According to many industry experts, world cybercrime losses for 2021 will cost a staggering $6 trillion. Texas is no exception; our schools and municipalities were hackers’ favorite targets in 2021.
According to the Attorney General of Texas, 6 schools and 3 municipalities reported data security breaches from September 1, 2021, through January 31, 2022. Keep in mind, a large majority of data security breaches go unreported to our AG. Experts all agree these trends will continue in 2022 and maybe the new normal.
Data security breaches can occur in many ways, but our claims are primarily coming from two types of breaches: 1) Social engineering fraud, and 2) Extortion & Ransomware. Out of the two, social engineering is by far the most frequent, and we believe the easiest to prevent.
Social engineering fraud (fraudulent instruction): Occurs when an entity’s employee is deceived into processing a fraudulent vendor invoice. The slightest change in a vendor’s email and physical address, or the bank routing, bank account, or phone numbers should be verified. Verbally verifying these changes with your vendor contacts, as well as your internal department heads, could prevent these types of claims.
Extortion & Ransomware: Occurs when cybercriminals threaten to disable the entity’s business operations, and/or compromise its confidential data unless a payment is received. Cybercriminals typically disable access to systems by encryption and only release the encryption key when payment is received.
There are many tools to help minimize this type of risk. Employee awareness training and simulated phishing attacks are examples. We currently use and would recommend, KnowBe4 for this. The other must-have tool is Multi-Factor Authentication (MFA). If you do not currently require MFA for remote access to networks and email, please consider it immediately! It may be difficult to find cyber insurance coverage in the future if entities do not have MFA in place. Implementing tools like this could drastically reduce these types of claims.
As many of you know, TPS offers cyber liability coverage in conjunction with its general liability coverage. Chubb, through TPS, currently provides this cyber liability coverage to TPS members who choose it. Just this year Chubb introduced new Cyber Services Solutions for TPS members (policyholders). Many of these essential mitigation tools and advisory resource services are complimentary, others are offered at a significate discount. This includes discounts on MFA assessments and implementation assistance.