Over a year ago, near the start of the pandemic, I wrote a blog about the importance of cybersecurity insurance amid the uptick of hacking and cyber ransom attacks on corporations of all sizes. I spoke then about how the Black Swan disruption of COVID had driven so much of global business online, which had in turn offered heightened opportunity for hackers, fraudsters, and thieves across the globe to have unleashed their arsenals toward exploiting any weakness. I would love to be able to say that we have since turned a corner—but I can’t.

2020 saw more claims in cyber ransom than any year before it, and 2021 is on track to beat that dubious record handily. With the added economic strain of the pandemic, I know of numerous companies that have never been able to recover from such attacks, and the cyber insurance markets have begun to take notice of the endless financial drain that hackers pose. Some insurance carriers have pulled back their limits or removed ransomware coverage from their policies altogether.

In answer to the above question—YES, cybersecurity has never been so necessary and worth it, BUT the need to closely review and understand your policy is just as vital as having coverage in the first place. One of my international clients has already had to contend with and recover from two ransomware attacks this year. A technology company where a close friend of mine works suffered a cyber ransom attack while carrying a cyber insurance policy that didn’t cover cyber extortion. No one had read the fine print of which types of attacks were covered, and the company has now lost 50% of their client base and is still struggling to recover a full year later.

Cyber insurance carriers have also become wary of what type of cyber security systems companies have in place before writing a policy—noting that some software systems like Solar Winds Orion, and certain Microsoft products are far more prone to attacks than others. Prior to writing a policy, carriers are requiring multi-factor identification protocols for authentication and scoring security measures with premiums dependent on a company score.

Steps that need to be taken:

• Implement Multi-Factor Authentication (MFA) on all VPN connections.
• Sensitive data should be encrypted on all devices.
• Regularly update VPNs, network infrastructure devices, and devices being used to remotely connect with the latest software patches and security configurations.
• Alert ALL employees to an expected increase in phishing attempts and require regular/automated password change protocols.
• IT security personnel should ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery.
• Communicate to your whole team how to report security incidents, phishing, malware, and other cybersecurity concerns.
• Employees should be cut off from online access as soon as they leave the company.

Unfortunately, in our globally connected and increasingly online dependent work life, the ever-present threat of cyber attacks is the new normal. Putting our heads in the sand and hoping for the best is no longer an option. Only rigorous cyber security hygiene with robust insurance coverage to support it can provide the relative peace of mind that every business needs to do its best work.

If you have questions about your cyber security system or cyber insurance policy, don’t hesitate to reach out for consultation.

Before I became Sales Director for Hilb Group of New England, I spent years working directly for a large insurance carrier. I have looked at a lot of health care data throughout my career and have taken well over a hundred meetings with companies for direct review of their health care plans and outcomes. Believe me when I tell you that not all health care providers are created equal.

Whether you’re shopping as an individual or working on the HR side of your company benefits plan, doing the research and working with advisors who understand the stakes can not only save money and but also add immensely to the quality of life for you and your employees. Quality health care ends up costing less for you and the members of your health plan—with less bad outcomes, less complications, less side effects, and less redo’s.

Continue reading →

With the benefit of the past year in hindsight, it’s safe to say that most everyone has learned some lessons from the pandemic about planning for the unexpected. Both businesses and individual financial outlooks have been dramatically affected by the months of uncertainty and shutdown, with short-term risk mitigation and long-term planning for the next “black swan” event top of mind like never before. 

The importance of risk preparation and having emergency funds on hand have come into stark focus in my retirement practice. I’ve helped many clients wrestle with the sudden losses and constraints placed on nest eggs and retirement accounts by the months of lost income and financial upheaval. As a general rule, the older and more established you are financially, the bigger hit you have likely taken from the pandemic.

Continue reading →