By Scott Schleicher, Underwriting Manager, Cyber & Technology Insurance Business – AXA XL
Q: What are the most common types of cyberattacks ?
A: For the past 18 months the most persistent threat facing insureds has been ransomware attacks. The attack vectors vary from email attachments, bad links, credential theft and other methods of introducing malware in a network. Once embedded in the network the malware launches to encrypt the network data and even seeking out and encrypting back up data if it is not properly segregated from the network and kept offline. Ransomware is the single biggest threat to a public entity in cyber. The frequency and severity of claims from ransomware is changing the entire landscape of the cyber insurance market and public entities are among the hardest sectors.
Q: What are some of the potential impacts of a cyber attack on a public entity or local government organization ?
- Huge ransomware payments
- Loss of data
- Unavailability of networks
- Disruption of daily business
- Damage to reputation of elected officials
- Potential unaffordability/unavailability of future cyber insurance
Q: What are the most important things that public entities can do to avoid/prevent a cyber attack ?
A: The most important thing is Education. All employees must be able to identify a suspicious link, attachment or phishing email; Back up data must be stored and completely segmented from the active network.
As a Preferred member you have free access to substantial Cyber Security Awareness resources which include the following:
Preferred Risk Management Resource Center – available to members who place their EPLI related coverages with Preferred.
Cyber Security Resources Include:
• Cyber Assessment – Easy-to-use tool to measure data breach exposure with instant feedback on how to protect your organization from potential cyber risks.
• Robust privacy and security templates, including a customizable incident response plan (IRP), which can be specifically tailored to
meet industry and regulatory requirements.
• Resources for keeping staff up to date on a range of issues related to privacy, data security and compliance.
• Latest news and events regarding data breaches, regulations, class-action lawsuits, cyber threats and protective Technologies.
Vector Solutions | TargetSolutions – available to all Preferred members. Vector Solutions online cybersecurity training catalog features courses with up-to-date lessons for browser, email and password security to improve cybersecurity awareness amongst employees and mitigate risks to your agency’s data.
Cyber Security Awareness Courses
• Cybersecurity Awareness for Employees: Classifying and Safeguarding Data for Corporate and Personal Use
• Cybersecurity Awareness for Employees: End-User Best Practices
• Cybersecurity Awareness for Employees: Security Awareness Essentials
• Cybersecurity Awareness for Employees: Social Engineering (list the RMRC resources)
Please do not hesitate to contact your Preferred Loss Control Consultant with any questions that you may have.
Underwriting Manager in AXA XL's Cyber and Technology insurance business
His specialty is helping cities, municipalities and other public entities address their cyber risks. Scott is a frequent speaker at technology industry tradeshows and assisted in the development of one of the premier programs of insurance for small and middle market technology firms. From the Y2K scare and into the development of products for cyber risk coverage, Scott has been involved with the industry throughout its evolution. His specialty is helping cities, municipalities and other public entities address their cyber risks.