first quarter of 2022, following an increase of 34.3 percent in the fourth quarter of 2021. Although rates have been going up across the board, these increases are significantly steeper than the premium increases in other lines. The hikes have been blamed on the increase in cyber claims. Indeed, 72 percent of respondents reported an increase in claims.

    The Importance of Understanding Your Insurance Terms

    Both insurance companies and the organizations they insure have a vested interest in preventing cyberattacks. CIAB says that underwriters have been implementing stricter underwriting requirements in an attempt to mitigate losses. For example, many insurers are mandating multifactor authentication (MFA) and other cybersecurity protocols.

    Failing to meet these requirements may have dire consequences. According to Insurance Journal, one cyber insurance carrier voided its cyber policy when the company allegedly mispresented its use of multifactor authentication – something the carrier discovered after a ransomware event occurred.

    This should serve as a warning to anyone seeking cyber insurance: insurers take their cybersecurity requirements seriously. If the applications include incorrect information or mispresent the policyholder’s cybersecurity practices, the insurer could deny future claims or void coverage retroactively.

    It is important to give cyber applications the attention they deserve. Applicants should talk to their brokers and consultants before signing to ensure that they understand the questions and answer appropriately.

    Returning to the Office – But Not to Poor Cyber Hygiene

    Cyber insurance provides critical protection, but it is not a substitute for good cyber hygiene. Organizations need to do everything in their power to prevent cyberattacks from occurring; otherwise, they may find themselves victims of an attack only to have their insurance claim denied.

    This is not a situation that is simply going to resolve itself. Hackers have exploited remote work setups, but they will not go away when workers return to the office. Instead, they will look for new vulnerabilities to exploit. Don’t give them an opening.

    • Enable multifactor authentication for sensitive accounts, including email, privileged accounts, remote access, and backups.
    • Maintain segregated backups of critical data.
    • Install updates and security patches as they become available.
    • Evaluate your network for access points and vulnerabilities, such as Remote Desktop Protocol, and take steps to secure your system.
    • Educate workers on how to spot phishing scams and verify requests for information, transfers, etc.
    • Create a cyber incident response plan and be ready to implement it.
    • Stay informed on the latest threats and take precautions to reduce your risk.

    Do you need help securing cyber insurance for your clients? Socius provides access to new markets as well as underwriting advocacy. Contact us for assistance.

    Socius helps brokers and their clients navigate the evolving insurance climate. Contact us for creative problem solving, access to new markets and underwriting advocacy.

    Brett Klein

    Assistant Vice President

    email: bklein@sociusinsurance.com

    mobile: (203) 830-9442

    Cynthia Zimmerman

    Executive Vice President

    email: czimmerman@sociusinsurance.com

    mobile: (954) 804-9450

    Download a PDF version 

     

    Share

    Socius Logo

    As your outsourced marketing department, we work closely with both admitted and specialty markets to meet your clients’ unique needs.

    • Home
    • Continuing Education
    • Employee Benefit Providers
    • Contact Us
    • Terms of Use & Privacy Policy
    Copyright © 2022 Socius Insurance All Rights Reserved.
        We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
        Do not sell my personal information.
        Cookie settingsACCEPT
        Privacy & Cookies Policy

        Privacy Overview

        This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
        Necessary
        Always Enabled
        Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
        Non-necessary
        Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
        SAVE & ACCEPT
        Customer Feedback