What’s the Difference
Cyber Extortion and Cyber Crime (what many call social engineering). These are two of the fastest growing threats to commercial entities, nonprofits and municipalities. Cyber Insurance programs respond differently to these types of events, and the language in the policies for this coverage is very different from carrier to carrier.
When dealing with coverage for both Cyber Extortion and Cyber Crime threats, be sure to first understand what event(s) trigger the coverage into response. Complement this knowledge with an understanding of the differences between these two types of crimes and what the potential financial impact may be.
Cyber Extortion
A Cyber Extortion event occurs when an intruder has gained unauthorized access to or use of one’s systems and infecting it with what is commonly known as Ransomware. Ransomware comes in varying forms, but with two main types: Computer Locker and Data Locker. Each presents a unique challenge, with Data Locker being the more sinister and serious of the types. Here are the characteristics unique to the Cyber Extortion crime:
- The action is an overt action, known by the Insured, usually because of failing systems or networks, inability to access data, or by direct communication from the extortionist.
- The extortionist will make a demand for a specified sum of money. This may be a flat fee to gain the encryption key, or it may be an escalating amount based on the sooner you pay, the less the amount is to gain the encryption key.
- The financial impact from an extortion attack varies by size and by type of data ransomed, but many suggest that it remains under $1000 on the average per attack. But this is not the entire tale of a business’ financial impact. There is risk of data loss/restoration cost, business interruption expenses for lost productivity and employee salaries, and in some cases, third party lawsuits from individuals impacted by inability to process business with you during any interruption period. However, in most extortion events the cost is not bankrupting.
Cyber Crime
Cyber Crime is very different and it involves the fraudulent instruction of payment, the electronic theft of funds of the business, deceptive invoicing, and telecommunications fraud among other things. Cyber Crimes are committed through use of social engineering devices, such as phishing or whaling, outside hackers, or rogue employees. Some of these criminals’ methods have become very sophisticated and hard to discern, and as a result, huge financial losses by all sizes and types of entities have occurred.
Cyber Crime is the most likely event any one commercial entity will experience. Training employees and implementing various written authorization and voice verification procedures relating to electronic funds transactions should be a priority. Most of all, understand the method and motive of the Cyber criminal vs. the exortionist above:
- The action is a covert action. The cyber criminal goes undetected, committing their crimes disguised as you or your employee or your vendor while completing illegitimate business transactions in a Cyber Crime event.
- The intent of the cyber criminal is to commit their crimes without your knowledge, rather than with your knowledge and with a specific demand for you to perform an action. Therefore, there is no direct communication or instruction to the Insured with a ransom or demand.
- The financial loss to a business is usually substantial, and average in the tens of thousands of dollars. For some entities, it has meant financial ruin.
Protect your customer by knowing the threats and how to transfer that risk. US Pro wants to help your customer get the best coverage for the best rate for their business. Send us your Cyber submission today, or enter the information shown on our web page to get your quote. Simply click HERE to enter that information.