Harry Watson – The “What Ifs” of Cyber Security

Posted April 26, 2024

Author – Harry Watson, VP/Account Executive, CPCU – Horst Insurance

Did you know that some of the biggest and most harmful cyberattacks on record struck in 2023?

These invasions into the sensitive and critical data of our government and businesses suggest what we can expect in the future for even more cyberattacks including ransomware, malware and phishing.

One of the top ransomware demands last year, a $51 million demand to be exact, hit Johnson Controls, a technology provider, from the Dark Angels hacking crew.  They stole approximately 27 terabytes of data and encrypted the company’s servers in this cyberattack.  It was extremely concerning due to the sensitive Department Of Homeland Security (DHS) data involved.

During that same month, hackers also lifted personally identifiable information of over 10 million MGM Resorts customers. MGM expected over $100 million in losses to its financial report that quarter.  It was noted that the company expected its cyber insurance to cover the cost. MGM refused to meet the hackers ransom demand.

Another notable cyberattack from last year – Caesars Entertainment in August 2023 paying nearly half of the $30 million demand.  The list goes on and on.  There are many less publicized similar cyberattacks that occurred for small and medium-sized businesses.  We all know that every business and organization are exposed to cyberattacks.

Statista.com reports “In 2023, three in four companies in the United States were at risk of a material cyberattack, according to chief information security officers (CISO). Their concerns are based on the fact that the number of cyberattacks has been gradually increasing in recent years, amounting to $480K in 2022. Thus, cybercrime remains one of the primary risks that companies in the United States face. Cyberattacks, if successful, might have serious consequences, the main one being financial damage. According to the forecast, in 2024, cybercrime will cost the U.S. more than 452 billion U.S. dollars. However, financial losses are not what company leaders are mostly concerned about but rather reputational damage.“

Performing your due diligence demands that you must ask yourself as well as your key personnel and advisors: “What if?”

Questions for the Attorneys:  What if our system is attacked, hacked, compromised, personal data, private data, vital data of our customers, employees, suppliers is secured by hackers?  What are our responsibilities?  What does the FTC require?  What do our State and local authorities require?  Who requires proper notification?  How do we accomplish this properly?

Questions for the Controllers and Accountants:  How does a breach, encryption, ransom demand  affect our financial situation?  How do we fund for this?

Questions for the IT Department/Consultants:  What if we are attacked, breached,  encrypted?  How fast can we recover and be back online and in business?  How do we prepare to rebuild system and be back ASAP?  What measures do we take now to prevent attacks and if compromised what do we need in place to get back online and in business?

Questions for the Insurance Agent:  What if our system is encrypted or breached, a ransom demand in play or a data loss?  What insurance and risk management techniques do we need to cover all the ‘ What Ifs “?

At Horst Insurance, your Commercial Insurance Team is ready to help you protect your business from losses resulting from a cyberattack.  Contact us at https://www.horstinsurance.com/commercial-insurance/.