green-circle-full

Business Interruption Claims, Vendor Risk & Regulatory Compliance and Government Ransomware Threats: October Cyber News Bytes

Cyber Business Interruption Claims & Rising Costs

As reflected in this article from Business Insurance, the cost of cyber incidents can increase substantially when business interruption claims are involved. According to recent data from NetDiligence, cyber claims involving business interruption were over 270% higher in 2023 than those that did not include lost income claims. The five-year average cost of a claim involving business interruption was also over 450% higher than a claim without those losses. Cyber incidents can lead to business interruptions, causing direct losses. Additionally, if a third-party entity experiences a cyber incident, it can indirectly impact your business, leading to contingent business interruption claims and losses. Resolving these claims can be complex and time-consuming, often requiring extensive documentation and communication.

Protecting Your Business from Vendor Risk

As businesses increasingly rely on third-party vendors, particularly Software-as-a-Service (SaaS) providers, the risk of cyberattacks emerging from these vendors has significantly increased. The 2024 cyberattack on Change Healthcare serves as a heavy reminder of the unpredictability and potential consequences of vendor breaches. To mitigate these risks, businesses should implement robust business continuity plans (BCPs) that include identifying critical functions, developing contingency plans, regularly reviewing vendor security and establishing clear communication protocols. Ongoing vendor management should involve thorough risk assessments, setting cybersecurity standards in contracts, defining responsibilities in case of breaches and ensuring vendors have adequate insurance coverage.

Understanding CIRCIA: Key Considerations for Compliance

A recent report from McDermott Will & Emery emphasizes the significant impact the Cybersecurity Incident Reporting for Critical Infrastructure Act (CIRCIA) will have on critical infrastructure organizations. While cyberattacks are abundant, there is a large gap in the accuracy of the information reported on these incidents. The act mandates the accurate reporting of “substantial cyber incidents,” including details on cybersecurity controls and ransomware payments. Non-compliance can result in severe penalties. While CIRCIA is set to take effect in 2026, organizations should proactively prepare and ensure their internal policies and procedures are in line with these new requirements.

Navigating Ransomware Threats for Government Agencies

Government agencies are increasingly vulnerable to ransomware attacks, with average recovery costs reaching $2.83 million in 2024. Budget constraints of state and local governments also limit funding available for acquiring and implementing important security infrastructure and accessing cyber security experts. Organizations like the Public Safety Technology Alliance (PSTA) provide free access to valuable threat intelligence and cybersecurity resources. By staying informed and implementing strong security measures, agencies can reduce their risk of falling victim to ransomware attacks.