NetDiligence Claims Review, New OFAC Guidance, and CCPA Takeaways: October Cyber News Bytes

Each month, RCM&D’s Cyber Practice highlights key issues in the world of cybersecurity. In this month’s edition of Cyber News Bytes, we discuss NetDiligence’s annual claims review, updated guidance from OFAC, CCPA takeaways, and more.

The RCM&D Cyber Practice stands read to help you tackle today’s emerging cyber risks and more. Are you cyber ready for your P&C renewal? We encourage you to take the cyber risk assessment below or complete the cyber renewal checklist to prepare for your upcoming renewal.  

NetDiligence Annual Claims Review

NetDiligence recently released its annual claims review, which analyzes claims over a five-year period from 2016-2020. To no surprise, ransomware headlined this year’s report, with the average cost of a ransomware event rising from $247k to $352k for small to mid-market businesses. Like in past reports, NetDiligence delves into several other components of a cyber event, including the cost by type of incident response services, business interruption and recovery impact, industry trends, and more. All of the factors can help support an organization in its efforts to understand its unique cyber risk.

US Government Continues Battling Cybercrime

Like others across the globe, the US government continues to search for answers in the fight against cybercrime. Most notably, OFAC (US Department of Treasury’s Office of Foreign Assets Control) updated its guidance on potential sanctions for companies that facilitate ransom payments, providing more input on the expectations around the cybersecurity practices organizations should have in place to prevent a cyberattack. Failing to take measures like having offline backup files, an incident response plan, conducting cybersecurity training and more can result in sanctions. Additionally, OFAC emphasizes the expectation that ransomware victims need to notify and cooperate with appropriate law enforcement when navigating these incidents. You can read the new OFAC guidelines here.

CCPA Key Takeaways

The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. Since then, there have been several plaintiff class-action suits filed invoking the CCPA. The California Privacy Rights Act (CPRA) is anticipated to become operational in January 2023.

A recent article from BakerHostetler provides helpful insights into some key takeaways for initial defense strategies seen in various CCPA class-action suits. In addition, they provide insight into the anticipated CPRA perspective related to the types of actions outlined.

Protecting Small Businesses From Big Cyber Threats

Cyberattacks continue to threaten businesses of all sizes and industries every day. While some industries are hit more than others, no industry is immune to them. We often hear about large companies hit with cyberattacks in the news, but small and medium businesses (SMBs) are also vulnerable. A recent Forbes article references some of the vulnerabilities that SMBs face and outlines some essential steps and tips to limit exposures and strengthen defenses to help reduce cyber threats.

Are You Cyber Ready for Your P&C Renewal?

The cyber liability marketplace is currently experiencing a sudden, substantial shift.

In recent years, cyber liability incidents have been increasing in both severity and frequency, with a 73% loss ratio measured in 2020 according to Fitch Ratings. As claims continue to rise, insurance carriers are scrutinizing cybersecurity controls and rigorously underwriting every risk. Implementing measures like multi-factor authentication and maintaining proper cyber hygiene practices are more crucial than ever before to obtaining coverage.

Read more from Cyber Strategic Leader of Oswald Companies, Lacy Rex, regarding important questions and considerations to ask within your organization to ensure your business is protected. 

You can complete a Cyber Risk Assessment online here. Additionally, we encourage you to download this checklist in order to prepare for your cyber renewal. 


RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.