HOT TAKES. ONE PLACE.
There's a LOT to know about insurance. So, whether you've got a specific question or just want the 411 on what we do, click around on the articles below.
Average Data Breach Cost Hits All-time High of $4.4M
According to IBM’s annual Data Breach report, the average cost of a data breach reached an all-time global high of $4.45 million, up 2.3% from 2022 and 15.3% since 2020. While $4.45 million is the average across the 16 countries included in IBM’s survey of 553 organizations, breaches in the United States cost far more than the average. The 2023 average hit $9.48 million, according to the report.
The Value of Cyber Insurance
As cyberattacks become more frequent and costly, it’s crucial for organizations to maximize their financial protection against related losses by purchasing sufficient insurance. Cyber coverage, also known as cyber liability insurance, can help organizations pay for a range of expenses that may result from cyber incidents—including (but not limited to) data breaches, ransomware attacks and phishing scams.
The 3-2-1-1-0 Data Backup Rule
It is essential to effectively back up data since its loss can have significant financial and reputational consequences. Yet, as technology advances, backup strategies also evolve. For example, the 3-2-1 rule, a long-held data backup standard, has developed into the 3-2-1-1-0 rule that provides businesses with more robust guidance on mitigating the risks associated with data loss.
How Cybercriminals Are Weaponizing Artificial Intelligence
The past few years have seen artificial intelligence (AI) surge in popularity among both businesses and individuals. Such technology encompasses machines, computer systems and other devices that can simulate human intelligence processes. In other words, this technology can perform a variety of cognitive functions typically associated with the human mind, such as observing, learning, reasoning, interacting with its surroundings, problem-solving and engaging in creative activities.
Preventing Data Theft by Departing Employees
When employees leave a company, there is a heightened risk of data theft, which is also known as data leakage or exfiltration. This risk is present whether an employee’s departure is voluntary or not.
Ransomware Attacks Rising Again
There has been a significant ransomware resurgence in 2023, with the number of victims in March 2023 nearly double that of April 2022 and 1.6 times higher than the peak month of 2022, according to the Ransomware Threat Landscape 2023 report from Black Kite.
Managing Cyber Risks in a Down Economy
To help minimize growing inflation concerns that have spanned across industry lines over the past few years, the Federal Reserve (Fed) has steadily been hiking up interest rates. Economic experts predict the Fed’s efforts will eventually pay off in 2023, with inflation issues subsiding throughout the year.
Data Breaches With Unreported Root Causes Continued Upward Climb in Q1
While 2023 started with fewer publicly reported data breaches, an increasing number of breached organizations failed to share detailed information about their root causes of events, according to the Identity Theft Resource Center’s (ITRC) latest data breach analysis.
White House Cyber Strategy Floats Federal Backstop, Liability for Software Makers
The Biden administration highlighted the potential of a federal cyber insurance backstop as a key objective of its long-awaited national cybersecurity strategy and a push to hold software manufacturers accountable for vulnerabilities in their products.
Extended Detection and Response Explained
Extended detection and response (XDR) is a security solution that offers organizations end-to-end visibility, detection, investigation and response across multiple security layers. Unlike endpoint detection and response (EDR), XDR provides a holistic view of threats across the entire technology landscape rather than only those within managed endpoints.
Cybercrimes Against Small Businesses Drop, but Challenges Remain
Small businesses and self-employed people saw fewer cyberattacks and data breaches over the previous 12 months. Still, significant risks remain for this corner of the economy, according to the Identity Theft Resource Center’s (ITRC) 2022 Business Impact Report.
10 Essential Cybersecurity Controls
Cyber incidents—including data breaches, ransomware attacks and social engineering scams—have become increasingly prevalent, impacting organizations of all sizes and industries. Such incidents have largely been brought on by additional cyberthreat vectors and growing attacker sophistication.
Creating a Cybersecurity Culture
Employees are an organization’s first line of defense against cybercriminals. For this reason, they are also commonly targeted. In fact, the vast majority (88%) of data breaches are caused by employee mistakes, according to Stanford University. Unfortunately for organizations, a single mistake can result in costly losses, reputational damage and lost or stolen data.
Managing End-of-Life Software
At some point, all software will reach the end of its life. This means manufacturers will no longer develop or service the product, discontinuing all technical support, upgrades, bug fixes and security fixes. As a result, end-of-life (EOL) software will have known vulnerabilities that cybercriminals can easily exploit. This article discusses the risks of continuing to use EOL software and discusses best practices for organizations to mitigate this risk.
General Cybersecurity Best Practices for Modern Vehicles
Modern vehicle technology has transformed in the past several years as autonomous driving, vehicle electrification and car connectivity features have become more common. While these digital innovations in the automotive industry have added significant customer value, they have also exposed vehicles to cybercriminals attempting to gain access to critical in-vehicle electronic units and data.
Attack Surface Management Explained
An attack surface is the total possible entry points (a.k.a. attack vectors) for unauthorized access into any system. The recent increase in remote and hybrid work combined with the shift to the cloud and widespread implementation of software-as-a-service (SAAS) applications have made attack surfaces increasingly large, complex and difficult to defend against cyberattacks.
Patch Management Explained
Patch management is the process of acquiring and applying software updates to a variety of endpoints, including mobile devices, computers, servers and embedded devices. Installing patches regularly is necessary to correct errors, help protect data and optimize system functions. This article provides information on how a consistent approach to patching and updating software can limit exposure to various exploits.
Endpoint Detection and Response Explained
Endpoint detection and response (EDR) is a cybersecurity solution that continuously monitors security-related threat information and endpoint data to detect and respond to ransomware and other kinds of malware. It provides visibility into security incidents occurring on endpoints—such as mobile devices, desktop computers, laptops, embedded devices and servers—to prevent damage and future attacks.
Ransomware, BEC Caused Half of All Claims in 2020, 2021
Ransomware and business email compromise (BEC) caused the most cyber insurance claims over the past five years, accounting for 44% of about 7,000 claims examined in NetDiligence’s 2022 Cyber Claims Study. The percentage of claims attributed to these two causes of loss rose to 50% for claims reported in 2020 and 2021.
Clear and Precise Policy Wording: The Key to a Mature Cyber Insurance Market
According to a recent analysis from S&P Global Ratings (S&P), the cyber insurance sector needs “clear and precise policy wording” to build a sustainable market and encourage contract certainty for buyers and insurers. The cyber coverage segment has grown faster than any other subsector of the insurance market, reaching $9.2 billion in global premiums in 2021.