US Pro Insurance Services is a leading brokerage firm for Cyber Liability products as well as a speaker and educator on threats facing commercial businesses, insurance agencies, and the solutions available to protects against financial impairment. Remember, financial losses as a result of a Cyber attack/event have more potential to be larger than the dollar loss from a Property fire claim.
In this edition of the Cyber Liability Underwriting Exposures (CLUE), we take a very serious look into the largest Cyber attacks from 2011, as well as a very timely story from January 12, 2012, guaranteed to rattle even the biggest skeptic about the exposures their business is facing every single day.
The Biggest Hacking Attacks of 2011
- RSA- The computer security vendor fell victim in March to an Advanced Persistent Threat (APT). An APT is an attack which is carried out by a highly skilled and well funded group with a specific purpose at hand. They are a maker of SecurID Keys used by government agencies and Fortune 100 companies to access encrypted systems.
- EPSILON- The world’s largest email marketing services company, whose customers include Walmart and Capital One, was hacked in March as well. Targeted were the companies email marketing lists in order to create phishing campaigns in order to gather user’s sensitive personal information.
- SONY- One of the world’s largest electronics manufacturers saw its Playstation platform hacked in April in a devastating event. The thieves were able to steal, or had access to, all of the 70 million user accounts, along with their names, addresses, dates of birth, email addresses, passwords, logins, handles, profile data, billing histories, security answers, and credit card information.
- MICHAELS- In May, the arts/crafts giant Michaels notified its customers of a breach event where 70 of its in-store PIN pads countrywide were tampered with using skimming devices. Skimming devices electronically grab data as a card is swiped. The users credit and debit information was recorded, duplicated onto fake cards with the same information, and then electronic withdrawals from ATM’s were made in Nevada and California.
- LOCKHEED-MARTIN- Using the SecurID codes stolen in the RSA attack in March, hackers in the end of May attempted to generate one-time pass codes into the systems of the US defense contractor. They were detected before the pass codes were generated, and the company released a statement saying that data was not compromised.
- GOOGLE- June brought us the compromising of Google email accounts of select members of the U.S. government by Chinese hackers. Spear phishing was also used in the attack where the attackers had hoped to find sensitive emails on the Department of Defense employees’ PC’s, where security is less restrictive.
- CITIBANK- Also in June, 200,000 accounts were compromised by hackers who accessed names, emails and account numbers. Although the company said no credit card or social security information was stolen, they spent more than $2,000,000 to replace 100,000 credit cards. 1% of its 21 million customers were affected.
- INTERNATIONAL MONETARY FUND- The IMF publicly announced an extremely sophisticated cyber attack that had been ongoing over several months. Hackers used a “spear phishing” technique, originated by an unknown nation, to take over a single PC to transfer documents considered “political dynamite in many countries”. Spear phishing is the targeted emailing of infected links from people it seems a recipient can trust. The recipient would click on the link and infect their computer.
- (Source Business Insider July edition)
This brief listing is a small sampling of over 760 companies hacked totaling almost 23 million records. An article written in Information Week from just last week tells a tale of an emerging crisis as we head into 2012. The article, bannered “Hack Attacks Now the Leading Cause of Data Breaches”, is summarized as follows.
- The Identity Theft Resource Center identified hacking as leading data breach threat in 2011, followed by data lost in transit and insider theft.
- Hacking, which include credit card skimming, accounted for 26% of all known data breach incidents, more than 8 points higher than data lost in transit (mobile devices).
- 22.9 million records were exposed in 2011, 81% of which included social security numbers.
Potential exposures to hacking by industry class include the following:
- Governmental or armed services records accounted for 44% of all records exposed, followed by-
Non-financial businesses at 33%
Medical and healthcare groups at 16%
Educational institutions at 4%
Financial services at 3%
- Non-financial includes insurance agencies, hospitality, manufacturing, professional, real estate agencies, and all other industries not listed above.
As I read this information, and wrote it into a format you can use, it made my conviction in the need for this even that much more stronger. I am convinced that those agencies that do not begin offering this coverage to every commercial customer are going to be sued for E&O should a loss occur, as this information is becoming so well known due to the high profile nature of these news-worthy events.
What are you doing today to protect your customer, and to protect yourself? US Pro makes it super easy to get terms for your clients with a short form application that is easy to complete for terms.
Our knowledge and understanding of all of the exposures, and our experience at doing agency-wide seminars all over the Midwest, teaching our customers on the need to sell this and how to sell this, makes it an easy choice for you to send this business in for our immediate attention.
To request the short form application, or to send us a submission today, simply reply to this email or send us a an email at firstname.lastname@example.org and let us go right to work for you.
EVERY CLASS of EVERY SIZE is eligible for consideration by one of our 15 carrier partners.