You’re already worried about the possibility of becoming a victim of a cyber scam. Be sure you clearly understand what your cyber insurance coverage is, or you may feel like you got taken more than once.
The increase in cyberattacks in 2018, along with privacy regulations (such as GDPR and the California Privacy Act of 2018) have made organizations aware of the need for insurance products protecting them when experiencing losses from cybercrime. Likely necessary, given over half of organizations expect to inevitably be a victim of a cyber scam, organizations seeking out insurance are looking for complete coverage of a loss.
But insurers are adding on "Deception Fraud" or "Social Engineering" insuring agreements onto existing Cyber Liability policies and are including some critical details that may be overlooked. First off, the definitions used are extremely broad, which at first look, makes it seem like the insurer is covering everything. But then you get to the dirty details that matter: the coverage has a sub-limit of $50,000-$100,000, while the remainder of your policy may have limits of between $1-$5 million.
Unless you’ve read the fine print, you may fall victim to a social engineering scam, suffer some loss, and then when you call your insurer thinking you have millions in coverage, you feel scammed a second time when you hear “your policy only covers up to $100,000.”
So, what should you do about it?
- Know your Limits – be sure you understand what is and isn’t covered, what the policy considers an attack, and what the policy coverage limits are.
- Protect the Organization – Having security solutions in place to block malicious email, websites, attachments, and downloads are all good starting places on your path to implementing a bona fide security strategy.
- Don’t Fall for the Scam – The cyber policies revolve around your users being fooled into becoming a victim. Putting users continually through Security Awareness Training and Phishing Testing is certain to lower the risk of successful scam by 37%.
I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.
Don't like to click on redirected buttons? Cut & Paste this link in your browser:
Let's stay safe out there.
Founder and CEO, KnowBe4, Inc