It’s one of the oldest plots in the movies.  A person or object of great value gets kidnapped.  A demand for money or some other form of tribute is demanded.  And either the ransom gets paid, or a rescue ensues.  The end, curtain down, talk about the film on the ride home.  Nice and tidy.

Until it happens in real life, and the true impact of ransomware – the infiltration of your computer system, complete with unwanted access to your most sensitive information – becomes all too clear.And don’t think it couldn’t happen to your small business.  Ransomware strikes at systems large and small.  In fact, a small contractor servicing a large corporation can serve as one of the easiest “back doors” for a hacker to make an enormous score.In 2019, the Internet Crime Complaint Center (IC3) received 2,047 complaints identified as ransomware, with losses in excess of $8.9 billion.  That’s billion.  With a “b.”  Even while citing those statistics, IC3 also insists that instances of ransomware remain vastly underreported, so the true total of losses is probably much higher.Intricate, elaborate, expensive software systems designed to block sophisticated ransomware attempts can be effective, and have real value in the ongoing fight.  But it’s also important to remember that ransomware hackers can gain all the access they need by the simplest of methods, as well.  A targeted phishing attack that gains the credentials of top managers can parlay that information into a quick and substantial ransom payment.So how to avoid the chilling and costly incidence of being held for ransom by outsiders capturing your proprietary data?  Establish a relationship with federal law enforcement authorities and trusted organizations like the non-profit National Cyber Forensics-Training Alliance (ncfta.net), conduct continuous employee awareness training that includes top officials of the company, increase knowledge of ransomware tactics and trends to stay ahead of the threat, and review your insurance coverage against losses attributable to ransomware attacks.The professionals at The Reschini Group can work with you to audit your exposures and craft a policy package to provide the proper level of protection.  Because being held for ransom is not a plot device in a movie that you can walk away from.  It’s all too real.

---

Copyright 2021 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

“Cybercriminals and certain foreign nations are not only at the door; they are inside our walls, and often have been for quite some time.  Defending our most valuable information should be of paramount importance for our citizens, businesses, and academic institutions.”  - Matt LaVigna, President and CEO, National Cyber Forensics Training Alliance (NCFTA).

While the fact of cybercrime can hardly be news, the scope of it recently made worldwide news, as multiple departments across the federal government were discovered to have been infiltrated by foreign actors, sometimes for months before being detected.  In that time, untold volumes of sensitive documents impacting U.S. homeland security, relations with countries around the world, financial and diplomatic secrets, and much more may have been compromised, perhaps permanently.The same dynamic impacts businesses of all sizes, across all industries and locations.  Malicious actors with an abundance of skill and lack of ethics can many times forge their way into an organization’s cyber presence.  Their ability to monetize information can be just as shocking in its effectiveness as the way they break codes and seize data.The NCFTA reports that, while cybercrime is a relatively underreported event, consider that over the last five years, the Internet Crime Complaint Center received more than 1.7 million complaints and, in 2019 alone, reported losses exceeding $3.5 billion.The coronavirus pandemic’s impact on cybersecurity may be that, as pressure increases on budgets as companies recover, resources dedicated to cyber protection get reduced.  Sharing information among peers about cybersecurity best practices helps, as do specific tactics to protect software, hardware, employee activities, regular backups and encryptions.But not to be forgotten in this collection of cybercrime defense is having adequate and appropriate insurance coverage.  As the types and levels of potential damage from cybercrime can vary, so do the insurance options available to organizations.The professionals at The Reschini Group can assist you in evaluating your exposure to cybercrime, and in fashioning a coverage package that keeps you and your organization safe.  Because the threat is everywhere, and growing.

---

Copyright 2021 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

Recovering from a cybersecurity incident can be a daunting undertaking, especially if you’ve lost information that’s critical to running your business. But you can limit the damage to your company and your reputation by developing a solid recovery plan in advance.

Conduct a full, encrypted backup of your data on each computer and mobile device at least once a month, shortly after a complete malware scan. Store these backups at a protected, off-site location. Save your encryption password or key in a secure location separate from where your backups are stored. Many software applications will allow you to encrypt your backups.  With your backups in place, if a computer breaks, an employee makes a mistake, or a malicious program infects your system, you’ll be able to restore your data. Without backups, you’ll have to manually recreate your business information from paper records and employee memory.It’s essential to back up data such as:

• Word processing documents and electronic spreadsheets
• Databases, especially customer relationship management (CRM), financial, human resource (HR), and accounts receivable (AR)/payable (AP) files
• Product design and manufacturing data
• Other operational technology (OT) data such as machine and process condition monitoring and analysis
• System logs and other information technology (IT) information

Don’t worry about the software applications; just focus on the data. Store your backups on an external USB hard drive, other removable media, or a separate server. Use caution when selecting a partner if you decide to store your data online and encrypt all data prior to storing it in the cloud.Hard-drive backups should be large enough to hold all your monthly backups for one year. Create separate folders for each computer so you can copy your data into the appropriate folder on the external drive. After your backups are complete, test them immediately to ensure your efforts were successful.Like flood or fire insurance, you can purchase cyber insurance for your facility. These services can help you recover from an information security incident more quickly and effectively and may cover the cost of:

• Cybersecurity expertise to assist in identifying the extent of damage caused
• Consultation to help investigate the incident and report it to the appropriate authorities
• Loss of revenue due to downtime
• Legal fees, fines, and penalties incurred

The Reschini Group can help you navigate the ever changing world of cybersecurity. Contact us today to discuss your situation.

---

Copyright 2020 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.Excerpted from: https://www.nist.gov/blogs/manufacturing-innovation-blog/how-recover-cyber-attack

Take a look at your business’ general liability insurance policy, and you’ll probably see a reference to property damage.  To the uninitiated, that sounds like it covers a multitude of potential events – even an online hack or attack, right?

Wrong.  Seriously wrong.

Cyber liability insurance is not automatically included in a general liability policy.  Cyber liability insurance, priced and purchased as its own policy, can pay for expenses if a small business suffers a data breach or malicious software attack, including customer notification, credit monitoring, legal fees, and fines.According to Insureon.com, when criminals infiltrate a network, steal data, or hold data hostage, the business they steal from could be held liable. A data breach at a small business can end up costing thousands of dollars in customer notification expenses, legal fees, and fines or settlements.  In fact, the average cost of a small business data breach is $86,500, according to the Internet security firm Kaspersky Labs. The coverage included in cyber liability insurance pays these costs, allowing your company to survive a breach.And don’t assume that hackers won’t come after small businesses.  A recent report by Verizon found that 61% of all cyberattacks hit small businesses, and that those attacks often succeed because small businesses are less likely to have a strong defense.Cyber liability insurance is key for companies that handle sensitive information, work in the cloud, operate in cybersecurity, or typically handle:.

• Credit card or bank account information
• Medical information
• Social Security or driver license numbers
• Customer names, email addresses, phone numbers, and addresses
• Cybersecurity for other businesses

Contact the professionals at The Reschini Group to learn more about fashioning an appropriate cyber liability insurance package for your business.  Your existing general liability policy may not be quite enough.

---

Copyright 2020 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm. 

“You can’t propose that something be a universal space and at the same time keep control of it.”

So said Tim Berners-Lee, the man credited with inventing the World Wide Web.  And who would know better?

In that same spirit of seeing the Internet as a loose conglomeration of ideas and innovation, with billions of people passing through at any given time, no wonder the world of cyber insurance can be so difficult to pin down.As a result, most cyber insurance is sold a la carte.  Because each business owner has a distinct set of needs, employee variables, interactions with other entities in the supply chain and customer channels, and other factors to consider, assembling an insurance plan to meet all of those needs – each of which remains fluid and subject to adjustment at all times – can require a lot of homework and planning.Policies in this sphere are highly customized collections of modular coverage terms.  Premiums and payouts can depend on a company’s history, data risks and exposures, current practices, financial health, and more.  The wise business owner does not select a cyber protection policy based on cost, but rather on need.When it works well, the premium for a cyber policy matches the business’ risk profile.  To save on premium costs, in other words, make your cybersecurity systems stronger and tighter.  Regardless of how well your cyber operations function, though, making sure you’re protected remains a paramount goal.Contact the professionals at The Reschini Group for guidance on building a cyber insurance policy tailored to your precise business needs.

---

Copyright 2020 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

It’s a natural impulse, especially perhaps when it comes to purchasing insurance coverage.

And even more especially when the insurance coverage is for something as intimidating as cyber security – a vague, nondescript, fuzzy and murky world that many people don’t truly understand, whether they would admit it or not.

The natural impulse in question comes in the form of “making sure.”  Is my policy loaded up sufficiently to safeguard my organization?  Hmm, I can’t be certain.  Let’s load it up, just to “make sure.”  That is not necessarily a bad thing or a wrong decision.  Getting all the facts, of course, can provide greater clarity.One area of cyber security insurance presents an option between first-party and third-party coverage, and the choice in this segment, at least, can be pretty easily understood and acted upon appropriately.First-party cyber insurance covers the costs associated with being the victim of a hack.  That includes everything from notifying clients of the breach, to weathering the storm of lost revenue that typically follows.  Third-party cyber insurance helps cover the risks of being blamed for a breach, particularly if the company in question does assessments of digital security – a fairly narrow area of specialty – or when a gap in one’s own security is responsible for passing on a virus to another organization.Policies have evolved to cover first-party exposures more extensively, but third-party exposures and coverage grants are still present and quite possibly required to be purchased.But think of “third-party” as being the same as a lawsuit.  In that case, if a business is not providing media services for a fee or IT services, its third-party exposures probably revolve around the following typical coverages:

• A Media clause offering coverage for claims alleging liability resulting from the dissemination of online or offline media material, including claims alleging copyright/trademark infringement, libel, slander, plagiarism or personal injury. This could include websites, social media sites, and chat rooms. 
• A Privacy & Network Security clause would involve third party actions or lawsuits involving customer information, vendor information, or employee information.

Do you want to “make sure” when it comes to cyber coverage?  Contact the team of professionals at the Reschini Group for more information on cyber security options that make sense for your organization.

---

Copyright 2020 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The process of selling and purchasing real estate can be arduous enough.  Think about all of the highly sensitive and personal data that gets revealed and transferred – financial statements, tax returns, Social Security numbers, and more.

Then think of the bonanza a cyber criminal would reap from tapping into that cornucopia of information.  Cyber insurance quickly becomes a vital component of the real estate business’ arsenal.According to insurance industry sources, cyber liability insurance helps real estate agents, commercial landlords, and other real estate professionals pay for expenses associated with data breaches.  If a cybersecurity breach would occur, a cyber liability policy could provide coverage for:

• Notifying clients or customers about the breach.
• Good-faith advertising or public relations campaigns to restore reputation.
• Credit monitoring services for affected clients.
• Cyber extortion demands.
• Attorney’s fees.
• Court costs.
• Settlements or judgments.

Real estate businesses regularly handle sensitive customer data and perform sizeable transactions.  Should any of this electronically transmitted data get stolen or otherwise compromised, customers are immediately placed at risk of theft – including identity theft – and could file suit against the real estate business.There is absolutely no reason to remain open to such exposure.  Contact the team of professionals at The Reschini Group for information on how we can fashion a cyber liability package for your organization.

---

Copyright 2020 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The market for cybersecurity coverage remains competitive, and more business owners have decided to invest in insurance policies to protect from hackers and malware.  That’s the good news.

But the risk still outweighs the precautions taken, according to insurance industry watchers – and that’s the bad news.  Not enough clients are adopting the coverage, especially when proof continues to pile up that no organization is safe from a cyber event.

A 2019 Cyber Readiness Report from specialty provider Hiscox found that 53% of U.S. businesses reported a cyber attack in the previous 12 months, from 38% the previous year.  In all, 45% of those companies experienced three or more attacks in the past year.  Yet 27% of firms have no plans to adopt cyber insurance, according to the report.Considering the potentially devastating cost of recovering from a cyber attack, that statistic becomes especially alarming.  According to McAfee’s 2018 Economic Impact of Cybercrime Report, the global cost of cybercrimes is estimated to be between $445 billion and $600 billion.  But less than 20% of all businesses have purchased cyber insurance.  That rate continues to increase, but not nearly to the degree to guard against harm to the level of exposure that remains.Adopting a line of thinking that “It won’t happen to me” may be the biggest mistake of all, according to industry experts.  Business owners who only think of cyber attacks in terms of data breaches miss the other risks that exist, including extortion and business interruption – all of which represent serious and costly issues that need to be addressed through coverage.The team at The Reschini Group can help put together the best package of cyber protection coverage for your business, regardless of size, scope, or industry.  Contact us to learn more.

---

Copyright 2019 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice.  To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.

The major data breaches may get all the press – 150 million accounts exposed at Under Armour, 92 million at genealogy firm MyHeritage, 87 million at Facebook, and 145 million at Equifax, the largest U.S. credit bureau, revealing even Social Security numbers.

But that doesn’t mean small businesses are immune to cyber crime.

According to the Insurance Information Institute’s (III) 2017 report, Protecting against #cyberfail: Small business and cyber insurance, insurers foresee substantial increase in coverage among the small business segment, as these companies become aware of the possibilities of liability, especially due to a breach and the resulting response costs arising out of the possession of private data.According to the III, 10 percent of small businesses have suffered one or more cyber incidents in the prior year, with the average cost of cyber-related losses totaling $188,400. Only about one-third of firms surveyed had cyber insurance, nearly 60 percent of respondents said their company is very concerned about cyber incidents, and 70 percent think that the risk of being victimized by a cyberattack is growing at an alarming rate.Cyber insurance evolved as a product in the United States in the mid- to late-1990s as insurers have had to expand coverage for a risk that continues to rapidly shift in scope and nature. According to the National Association of Insurance Commissioners, 140 U.S. insurers reported writing some cyber insurance premiums in 2016.Online criminals keep adapting their techniques and level of sophistication just as quickly as technology evolves.  Convincing oneself that cybersecurity – and the attendant insurance coverage – is not necessary, just because a business isn’t “big enough” represents a bet that could be incredibly costly if lost.  Just because a danger may be hidden in the shadows doesn’t mean it’s not there.The cyber insurance experts at The Reschini Group can help you fashion a coverage package that makes sense for your business and your budget. Read more and download cybersecurity resources by clicking here or contact us to talk more about this important consideration.

---

Copyright 2019 The Reschini GroupThe Reschini Group provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.