<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=905697862838810&amp;ev=PageView&amp;noscript=1">

BusinessHub

SWBC's BusinessHub blog is a one-stop resource for business owners and company decision makers.

 

[Video] What Businesses Need to Know About Cyber Threats


video-what-businesses-need-to-know-about-cyber-threats-bodyRecently, I sat down with Brett Morgan, SVP of Sales, to talk about the prevalent threat of cyber attacks and how these threats can affect businesses. Check out our video to learn:

  • what a cyber attack is

  • how it can impact a business

  • what types of information and industries hackers are going after

  • what cybersecurity insurance covers

 

Lisa Pinto:

Two words for you, cyber security. That is a hot topic these days and one that we're going to discuss, and with me to tell us more about it, what it is, and why it's important is Brett Morgan, our Senior Vice President of Insurance Services and our in-house Cyber Liability Insurance expert.

Brett Morgan:

Thank you, Lisa. Thanks for being here.

Lisa Pinto:

So, let's talk a little bit about this because if you read a newspaper, if you watch the news, you hear a lot about cybersecurity; you hear a lot about cyber attacks, cyber breaches. What does that mean?

Brett Morgan:

Well, there's a lot obviously in the press on cyber today, but what a cyber attack is—it's really any offensive maneuver that takes control of the computer or breaches a computer; mainly disrupts the way business is done.

Lisa Pinto:

And how does this affect business owners?

Brett Morgan:

Well, today, what the way it's affecting business owners, it can absolutely put them out of business. It can stop their business for a matter of days or months. And, there's a lot of things that are going on today, specifically where the cyber attackers have now begun to go after, especially businesses that are involved with the infrastructure and the running of business in America.

Lisa Pinto:

Wow. And you just mentioned something that's super important. The businesses need to make sure that their employees know that this is happening in the world because they're the ones that are targeted.

Brett Morgan:

Exactly, I mean, I think every business is trying to lock down their systems. They're trying to buy the right types of software to protect them. But quite frankly, where most of these breaches start is with an employee pushing a button. So it's very important that we educate employees on what needs to be done for cyber.

Lisa Pinto:

So are there specific industries out there that they get hit more than others?

Brett Morgan:

Well, with ransomware, it seems to be across the board. However, when we're seeing some of the attackers that are coming in from Russia, China, and other places, obviously governments are being approached. Our grid for energy is being approached. Financial institutions and manufacturing are all places that are really in a situation that they can be attacked at any time.

Lisa Pinto:

So it's really businesses that are holding on to what we call personal identifiable information for their clients. And I guess employees too, right? Because a company has their employees' information.

Brett Morgan:

Every employer has their own employees' information. You know, they have their information that they're providing for their benefits and for their healthcare. They have their social security numbers, they have their bank account information for direct deposit. So yeah, every employee makes any company approachable for a breach.

Lisa Pinto:

And is it true too that the healthcare industry is really one that's being targeted because they have all of a person's information?

Brett Morgan:

Exactly. Healthcare for personally identifiable information. The cost for healthcare records is about 10 times what it would be for someone just that has a social security [number] or a date of birth. So healthcare is certainly an area that has to be looking at cyber breaches. They have to do everything they can to lock down their systems.

Lisa Pinto:

So, let's talk a little bit about cyber liability protection. And that's the side of things that, that you work with, right? Why is it so important that a company protect themselves this way? Not just making sure that their employees are trained and making sure that they have all of the locks in place, but also making sure that they have this insurance?

Brett Morgan:

Well I've been selling cyber security insurance for over 15 years, and it seems like every two to three years our focus and concern sort of either changes or enhances, but today what the policy can provide is a lot of things that are needed in the event that they have either a ransomware attack or they're breached and personally identifiable information has to be reported. So, it's going to provide coverage for first-party in repairing the systems that had been breached. We need to make sure that it's going to cover what I'm charged for, what I'm bringing in, accountants to re-certify the systems. But even more than that, in today's environment, business income has become the big, big word in cyber liability. And there's a lot of policies out there that just don't provide it. However, if you're going to be down two months, you have to find out what that would cost your company and the amount of revenue and receivables lost to get back on your feet.

Lisa Pinto:

Because some people look at their policy and there might be a little blurb in there about cyber liability coverage, but they really should look an entire policy for that. A separate policy.

Brett Morgan:

Absolutely. There are some companies out there that are providing what we call "cyber light" coverage; very small limits. And I think, um, one of the things we use as a breach calculator that can help identify and recognize exactly what a breach may be for a company.

Lisa Pinto:

Small businesses?

Brett Morgan:

Small businesses.

Lisa Pinto:

Let's talk about that for a minute. Yeah, they may think, I don't, I don't need protection.

Brett Morgan:

I don't need protection; it's not going to happen to me. But most of these businesses that are being hit for breaches, quite frankly, are small businesses and it can be catastrophic to a small business. I tend to think that cyber liability and a cyber breach to a small company may be more critical and more important to purchase than even fire insurance today because it's more likely to happen than having a broad fire that's going to knock their business out.

Lisa Pinto:

Wow. So, if somebody's watching and they're a business owner, how would you suggest that they educate their employees on their risk of exposing their business to threats?

Brett Morgan:

Well, when SWBC takes an approach with cyber liability, one of the things that we do is we try to work with the IT team and the human resources team f a company. And we're going to look to see the ways that that company is approaching their cyber, and the way they're educating their employees. We're providing additional tools that insurance companies are providing every day. And I think the education piece has to be at the center of what's going on and not once a year. Because what we find out is in behavior today that you teach our employees once a year, you get a pretty good grade and 90 days down the road they've already forgot what they've learned.

Lisa Pinto:

Right, right. So I know you've mentioned this, but let's talk again on some of the tips that you can give businesses that they can share with them, you know, their teams or their employees to do whatever they can to stop a breach.

Brett Morgan:

Well, I think the first thing that's probably, we've see that it's most important today is to making sure there's dual authentication on getting into their computer systems. I think that making sure if you can to denote whether emails are coming from inside the company or outside the company. If they're coming outside of the company and you don't recognize it, then you have to be very, very careful that you may be in a situation for a phishing exercise that may be either asking for money or damaging the systems. So I think those are two of the things that we can look at. The third thing is I think employee education. Whether you're doing this through running the employees through a system where they may get caught. You know, employees today are all using their to go outside of the system, whether it's for shopping or whatever. And I think there has to be some real education of what they should or should not do on those company computers.

Lisa Pinto:

Awesome. Well, again, you have brought to light some very important information. It's something I know that you stay on top of and we really appreciate your advice.

Brett Morgan:

Thank you.

video-what-businesses-need-to-know-about-cyber-threats-listing

Leave a comment below!