3 minute read
Cyper and Social Engineering Attacks
Cyber and Social Engineering Attacks: Don’t Let Insurance Gaps Leave You Vulnerable
In 2018, hackers compromised Wasaga Beach’s servers for weeks before the town paid a ransom to regain control. In 2019, criminals posing as one of Saskatoon’s contractors used email fraud to misappropriate $1 million. That same year, Stratford City Hall paid $75,000 in Bitcoin to a hacker who crippled its network.
Advertisement
While these incidents were well-publicized, there are many more that never make the local news. Make no mistake: local governments – small, medium and large – are increasingly at risk of cyberattacks. The threat is particularly acute at the moment, when the demands of operating remotely have made organizations highly reliant on technology.
Strategies to prevent these attacks must be multi-faceted. Organizations should have sound IT security and a strong employee training program (as many attacks begin with an employee clicking a link or misplacing a device). Finally, since not all attacks are preventable, robust insurance coverage is essential.
Cyber Risks
Cyberattacks can take many forms. Social engineering fraud – where a criminal impersonates a real person – is on the rise. We have all received phishing emails that invite us to click on a suspicious-looking link; however, cybercriminals are becoming increasingly sophisticated, making it difficult to distinguish between what is real and what is fake. Another example is ransomware, where hackers install malware on an organization’s network and demand a ransom to release control.
The losses and expenses arising from these attacks are myriad:
Out-of-pocket expenses to investigate the attack, respond to it, repair the damage and notify all persons whose data was affected; The cost to defend claims by third parties whose personal information was compromised; Ransoms; and
Regulatory fines arising from privacy breaches.
Cyber Coverage
Many local governments are already covered in some form against cyber risks. You may have coverage under a standard property insurance package, or you may have paid an additional premium for a standalone crime or cyber policy. Chances are, however, that coverage is insufficient. For example, many policies do not cover social engineering fraud.
The following coverage is standard under most cyber policies:
Security and privacy liability;
Multimedia and intellectual property liability;
Network interruption and recovery coverage;
Event support expense coverage; Privacy regulatory defence & penalties; and Network extortion.
Certain insurers offer additional features, including coverage for:
Social engineering fraud;
Cyber terrorism;
Bricking (damage to devices and hardware);
Payment card industry fines;
Reputational damage; and
Losses above the aggregate policy limit.
Finally, some packages include value-added services such as employee training, 24-hour hotlines, and options for handling ransom demands.
As with any other expense, local governments must engage in a cost-benefit analysis when shopping around for cyber coverage. A “Cadillac” policy may not be warranted in every case. Speak with your broker about what level of coverage is right for your organization.
There are a number of products on the market. The MIABC has recently developed a CyberPro Policy designed specifically for BC local governments, which covers all of the above risks and provides additional services. For more information, contact Erica Shi at eshi@miabc.org. •
ERICA SHI joined the MIABC’s Insurance Department as the Insurance Programs Administrator in May 2018. In this newly created position, Erica’s role is strongly memberfocused. She is the in-house subject expert for ancillary policy placements. She assesses and responds to Members’ calls for changes to insurance programs and assists Members in interpreting policy language. She also processes renewals, responds to new business opportunities, and assists in the development of the Insurance Department’s business infrastructure.
With 15 years experience in insurance industry, Erica held multiple roles in insurance company and different insurance brokerages. Erica graduated with a Bachelor’s Degree in Civil Engineering from Tongji University in Shanghai and later obtained a Bachelor’s Degree in Business Administration from SFU. Erica currently holds a General Insurance Agent Level 2 License and Chartered Insurance Professional (CIP) designation.
NICOLE PURVES is the Deputy Director of Insurance at the MIABC. Nicole has worked in the insurance industry for 20 years, primarily involved in claims handling, specializing in casualty claims. She has been with the MIABC since 2008. She has also received her designation as a Chartered Insurance Professional.
A Different Type of IT Support
Sea to Sky Network Solutions is a managed services provider that helps municipalities throughout BC eliminate the hassles and headaches of dealing with IT infrastructure.
Contact us for help with your municipalities' technology needs or to book a no-cost network and IT security assessment.
info@seatosky.com | 604.628.6974 www.seatosky.com
