If the recent WannaCry ransomware epidemic didn’t get your attention, it should have.
In case you missed it somehow, this malware outbreak affected more than 200,000 users in over 150 countries. Hospitals were unable to access patient records, some businesses remained closed in order to avoid exposure … and some early estimates put the total cost at $4 billion or more.
Like most forms of ransomware, WannaCry (also called WannaCrypt) launches when a user clicks on a malicious attachment, locking down all the data on that PC until a ransom is paid via the internet currency Bitcoin. Unlike previous outbreaks, WannaCry demonstrated the ability to lock down not only the PC that received the attachment, but all other connected machines on the network.
Now think about your own business for a moment. Where would you be if all your PCs and server were suddenly unavailable? What would happen to your vital customer data? And what would your exposure be if that data included sensitive personal information like Social Security or credit card numbers?
The one constant in this age of malware has been that the bad guys are always a step ahead of the software patches and anti-virus updates designed to thwart them. Experts are already predicting more sophisticated variations on WannaCry in the near future. And all the technological precautions in the world won’t stop an untrained employee from clicking on an authentic-appearing attachment. One simple slip can unleash a nightmare scenario for any business.
There are plenty of non-ransomware threats as well. As the saying goes, “there are two types of companies … those who’ve been hacked and those who don’t know they’ve been hacked.” A hacker gaining access to your customer information is just as much of a nightmare as a ransomware outbreak, and 46 U.S. states require reporting of any breach. There’s no hiding from this.
That’s why cyber liability coverage is no longer just for companies in the IT space. Any connected business – and that’s pretty much all of them – needs to address this exposure, because failure to do so could have devastating consequences.
Train your employees and take every technological precaution you can to protect your data, but insulate yourself against a worst-case scenario also. Remember: the bad guys are a step ahead of the rest of us.
Questions about cyber exposures or cyber liability insurance? Contact Consolidated Insurance.