Cyber risk refers to the possibility that someone can make technology work against your business, rather than for it. That “someone” could be a hacker, a rogue employee, or even just an honest person making a mistake. If your operation uses technology at all and interacts with people, then you have cyber risk. The common denominator, whether malicious or not, is that humans are at the core of cyber risk.
Taking what we now know about “cyber risk”, a cyber attack is defined as an attempt by hackers to damage or destroy a computer network or system. Unfortunately for businesses, these take count-less shapes, are non-discriminatory with regard to size or industry, and far reaching as opposed to isolating a single organization.
First and foremost, reputational damage. Given you’ll have a responsibility to notify your trusting client base in the event their sensitive data is compromised (credit card numbers, for example), there’s a strong likelihood they’ll go elsewhere with their business moving forward. If this factor hits critical mass and you’re swimming in other fines and regulatory hoops, it can spell the end for your business within just a few months of fighting back.
It’s way easier and less expensive. With major headlines in recent years about breaches at Fortune 500 companies, most large organizations have spent millions shoring up their defenses. The most effective way for a hacker to get into your system is still a phishing attack and that doesn’t cost much to execute. So, if I’m a criminal and can use fraudulent emails to check as many front doors as possible, why would I try to pick the locks on large businesses when small businesses are leaving their doors wide open?
You have probably done a great job choosing partners for IT services and data hosting. You may even have ensured that your contracts with those providers included language to protect you in the case of a breach. Unfortunately, you are still 100% responsible for the impact a breach of your chosen systems has on your customers, vendors, and other stakeholders. The only reliable way to outsource this risk is through cyber insurance.
Fervently patchworking a cyber solution is noble, but it’s always better to work smarter, not harder. The first step is simply to take inventory - do you have preventative measures in place? What’s your disaster recovery plan? How would you pay for a cyberattack should you fall victim? Luckily, you can defer all of this to an expert that has much experience answering all of these questions, and more. Knowing the right questions to ask and where to focus your time will bring significant value, so engage with a professional for a comprehensive cyber consultation. Paladin offers these free of charge to prospective customers and would love to engage directly to help you understand your degree of cyber risk and what to do about it.
The beauty behind baseline, necessity technology is that much of it is free to you! When considering critical components, think of software offering disk encryption, back-up cloud services, and generally taking advantage of your email server’s security program the best you can.Past this, the variety of technology can feel overwhelming, and deservedly so. To purchase important programs independently requires time, due diligence, and a healthy budget. We at Paladin noticed there was a stark need for an easy to use, consolidated cybersecurity program that is fairly priced - through several features and employee engagements, we are able to proactively protect against greater than 90% of the most common cyberattacks while you stay hard at work.
Cyber insurance is a contract through which you can transfer cyber risk to an insurance company. In other words, it’s a way for someone else to bear the expense of technology turning against your business. You can’t transfer your total cost of cyber risk, but cyber insurance can cover quite a bit, including: Damages and defense costs from third-party suits, Regulatory fines and expenses, Forensic investigation costs, Costs to provide privacy notifications and services to affected parties, Reimbursement of lost income or stolen money resulting from a cyber attack, Protection of your business’s reputation
Any organization with cyber risk can get some benefit from purchasing cyber insurance. So, any organization working with technology and people should consider it. Risk transfer (insurance) is not the only way to manage risk, but you should know that there is no way to completely avoid or mitigate cyber risk. No matter what steps you have already taken, you still have a potential cost that could be handled by an insurance company.
Yes, and you’re probably already doing many things to protect your organization. If you’re using firewalls, intrusion detection, antivirus, etc. then you are reducing your risk. Statistically, the best method for reducing cyber risk is by improving employee behavior. If you’re taking care of that, then you’re doing really well! Still, no risk mitigation tools (including ours!) can completely eliminate your risk. You can protect your organization in many ways, but the best possible protection level can only be achieved with cyber insurance combined strategically with employee awareness and prevention tools.
Maybe a little...sometimes. Not satisfied with that answer? You shouldn’t be! General liability insurance has sometimes responded to privacy incidents under its Personal & Advertising Liability coverage, but this response is predicated on the release of information being considered publishing of that information. That interpretation has been unpredictable at best. Some other policies (e.g. professional liability) may respond, or may even have been enhanced to respond but, again, that’s not reliable. Much of the value in cyber insurance comes from response services. You want an insurance company to respond purposefully and expertly and that’s only going to happen with a true cyber insurance policy.
Definitely. At this point all states have breach notification laws that will require you to notify affected parties and provide remediation services. These laws may even require you to notify several attorneys general. These laws differ from state to state and you’ll have to comply with all statutes relevant to the incident - not just the law in your home state. It’s pretty daunting, which is why a cyber insurer taking care of all this and paying the bills is a deal you should really consider.
Just as the old saying goes, “out of sight, out of mind”. Most humans operate on autopilot to some degree during the workday and are highly susceptible to making one big mistake. This could be one click of the mouse or a single keystroke. By consistently providing teachable moments, interactive content, and providing concise updates on cyber-attack trends, you can change behavior for the better and improve even your weakest links. Remember that your employees are unquestionably your biggest cyber risk
No. As you read your email, our phishing filter is scanning it in real-time for just two things: known malicious links and language patterns that indicate a high likelihood of malicious intent. Once that scan has finished we feedback the scan results into our machine learning training model to tune our detection paradigm. There is no way to reconstruct an email from a scan result and the email is not retained in any of our systems. The only time we save an email is when you press the button to report phishing. In that case, we hold onto the email to analyze the malicious actor’s attack pattern and build defenses around their behavior. If we decide the email is not malicious, we delete it from our systems.
No. We scan website URLs, not your activity on them. The only information we retain is the count of dangerous links that have been blocked and instances where users pushed through our warnings.
We’re collecting only the information that helps us understand how our platform has been assisting you and how we might do better. For instance, in your company browsers, we don’t keep track of which websites you and your colleagues are visiting; we just keep track of how many threats we have blocked and how you have reacted to our warnings.
Primarily, we use data collected from our inbox and browser protection services to improve the performance of our inbox and browser protection platform. Secondarily, we retain some aggregated, anonymized statistics about users’ interaction with our platform that will help us more accurately calculate the cost of cyber risk in the future.
Because of the confidence of your insurance carrier in Paladin’s tools, you are getting a built-in discount based on the insurer’s expectation of reduced frequency and severity of claims.