Filed Under:Agent Broker, Commercial Business

USI cybersecurity study highlights growing threats and shifting risks

Results from USI's 2017 cybersecurity and data privacy study

According to the new USI study, of the survey participants representing smaller firms, 32% confirmed being a target of impostor fraud; 25% reported being targeted by ransomware attacks; and 32% reported experiencing a data privacy incident, all in the past year. (Photo: Shutterstock)
According to the new USI study, of the survey participants representing smaller firms, 32% confirmed being a target of impostor fraud; 25% reported being targeted by ransomware attacks; and 32% reported experiencing a data privacy incident, all in the past year. (Photo: Shutterstock)

The loss of confidential customer and employee data remains the top cyber-related concern for smaller businesses whereas, for large companies, their biggest concern shifted in 2017 from data breaches to managing reputational and regulatory risks, according to USI Insurance Services’ 2017 Cyber Security and Data Privacy Study.

Damage to the reputation of an organization that experiences a breach can be catastrophic or minimal — it depends on the public’s perception and understanding of the event. Engaging the right people at the right time to communicate a well-thought-out message is the first step to managing an organization’s reputation in the wake of an incident and is a critical part of an incident response plan.

Related: 6 ways cybersecurity will impact insurers in 2018

The 2017 study, based on a survey of decision-makers (equally representing large companies with annual revenue of more than $100 million and smaller firms with revenue of $5 million to $100 million) provides unique insights into how firms of many sizes view cyber and privacy risks, the challenges companies face when reviewing their exposures, the prevalence of impostor fraud and ransomware attacks, and the ways companies are dealing with business interruption threats due to malicious cyber attacks.

The study also reveals that more companies are expanding information technology budgets, purchasing insurance, and developing incident response and business continuity plans to address the increasing complexity and frequency of cybersecurity risks and data privacy incidents. 

Escalating risks: Ransomware, data breach & impostor fraud


Of the survey participants representing smaller firms, 32% confirmed being a target of impostor fraud; 25% reported being targeted by ransomware attacks; and 32% reported experiencing a data privacy incident, all in the past year.

The fact that money moves quickly in today’s fast-paced transactional environment has led to a massive uptick in impostor fraud incidents, also known as social engineering or business email scams. In many of these cases, fraudsters, pretending to be trading partners or employees of the same company, employ scams to divert company funds to hacker bank accounts. 

According to the survey, large businesses that were the target of impostor fraud in the past year experienced a financial loss of between $100,000 and $500,000. Smaller business losses from impostor fraud ranged from $25,000 to $250,000. Although smaller businesses were less likely to have been targeted, overall half of the targeted businesses reported suffering monetary loss, the survey shows.

Related: 3 best practices for a layered cybersecurity program

Large businesses are more likely to experience a data privacy incident and ransomware attack, although theft of portable devices or hard drives by someone external to the organization was more likely to occur at smaller businesses. Cyber extortion and ransomware attack losses were under $250,000 for a majority of survey participants; however, approximately14% of large businesses indicated their losses were more than $1 million. USI expects the frequency of ransomware and cyber extortion threats to increase and become more severe for businesses of all sizes in 2018.

The cost of dealing with cyber incidents continues to grow, and so does the concern over less, easily quantifiable losses. Among large companies, the study showed a notable increase in concerns about maintaining reputation and compliance with regulations. This concern jumped to the No. 3 spot, with 20% of respondents indicating they were worried about it compared to just 9% in 201. Reputational harm includes the loss of revenue that often follows a cyber incident announcement.

Insurance & risk management


Businesses need to take aggressive steps to ensure their cyber risk management practices, third party service providers and cyber insurance policies are equipped to respond effectively to ransomware attacks. These steps must also include putting together a robust response plan listing all organizational losses and any potential liabilities resulting from an attack. 

USI Data privacy chart

According to the survey, the majority of smaller businesses (82%) reported purchasing cybersecurity and data privacy risk insurance to protect from financial loss and 74% cited preparing for a data privacy breach as their top reason for buying the coverage. Less than half of smaller businesses reported having purchased impostor fraud coverage as part of their insurance portfolio.

Also, a majority of smaller businesses cited finding a policy to fit their unique needs, followed by cost, as the most significant challenges to acquiring insurance to protect against cybersecurity and data privacy. Notably, the survey shows 30% of smaller businesses are unsure of how to begin looking for cybersecurity and data privacy risk insurance.

USI recommends that companies undertake a cyber risk assessment to identify the strengths and weaknesses of their data security plan, develop appropriate strategies for improvement and speak to an experienced cyber broker. While purchasing cybersecurity and data privacy insurance is an important step, it should be used in tandem with developing and testing a comprehensive incident response plan.

Visit USI’s website to access the executive summary and a copy of the full cyber report.

Related: Cyber insurance soaring as risks rise

Dena Cusick is USI National Practice Leader Technology, Privacy, and Network Risk Practice (Dena.Cusick@usi.com). Paul King is USI Management Professional Service National Practice Leader. (Paul.King@usi.com)

Featured Video

Most Recent Videos

Video Library ››

Top Story

20 safest airlines to fly with in 2018

To recognize those leading the way, AirlineRatings.com released its annual list of the world's safest airlines. Of the 409 airlines it monitors, 20 stand out as the 'best of the best.'

Top Story

11 ways cars will be smarter in 2018

Connected vehicle technology, better electric batteries, and 'infotainment' systems are just three of the trends for insurers and claims specialists to watch.

More Resources

Comments

eNewsletter Sign Up

Agent & Broker Insider eNewsletter

Proven success tips and essential information to help agents and brokers grow their practice – FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.