Cyber Hacking Tactics: Coming From All Angles

By Mike Grant, Principal and Director of Commercial Division

clock May 9, 2017 at 10:00 AM

Cyber crime has become the new norm, with 39% of breaches targeting companies smaller than $100M in revenue [1]. And while healthcare, retail, financial and educational organizations are frequent targets, every company has data and money that the hackers would love to get their hands on. Traditionally, we’ve seen attacks ranging from hacking servers for customer information, to hacking stolen laptops, and spear phishing emails where the hacker sends an email from the traveling CEO or CFO to request a wire transfer to a specific company. During tax season, they have even been sending spear phishing emails to the Human Resources or Finance department to target employees’ W2s.

But cyber hackers are creative and they are always looking for new angles to catch companies off guard.

In the past week, two of our clients have experienced a cyber breach involving some less frequent strategies.

  • Compromising an Amazon store login and diverting funds to a new banking account
  • Spoofing a vendor’s email to request payment to a new account

It’s clear that hackers are getting smarter and using new angles to target businesses. To mitigate your company’s risk, it’s crucial to be vigilant and aware of new types of attempts to steal money and information. Be mindful and train your employees to recognize phishing emails and scams. Confirm requests for changes via a different mode of communication.  For example, if the request came in via email, then call a known number to confirm the requested change.  Beazley Insurance offers additional employee training on phishing here.

For companies seeking proven protection for their cyber, network security and privacy exposures, a Cyber/Data Breach insurance policy remains the best and most affordable insurance solution. Follow our blog to stay up to date with the latest cyber security and insurance trends.

Read More

Topics: Cyber & Data Security, Market Trends

Phishing Hackers Targeting W-2s This Tax Season

By Mike Grant, Principal & Director, Data Breach Practice and Brad Hering, Marketing Executive

clock February 27, 2017 at 2:00 PM

Last year, the IRS estimated income tax fraud would cost taxpayers roughly $21 billion[1]. The upcoming tax season is expected to bring more losses from phishing scams due to the amount of personal information (W-2s, tax returns, social security numbers, etc.) circulating during tax season and the increased sophistication of the attacks.

Hackers use phishing emails to convince employees (typically in the Human Resources or Finance departments) to send over personal information about employees, often by email. These types of emails are deceiving, with many disguised to look like they are coming from company executives, such as the CEO. Once received by the hacker, this personal information allows them to file a tax return, cash in on someone’s tax refund or steal their identity.  The process is quick as hackers have machines set up to take advantage of this information almost as soon as they receive it.

Common Phishing Emails

The IRS reported that the following are some common phishing emails to look out for:[2]

Read More

Topics: Property + Casualty, Cyber & Data Security, Technology

The Best Way to Respond to a Cyber Breach: PREPARE

By Mike Grant, Director, Technology Practice

clock October 10, 2016 at 10:00 AM

Thanks to a number of high profile cases of cyber theft, many companies are aware of the threat of a cyber or data breach. Most know that it’s no longer a matter of “if” but “when” they will get hit. After all, every company has information hackers can profit from such as stolen identities, credit card information or proprietary secrets, to name a few.

Read More

Topics: Property + Casualty, Cyber & Data Security

The Cyber Security Threat Remains Real

By Mike Grant, Director, Technology Practice

clock August 17, 2016 at 7:30 AM

Big companies usually make the headlines when hackers compromise the confidentiality of millions of customers, but the truth is that 60% of all cyber breaches last year involved small and midsize businesses.

What’s more, many small to midsize firms typically prudent in other aspects of their business haven’t taken the time to understand the data security threat nor are they effectively managing the issue, according to new survey data from MMA.

Unprepared and Unaware

The 12-page report, 2015/2016 Cyber & Data Security Risk Survey for Small and Midsize Employers, highlights the fact that many are underestimating the potential danger to their business. Notably, the survey found the following:

  • Just 6% of the respondents said they thought their organization’s data security was “bomb proof.”
  • 2% said they did not have a corporate recovery plan to deal with the loss of confidential, personally identifiable information.
  • 9% said their organization did not have the expertise to develop any kind of data security plan.
  • Not surprisingly, those organizations that regularly talk about data security and risk management at the C-level are twice as likely to have implemented a recovery program to help manage a data security breach.

What To Do

Do something.  Most companies get overwhelmed even thinking about how to prepare or prevent cyber attacks.  From our experience, preparation is key to a company’s success in surviving a data breach.  And that preparation can be as simple as 1-2-3.

Read More

Topics: Property + Casualty, Cyber & Data Security

Think Your General Liability Policy Will Cover a Data Breach? Think Again.

By Mike Grant, Principal & Director, Data Breach Practice and Brad Hering, Marketing Executive

clock April 18, 2016 at 2:45 PM

On April 11, 2016, a Virginia federal appeals court upheld a lower court ruling that a data security breach is covered by a General Liability (GL) policy.  The specific ruling in Travelers Indemnity Company of America (Travelers) v. Portal Healthcare Solutions (Portal) ties back to the accidental publication of private medical records on the internet. 

This breach arose in 2013 when two individuals searched their names on Google and found their private medical records from Glen Falls Hospital at the top of the search results. The two individuals subsequently sued the Glen Falls Hospital and Portal Healthcare Solutions, the company hired to secure patient records, for this privacy violation.  During the trial, Travelers, who had issued two separate GL policies to Portal during the 4-month period the records were exposed, declined to provide a defense.  The court ruling mandates that Travelers defend Portal.

This appears to be a groundbreaking ruling that marginalizes Cyber/Data Breach insurance policies, correct? Not so fast. Before you reconsider Cyber/Data Breach insurance or plan to rely on your GL policy to protect you against data breaches, consider these facts:

Read More

Topics: Property + Casualty, Cyber & Data Security

Insurance Trends for the Healthcare Industry: Important Considerations for Managing Risk in 2016

By Michael Bailey, Principal, Healthcare Practice Group Leader

clock April 11, 2016 at 10:00 AM

Between continued implementation of the Affordable Care Act and the introduction of ICD-10 medical billing codes, 2015 was a year of significant change in the healthcare insurance landscape. The overall market trends continue to be positive in many lines of coverage, but issues surrounding electronic medical records, ICD-10 coding, and the ever-changing regulatory landscape have created additional uncertainty in the marketplace.

Now a couple months into 2016, let’s take a look at trends and changes in six specific areas of healthcare insurance: Professional Liability, Executive Risk, Cyber & Data Security, Billing Errors and Omissions, Managed Care Errors and Omissions, and Workers’ Compensation.

Professional Liability

The marketplace for Professional Liability continues to trend favorably in terms of frequency, but severity is on the rise at a similar rate. Overall, the increase in severity and decrease in frequency offset each other, creating a generally stable and highly competitive marketplace.  Insureds can anticipate rates remaining flat or seeing as much as a 5% decrease.

Read More

Topics: Property + Casualty, Cyber & Data Security

Email Hackers Get More Creative About Stealing Your Money

By Mike Grant, Director, Technology Practice

clock March 23, 2016 at 8:00 AM

The people who want to misappropriate your confidential information are getting smarter about it every day.

Read More

Topics: Property + Casualty, Cyber & Data Security

Cyber Liability: Avoiding a Super-Size Blunder

By Brad Hering, Marketing Executive

clock February 1, 2016 at 9:00 PM

With the Super Bowl only a few days away, both teams are undoubtedly using every minute to prepare for the upcoming game. In 2015, we watched the defeat of the Seattle Seahawks after they ignored the most obvious play they could make to win the game. With twenty-five seconds remaining and one yard left to go, the Seahawks passed the ball instead of utilizing their star running back. What happened next will be discussed and debated by football fans for years to come. New England Patriots’ newbie Malcom Butler intercepted the ball for the game-winning play.

Just like in sports, businesses sometimes over think their choices, missing the most obvious play. Today, the obvious, smart play for all businesses is to have cyber liability coverage and a plan to address a cyber-breach. Yet, even with the awareness of the threat of cyber-breach, many businesses still haven’t taken action. Ignoring this easy safeguard could lead you to a big blunder, leaving your customers wondering why the most obvious route wasn’t taken, just as Seahawks fans questioned why their team didn’t utilize one of their best assets.

Read More

Topics: Property + Casualty, Cyber & Data Security

Economic Trends: Important Considerations for Managing Risk in 2016

By Trindl Reeves, Principal, Chief Sales Officer, Commercial Department

clock January 13, 2016 at 10:30 AM

From the Nepal earthquake to the California wildfires destroying over 1,000 homes, 2015 was a year of extremes. Even so, the United States experienced a light loss year, with insured losses due to weather and storms down 36% in comparison to 2014, while, globally, the natural catastrophic losses kept pace with past years. For the insurance market as a whole, rates are continuing to trend downward, which has been the case since 2013.

As we begin 2016, let’s take a look at what’s going on in five specific areas of insurance: Property & Casualty, Executive Risk, Cyber & Data Security, Terrorism and Workers’ Compensation.

Property & Casualty

Overall, 85% of our clients are expected to receive a decrease in premium, with an average rate reduction of 4.1% across all lines of coverage, dependent on claims history. However, there is one exception to this trend: automobile coverage. Modern cars are equipped with technology features that are very expensive to repair, so auto insurance premiums are currently increasing by 5-10% across the board.

Another trend in the Property & Casualty area is social engineering, a sophisticated form of “phishing” where a hacker convinces employees to send money to a criminal source. To be covered for an attack, social engineering needs to be added to a Crime Policy, as it is not automatically included.

2016 Takeaway: Insurance carriers are hungry for business and are willing to drop rates to keep clients with low claims history. Companies can take advantage of this by negotiating renewals early to lock in low rates.

Read More

Topics: Property + Casualty, Cyber & Data Security, Market Trends

Could Social Engineering Fraud Be Happening at Your Business?

By Michael Segreti, Client Service Executive, Executive Liability Division

clock October 12, 2015 at 10:00 AM

It’s a bit of a mouthful and may not sound as familiar as “hacker” or “data breach,” but social engineering fraud is just as insidious and can be just as costly to a business. This growing threat does not discriminate and is affecting businesses of all sizes. If you have employees, then your business faces a potential loss due to social engineering fraud.

Social Engineering Explained

Social engineering fraud is a sophisticated “phishing” attack that attempts to intentionally mislead employees, convincing them to send money or divert a payment to a source that turns out to be a criminal. The contact can attack via phone or letter, but most often invades your system by email.

Unlike a normal phishing attack, social engineering fraudsters take a much more targeted approach. They pretend to be a vendor, client, or even another employee by attempting to make their communications look as official and routine as possible. On the surface, the communication appears entirely legitimate, and if the imposter has rudimentary hacking skills, he can even make these emails seem as if they are part of an existing thread.

The targeted employee, often bombarded by emails, may not think twice about the request and follow through, especially if it’s somewhat in line with standard operating procedures.

5 Steps to Prevent an Attack

Read More

Topics: Property + Casualty, Cyber & Data Security, Market Trends

Subscribe to the Blog

Follow Us


Search Blog