Virtual Crimes Cause Real Damage

There are criminals out there who can damage your business and reputation, but these criminals aren’t lurking around a corner to attack you, or break into your offices to steal money or information.

cyber security insuranceCyber criminals do their deeds from their computers, hacking networks to steal funds and information about your clients and your business. There have been some especially high-profile examples, such as the infamous Sony hack of November 2014 that exposed trade secrets via emails, and seriously affected the box office gross of the move, “The Interview.” In 2013, the megastore chain Target paid $10 million to customers for a hack that exposed credit card information and led to unauthorized charges.

“The ability of hackers to get into your systems and find information is a threat that we all face,” says Jennifer Amend, Commercial Lines Manager for Clements Worldwide. “As we talk more about cyber terrorism, this might be any company with a public-facing domain that threatens the ideology of a non-state actor, so security companies, multinational infrastructure companies or even humanitarian aid organizations could be at risk.”

Theft via Cybercrime

Three key potential cyber attacks that companies need to be aware of are:

  1. Cybercrime
  2. Cyberterrorism
  3. Cyberwarfare

Cybercrime is using a computer, or other device, to commit crimes including theft of funds, information or copyrighted material (music, movies, books, etc.). Other cybercrimes include fraud, stalking, or luring victims into a situation where they can be assaulted.

If someone steals money via a computer, they are committing the same crime as someone who robs a bank, or a train. Performing the crime via a computer means a thief can rack up many victims while sitting at a keyboard, but a cyber crime essentially means someone breaking their law for their own, personal benefit.

cyber riskNon-profits have risks of their own in regard to online security breaches. According to an article on The Chronicle of Philanthropy’s website, criminals who steal credit cards often test them on non-profit websites. There are two key reasons for this: non-profits often make it easier to finalize an online transaction that businesses do, and it’s more difficult to trace an online transaction as compared to a purchase made in person.

Non-profits not only have to return the donations, they also have to pay charge-back fees to the credit card company, which be as high as $25. There have been instances where thieves made hundreds of charges to a stolen card, and the company has to pay that fee for each invalid transaction.

Additionally, there have been cases where a non-profit’s donor database has been stolen and “solicited for donations”, however the donations are really flowing to a PO Box set up by the thief.  It may be awhile before this deceit is discovered, probably when a “donor” looks for a receipt or recognition letter.  The cost in lost donations and lost reputation can be substantial. 

Private schools and both public and private universities can also be targeted. A couple years ago, Ohio State University revealed that more than 760,000 records for current and former Ohio State University students, faculty and staffs had been compromised when hackers accessed an unsecured university server. Records included names, Social Security numbers, birth dates and addresses. OSU put aside an estimated $4.1 million to go toward costs.

What is Cyberterrorism?

Quite simply, cyberterrorism is the act of committing terrorist acts with a computer. That means committing harm (or threatening to) in the name of a political cause.

Cyberterrorism is often one tactic used by terrorist groups in addition to deadly in-person attacks, such as bombings, shootings, or using planes and weapons as on 9/11. It is used to unsettle people and make them afraid in order to intimidate them into supporting, or giving into, a religious or political cause. In 2013, The New York Times, Twitter and other online media outlets were reportedly hacked by the Syrian Electronic Army, which supports Syrian President Bashar al-Assad. Those companies lost control of their websites so that people who went to them were redirected to a site controlled by the group.

An increasing risk is that of an organization’s information being held hostage. “Ransomware” is a software hackers use to hold data hostage by blocking it until a ransom is paid. Non-profits can be targets because they’re cause might be political, and a terrorist group with an opposing ideology may want to damage it, and use the money for its own cause. Non-profits also are targets by thieves who simply want the money. Last November, the Rockford Register Star News in Rockford, Illinois, reported that an agency that helps people with development disabilities was a victim of such a scheme, with the hackers demanding ransom to unlock the data. An FBI agent advised not to pay the ransom, but other experts and officials disagreed, and the group, eventually decided to best choice was to pay the ransom, which it did via bitcoin, the digital payment system.

The Battleground of Cyberwarfare

The definition of cyberwarfare is not quite as clear as cybercrime and cyberterrorism. It mostly applies to actions taken by one nation to attack computers or networks of another nation, but the term has been used to describe actions by terrorist groups, or when companies or ideological groups attack each other.

Countries around the world include cyberwarfare as part of their military plan of action. There were reports that the United Kingdom hacked an Al Qaeda website to replace a plan to make a pipe bomb with a cupcake recipe. Meanwhile, lawmakers in the United States have talked about the potential threats to America’s computer network and infrastructure via cyberwarfare. The New York Times has reported that President Obama ordered a cyber attack on Iran’s nuclear enrichment facilities.

Private companies aren’t immune to cyberwarfare. For example, the U.S. government announced that it believed the government of North Korea was involved in the Sony hack because of the release of the comedy film, “The Interview,” which was about a plot to kill North Korean President Kim Jong-un.

Protecting Your Company

Amend says that any company that has a public facing website should protect itself from these forms of cyberattacks. She adds that coverage can include loss of income as a result of hacking and the cost of notifying members or individuals that they may have had their data stolen or hacked.

“Cyber policies have basic coverage that can then be enhanced by endorsement and additional premium to cover a wide variety of activities and potential losses, including ransom payments that might have to be paid to protect data privacy” she says.

Amend adds hackers can damage your bottom line, and your company’s reputation.

“Hacks can cause your company brand damage, and expose customers’ private information,” she says. “There also is the problem of hackers finding your employees’ information, office communications and, for certain organizations, donor information.”

It Could Be Happening to You

The scariest thing about all of this is that your company already could be a victim of a hack or cyberattack without you knowing it.

“There are companies every day that are being hacked for information and they are not aware of it,” Amend says. “We only hear about the ones that are major in the news.”

She adds that trying to figure out how many companies have been hacked is difficult because many don’t even know about it and others don’t publicize the fact they’ve been hacked.

“Many companies do not publicize as they do not want to damage their brand,” she says.

Getting Covered

There are steps you can take to protect your company from these crimes, and one of the keys to protection is the right cyber liability coverage.

“Clements is a full service insurance broker,” Amend says. “We have access to the entire insurance marketplace in order to investigate the alternatives for our clients for this type of coverage. There are numerous insurance companies in the world that will write this type of coverage.”

Clements Cyber Security insurance coverage protects organizations of all sizes, including nonprofits, across a variety of costs including regulatory compliance, data recovery, and reputational support. Clements can also help you explore other coverages, such as business interruption, computer hardware and software loss and extortion coverage, based on the size and complexity of your business operations.

Call us today at +1.202.872.0060 or 800.872.0067 or e-mail request@clements.com to discuss solutions tailored to your nonprofit's insurance needs.

Cyber Liability Insurance Coverage