Cyber Incidents Represent Real Risk, Especially in a Work-From-Home (WFH) Environment
When it comes to protecting your company — and customers — from cybersecurity risk, sometimes the biggest risks are closer to home than you think. While we tend to think the greatest dangers come from cyber crooks and hackers outside our organizations, research shows that our employees represent the greatest risk in terms of the likelihood of falling victim to an attack.
External attacks can be costlier, resulting in costlier losses, but, according to Insurance Business Magazine, internal incidents are more common, as referenced in the report, "Managing the Impact of Increasing Interconnectivity - Trends in Cyber Risk."
Cyber Risk on the Rise
In an Insurance Business America article, Alicja Grzadkowska points to a rise in cyber insurance claims — growing from 77 in 2016 to 809 in 2019, and with 2020 seeing 770 claims during the first three quarters of the year. Last year, the article reports, "there were nearly half a million ransomware incidents reported globally, which cost organizations at least $6.3 billion in ransom demands alone, while total costs associated with the fallout from these incidents were estimated to be more than $100 billion."
Employees — whether due to human error or bad behavior — are an important first line of defense to help organizations minimize the risk they face from cyber threats. In a new era where more employees are working from home, these risks can be even greater.
As Grzadkowska writes: "the COVID-19 remote work landscape, alongside a spike in ransomware attacks and the increasing cost of large data breaches, are bringing additional cyber risks, as are state-sponsored attacks."
Addressing Employee Risk
With many employees working from home, having the right cyber insurance policy in place is more critical than ever. You need to ensure that you have procedures in place that remote workers are only accessing company data, e.g., the network, email, CRM, etc., via approved work hardware vs an individual's personal computer and even mobile device. If employees are allowed to use their personal devices, then it is even more imperative that executives review their company's cyber policy to ensure that personal devices are allowed, because many policies exclude them.
Cyber insurance policies can protect companies related to risks associated with both business interruption and extortion. As with any type of coverage, the greater the potential for risk and negative business impact, the more important this type of coverage will be.
If your company doesn't currently have cyber insurance coverage and, especially if you now have employees working from home, now is the time to explore the type of coverage that could best protect your organization — and your customers.
Comments