Interest in cyber coverage is at an all-time high, and those who previously thought it a luxury — or not a necessity — are taking a much closer look at their exposures.

A recent Marsh report shows that cyber insurance purchases grew 32% in 2014 when compared with 2013, and up 21% in 2013 over 2012. "The yearly increase shows that organizations see cyber as a risk to be managed, not merely a problem to be fixed by IT," the report asserts.

Damian Caracciolo, vice president and practice leader at CBIZ Management & Professional Risk, said that cyber attacks affect all industries, but the type of attack deployed depends on the industry to which the company being targeted belongs. In 2015, the health care, financial services, retail and education sectors were those that saw the greatest number of cyber incidents.

Caracciolo said that cyber attacks come in many different forms, and the type of attack on any particular company depends on the type of information the intruder is looking for. Here are the five major types of attacks to which your organization would be vulnerable:

Password stealing

Brute force attacks search for vulnerabilities and attack password-protection mechanisms. (Photo: iStock)

1. Brute force attack

A very sophisticated software or algorithm which is written to do whatever it can to attack your system — by searching for vulnerabilities — and in many cases, attacks a password-protection mechanism.

The brute force attack will use a specially designed software to go through hundreds of thousands of different words, combinations of words and numbers to try to crack your password, said Caracciolo of CBIZ. He added: "They will even go through every word in the dictionary to see if they can access something like a password." 

Cyber hacker

Social engineering fraud doesn't target data, it targets the money. (Photo: iStock)

2. Social engineering/cyber fraud

"If you're in the treasury department, and I send you an e-mail that looks like it's coming from the CEO or CFO requesting that you 'wire funds on the merger acquisition that we have pending, I would like that money wired today — this is your authorization to get it done,' whoever is working in that accounting or treasury department will wire the money," said Caracciolo.

He added that they're not attacking your system, they're attacking individuals, and the company's wire-transfer policies and procedures: "We're seeing a prevalence of that today, and that's significant because the losses tend to be in seven figures. This type of attack doesn't target data, it targets the money and once it's transferred it's unlikely that you're able to retrieve that money." 

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

  • All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
  • Educational webcasts, resources from industry leaders, and informative newsletters.
  • Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Trudy Knockless

Trudy Knockless is a reporter on ALM Media's Business of Law desk.  She has a background serving legal and insurance publications. Contact her at [email protected] or on LinkedIn at Trudy Knockless. 

Commercial Lines
Corporate Risk
Cybersecurity
E&S/Specialty
Loss Control
Public Sector Risk