Take a moment to keep up on the latest in cyber crime and prevention. This month we’re bringing you a series dedicated solely to cyber. Visit our cyber resource page for preventative plans and our cyber liability page for extra protection.
White House Issues Ransomware Prevention Guidance to Businesses. In a recent letter addressed to corporate executives and business leaders, the White House emphasized that bolstering the nation’s resilience against cyberattacks is a main priority for President Joe Biden’s administration. Specifically, as ransomware attacks continue to rise in both cost and frequency throughout the country, the federal government is urging businesses to take this evolving cyber threat seriously. READ MORE
Tabletop Exercises. Cyberattacks have quickly become a significant threat for organizations of all sizes and sectors. As a result, many organizations have developed cyber incident response plans as a means of identifying effective protocols to take in the event of an attack—thus minimizing potential damages. However, simply having such a plan in place isn’t enough to protect your organization. After all, it’s important to routinely evaluate this plan to discover any shortcomings and make necessary improvements. Fortunately, that’s where tabletop exercises can help. Put simply, a tabletop exercise is an activity that allows your organization to simulate a realistic cyberattack scenario to test your cyber incident response plan’s efficiency. In other words, this exercise serves as a cyberattack drill, giving participants (typically the members of your incident response team) the opportunity to practice responding to an attack. Conducting tabletop exercises is a valuable way to assess the overall reliability of your organization’s cyber incident response plan, as well as ensure the plan will run smoothly in the midst of an actual attack. Review this guidance to learn more about the benefits of tabletop exercises and how your organization can successfully carry out such an activity. DOWNLOAD THE EXERCISE
Supply Chain Risks. Cyberattacks on global supply chains can cause irreparable harm to an organization’s operational, financial and reputational wellness. These incidents can occur even if your organization is practicing proper cybersecurity methods. Instead of attacking your organization directly, these cybercriminals take advantage of vulnerable suppliers or vendors in your organization’s supply chain to wreak havoc on key operations and compromise essential data. Supply chain risk has increased dramatically in the last decade, as the internet has become a necessary element of various business operations. What’s more, third-party breaches can be costly, increasing the average cost of a data breach by $207,411. Still, research shows this risk is largely being overlooked. While it’s not possible to totally eliminate supply chain risk, there are several steps your organization can take to reduce your supply chain exposure. REVIEW SUPPLY CHAIN RISKS & PREPARE
Business Email Compromise. Cybercriminals continue to become more sophisticated, leveraging a wide range of tactics in order to attack their victims. One tactic that has increased in frequency, complexity and resulting losses over the past few years is the use of business email compromise (BEC) scams. Put simply, a BEC scam entails a cybercriminal impersonating a seemingly legitimate source—such as a senior-level employee, supplier, vendor, business partner or other organization—via email. The cybercriminal uses these emails to gain the trust of their target, thus tricking the victim into believing they are communicating with a genuine sender. From there, the cybercriminal convinces their target to wire money, share sensitive information (e.g., customer and employee data, proprietary knowledge or trade secrets) or engage in other compromising activities. BEC scams can lead to numerous consequences within your organization—including stolen data, financial hardship and potentially severe reputational damages. Nevertheless, these scams can be deterred through various cybersecurity techniques. LEARN MORE ABOUT BEC SCAMS & PREVENTION TIPS
A Look Back on 2020. When the clock struck midnight on the last day of 2020, it marked the end of a year marred by catastrophe—the outbreak of COVID-19, high-profile data breaches, opioid litigation and corporate scandal, to name a few. To put the year in perspective, we decided to look back at some of the largest and most notable losses of 2020, which may consequently provide insights for loss trends in 2021. In 2020, the median cost of the losses we tracked was $380,000—a 12% increase from $340,000 in 2019. Looking at the top five industries with the highest median loss cost in 2020, nearly all showed increased severity from prior years. While the median loss cost of 2020 may change as more data is added to the database, the graph below reflects a general increase in loss severity over time among these five industries, according to Advisen data. Products liability losses were more severe in 2020 than any year in the past decade, accounting for $11 billion in losses within the top five industries. A $10 billion settlement announced by pharmaceutical and chemical company Bayer over the controversial weedkiller Roundup—which some groups believe causes cancer—greatly contributed to the severity of products liability losses in 2020, according to Advisen’s database. Directors and officers liability (D&O) nearly doubled in loss severity from 2019 to 2020—$12 billion in 2020 up from $6.5 billion in the prior year. KEEP READING