You are on page 1of 10

The Two-Fold

Approach that
Protects Your
Company from
Cybercriminals

A Guide to
Cyber Insurance &
Business Continuity for
Business Owners

Use this guide to determine your data risks,


then learn how to choose a good cyber
insurance provider.

By Hilary Buckley

NetUp IT - White Paper Protect Your Company from Cybercriminals

Contents
Executive Summary ..................................................................................... 3
Protecting Your Company ......................................................................... 3
A New Age of Cybercrime ............................................................................ 3
Cybercriminals Can Come from Anywhere ............................................... 4
The Dangers of Cybercrime ......................................................................... 4
1. Cybercrimes High Costs ....................................................................... 4
2. Easy Criminal Access............................................................................ 5
3. Staff Misinformation............................................................................... 5
How Can You Protect Your Business? ........................................................ 6
What Is Business Continuity?.................................................................... 6
What Is Cyber Insurance? ......................................................................... 6
What to Expect from Cyber Insurance ......................................................... 7
What to Look For ....................................................................................... 7
Benefits ........................................................................................................ 8
Financial Help in the Event of a Cybercrime ............................................. 8
Protection in All Places, at All Times, on All Covered Devices ................. 8
Guaranteed Increased Data Protection and Possible Cost Incentives ...... 9
How to Choose a Good Provider ................................................................. 9
Take Your Next Step .................................................................................. 10


NetUp IT - White Paper Protect Your Company from Cybercriminals

Executive Summary
Businesses today face difficulties far surpassing any of their previous challenges. In the
past, companies were able to protect private customer information with careful
management and well-secured offices. Now, no matter the security measures in place,
cybercriminals are able to steal computer files with seeming ease. Even worse,
companies attacked in these "cybercrimes" have an obligation to inform the public, which
brings down their brand reliability and can negatively impact sales.
To complicate the matter, companies today are not just at risk when their information is
maliciously stolen. If companies misplace critical information or if they open data up to
attack through simple user errors or absentmindedness, they are still held liable by the
federal government to inform their clients and the general public that they have faced a
potential security breach.

Protecting Your Company


The best way to safeguard your company against data theft is to take a two-fold
approach.
First, get a good business continuity solution that backs up your client information, orders
and transactions, and other valuable data, in case you do become the victim of a cyber
attack. This helps ensure that your
data, the lifeblood of your company,
will survive even if the criminal
destroys your hardware as
evidence.
Second, make sure that you can
cover the significant costs of a data
breach by choosing a reliable
cyber-insurer. This white paper will
focus on cyber insurance: why
coverage is important, what a good
cyber-insurer will offer, and what
you can do to leverage your
cyber-insurance costs.

It is 90% more likely that


a data breach will shut you down
than a fire.
John Scirocco
Scirocco Group Insurance

A New Age of Cybercrime


In 2014, it seemed that every day, or at least every week, the news reported another
data breach. Most of us remember constantly worrying as we read the news. "Have I
shopped there? we wondered. Did I use my credit card? Which credit card did I use? Is
my personal information exposed?"

NetUp IT - White Paper Protect Your Company from Cybercriminals

Luckily, most of us escaped from the data-breaches unscathed. However, that wasn't
everyone's experience. The shoppers who weren't as lucky had to deal with surprising
costs and effort to remedy their losses. In some cases, customers were unable to restore
their financial records to pre-breach strength.

Cybercriminals Can Come from Anywhere


Companies that suffer from data breaches conduct both business-to-consumer (B2C)
and business-to-business (B2B) transactions which gives criminals access to valuable
network-access data they can use to leapfrog into the systems and records of connected
businesses.
In fact, thats how Target was attacked. One of their vendors had been the victim of a
cyber attack, and the vendors relationship with Target led to one of the largest data
breaches in corporate history.1

The Dangers of Cybercrime


It's a fact that small businesses are hit more often by cybercrime. According to a 2013
Ponemon Institute study, more than half of US businesses with less than $10 million in
revenue reported at least one data breach, and 53% of those businesses were
compromised multiple times throughout the year.2
True business protection is more than just making sure you have the right policies in
place. It also includes protecting your company against cybercrimes high costs,
cybercriminals easy access to data, and staff misinformation.

1. Cybercrimes High Costs


The breach-recovery process is expensive. Not only does cybercrime cause business
interruptions, cybercrime-related costs typically include public relations, litigation,
ongoing customer protection, government investigation fees, and many other
unexpected expenses. Suffering from a combined lack of funds and high costs, more
than 60% of small businesses fail within six months of a cyber attack.3
For small businesses, the average cost of a data breach was $36,000 - $50,000,4 and
IBM reported that data breach costs had risen 23% by 2015.5

1 BrianKrebs,TargetHackersBrokeinViaHVACCompany,KrebsonSecurity(blog),February5,2014,
http://krebsonsecurity.com/2014/02/targethackersbrokeinviahvaccompany/
2 HartfordSteamBoiler,SurveyShowsSmallBusinessesHaveBigDataBreachExposure,newsrelease,March6,2013,
http://www.munichre.com/HSB/pr06032013/index.html
3 RobertStrohmeyer,Hackersputabullseyeonsmallbusiness,PCWorld,August12,2013,
http://www.pcworld.com/article/2046300/hackersputabullseyeonsmallbusiness.html
4 FirstData,SmallBusinesses:TheCostofaDataBreachIsHigherThanYouThink,May2014,
https://www.firstdata.com/downloads/thoughtleadership/Small_Businesses_Cost_of_a_Data_Breach_Article.pdf
5 IBMandPonemonInstitute,2015CostofDataBreachStudy:GlobalAnalysis,May2015,
http://www01.ibm.com/common/ssi/cgibin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03053WWEN&attachment=SEW03053WWEN.PDF

NetUp IT - White Paper Protect Your Company from Cybercriminals

By protecting your data and your business properly, you can lower all of your
cybercrime-related costs significantly.

2. Easy Criminal Access


According to Symantec, 40% of small and mid-sized businesses have no data protection
plan at all, though cybercrime continues to rise.6 In addition, a 2014 survey of 1,257
executives determined that the average company had about 2.7 services in the cloud.7
Those numbers also continue to rise. These two statistics suggest trouble ahead for
SMBs.
Though cloud storage is extremely secure, when you access your data using an
unsecured network, such as a coffee shop, hotel, or at home, everything you have
access to may also be available to thieves.
In each of these places, youre likely to enter passwords, download reports, and access
client data any of which, if captured, would count as a data breach.

3. Staff Misinformation
To explain why data security policies are so important, you must understand where data
security fails in your own business. Usually, your employees constitute the weakest link
in your security practices; human errors are responsible for 45% of computer
downtime.8
Not only do employees commonly open suspicious emails or attachments, they visit
unsecured websites, sign in to password protected wireless routers, such as a home or
coffee shop network to access data, and endanger your company data in many other
ways. It is a rare staff that contains the knowledge or skills to even identify a data breach.
There are ways to protect your data no matter where you are. However, unless youve
trained your employees to use safer methods, they wont.
These three problems creates significant risk for cyber insurers. If your insurers job is to
provide coverage when your data is compromised, they may be hesitant to do so if your
company is putting that data at risk with lax security practices. To make an analogy: If
your house insurance policy kicks in when your house burns down will they still owe
you if set the curtains on fire?

Symantec, 2011 SMB Disaster Preparedness Survey: Global Results, January 2011,
http://www.symantec.com/content/en/us/about/media/pdfs/symc_2011_SMB_DP_Survey_Report_Global.pdf?om_ext_cid=biz_socmed_twitter_facebo
ok_marketwire_linkedin_2011Jan_worldwide_dpsurvey
7
Evolve IP, Cloud of Dreams: The Adoption of Cloud Services 2014, accessed June 3, 2015,
http://pages.evolveip.net/2014-cloud-of-dreams-survey-bundle.html
8
Joseph McKendrick, Enterprise Data and the Cost of Downtime: 2012 IOUG Database Availability Survey, July 2012,
http://www.oracle.com/us/products/database/2012-ioug-db-survey-1695554.pdf

NetUp IT - White Paper Protect Your Company from Cybercriminals

How Can You Protect Your Business?


Its clear that todays companies face many possible data security pitfalls. To lower your
costs for lost or exposed data, the two-fold approach of business continuity protection
and cyber insurance may be the right choice for your business.

What Is Business Continuity?


For a first line of defense, most businesses turn to Business Continuity services. With
access to a comprehensive business continuity solution, businesses get automatic
backups, data encryption, in-depth email and Web threat blocking, as well as virus,
spyware, and malware protection. These coverages help businesses protect their own
data so that it stays safe in the event of theft or a disaster.
If you think your antivirus software protects your company, think again. In May 2014,
Symantec, the maker of Norton antivirus, admitted that anti-virus software can no longer
detect most malware attacks and that antivirus products miss more than half (55%) of
cyber attacks.9
With the high prevalence of cyber attacks, it is now nearly impossible to predict exactly
where and how hackers will strike. In many cases, businesses can't even identify when a
hacker has struck and it can be months or years before a data breach is discovered. The
Heartbleed bug lay inside the code of millions of websites for two years before it was
exposed in 2014.
Cybercriminals are nearly unstoppable. Thats why your business needs a safe way to
manage the fall-out if you do become the victim of a cyber attack. That's where
cyber-insurance comes in.

What Is Cyber Insurance?


Cyber insurance is a specific part of a business insurance package that covers your
company if you and your customers suffer a data breach. Cyber insurance differs
significantly from the insurance youre used to because it must offset users who do not
understand how to maintain a safe environment, and it must protect them at all times and
in all places.
If your business is insured against fire damage, your insurance company is responsible
for protecting one location (your business address) if it happens to burn down. Cyber
insurance protects your virtual locations, meaning that it covers your business in the
event of a website or data breach, and also offers liability insurance to help cover the
costs that your customers may incur if your company is attacked.

9 SamuelGibbs,Antivirussoftwareisdead,sayssecurityexpertatSymantec,TheGuardian,May6,2014,
http://www.theguardian.com/technology/2014/may/06/antivirussoftwarefailscatchattackssecurityexpertsymantec

NetUp IT - White Paper Protect Your Company from Cybercriminals

What to Expect from Cyber Insurance


Cyber-insurance takes two distinct forms: first party coverage, which covers your
personal company and assets; and third-party protection, which covers losses that
directly affect your customers or the government.
Cyber insurance reimburses your company (up to a capped amount) for:
Claim expenses
Privacy event expenses
Extortion payments (such as Cryptolocker ransomware)
Privacy regulation investigation expenses
First-party loss
Surprisingly, all this coverage is affordable as well. For only a $5,000 - $10,000
deductible, your company should be able to get comprehensive coverage with a high cap
that will protect you even in the worst cases of cybercrime.

What to Look For


Make sure that your business is covered
in these five crucial areas. When you
meet with a cyber insurer, ask them about
other options that may apply to your
specific industry.
1. Media Liability Coverage
Protect your business from
allegations of defamation, libel,
slander, emotional distress,
invasion of privacy, copyright
infringement, and more. Coverage
extends to website and social
media, as well as non-electronic
forms of media.
2. Network Security Liability
Coverage
Protect your finances from
third-party claims that result when
your computer system is
inaccessible, experiences
unauthorized access, suffers a
Denial-of-Service (DoS) attack, or
if your email becomes the victim of
a destructive virus.

COVERAGE TO CONSIDER
Media Liability
Network Security Liability
Privacy Injury Liability
Privacy Regulations Liability
Privacy Regulation Fines
Event Expense
Extortion Demand
Regulation Investigation
Crisis Response
Business Interruption and Expense
First-Party Network Loss or Damage
Basic E-theft

NetUp IT - White Paper Protect Your Company from Cybercriminals

3. Privacy Injury Liability Coverage


If you inadvertently release personally identifiable information (PII) or protected
health information (PHI) through cyber theft or user error, this coverage will help
your business recover from notification costs, PR costs, litigation costs, and more.
4. Privacy Regulation Proceedings Coverage
When the government has reason to suspect youve been the victim of a cyber
attack, they come knocking on your door and demand to look at your systems.
Their investigation process is costly and disruptive, and this coverage helps you
with that.
5. Privacy Regulation Fines Coverage
Protect your business if your records are suspected to be non-compliant with
federal, state, local, or foreign statute or regulations. This is costly and your
business could be paying $18,000 per week because the way you run your
records is opening them up to release.

Benefits
With a combination of Business Continuity services and cyber insurance, businesses
can protect against all the main dangers of cybercrime.

Financial Help in the Event of a Cybercrime


With mounting costs for litigation, PR, ongoing credit and fraud monitoring in addition
to the loss of funds and loss of income having peace of mind that the costs of a data
breach wont destroy your business is important.
Its easy and affordable to get the data protection that big businesses have, and its also
affordable to get cyber insurance coverage. Many cyber insurance plans hold low
premiums while offering impressive levels of coverage.

Protection in All Places, at All Times, on All Covered Devices


Because cybercriminals are always active, its a smart idea to guard your companys
data everywhere, at all times. As in most cases, the best cyber defense consists of a
good offense. With a business continuity solution that offers you 24/7 protection and
backups at least every 15 minutes, you know that your data will be protected and
secured, no matter who accesses it.
Mobile device coverage is also a smart choice in todays BYOD world. With this
coverage, you and your employees can use your devices freely. If a laptop, tablet, or
smartphone is lost or stolen, mobile device plans offer the option to instantly wipe your
company data from it.

NetUp IT - White Paper Protect Your Company from Cybercriminals

Guaranteed Increased Data Protection and Possible Cost Incentives


To get the best deals on cyber insurance coverage, you should be able to prove that
your business has taken steps to lower your risk. Having a strong business continuity
solution in place, paired with email and web security services and domain-name-level
blocking shows your cyber insurer that you mean business.
Though these measures all help to protect you from staff errors, again, the best defense
is a good offense. If your staff has been trained to be caution on the Internet and your
company has clear policies in place that follow best-practices recommendations, cyber
insurers may offer you negotiation wiggle room.

How to Choose a Good Provider


To find the best cyber insurer for your needs, look for:
An established company
Clear policies and an understandable insurance quote
A range of coverage options
If you want total protection from your cyber insurance (and possibly some leverage in
negotiation) you have to have a protected system. In fact, as this white paper has shown,
cyber insurance works best and is most cost effective when it's carefully supported by a
network security policy that follows best practices. When you need a network security
solution that works, you want NetUp IT.

The Complete Protection of NetUp IT


With NetUp IT, your business is covered from data loss in the event of a fire, flood,
hurricane, cybercriminal, and more. With NetUps round-the-clock coverage, your
business will get:
Multiple Backups
Backups are stored both on- and off-site, with images, so your data is secure at all times
and so that you can find the trail of even hard-to-find cybercriminals.
Over 20 Years of Experience
Ease your cyber insurer's worries by working with an established and trustworthy
business continuity provider. Our CompTIA Trustmark shows that youll always get the
service and protection you were promised.
Complete Business Continuity Solutions
With email and web security services, domain-name security for protection on the go,
on-call emergency services, and round-the-clock network monitoring that protects your
business from threats, you can trust that your data is protected no matter what.

NetUp IT - White Paper Protect Your Company from Cybercriminals

10

Take Your Next Step


Instead of worrying that you or your staff may have unintentionally exposed your data,
take action. Learn exactly where your data policies or practices have failed.
Confidently negotiate your business cyber insurance plan.
Be prepared with the information you need.
Schedule your free Network Security Assessment to learn:
Where your network stands now
Your companys current cybercrime risk
Where your company does well in cyber security... and where youre not as
secure

Get the facts you need to get your perfect cyber insurance quote.
Start with a free Network Security Assessment from NetUp IT.

Schedule Your
Free Network Security Assessment
http://netup-it.com/free-network-assessment-new-jersey/

NetUp IT helps clients build, maintain, manage, and secure corporate IT infrastructure and
networks in the New Jersey and New York Metropolitan area.

Visit us on the web at www.netup-it.com.