Each month, RCM&D’s Cyber Practice highlights key issues in the world of cybersecurity. In this month’s edition of Cyber News Bytes, we discuss NetDiligence’s annual claims review, updated guidance from OFAC, CCPA takeaways, and more.
The RCM&D Cyber Practice stands read to help you tackle today’s emerging cyber risks and more. Are you cyber ready for your P&C renewal? We encourage you to take the cyber risk assessment below or complete the cyber renewal checklist to prepare for your upcoming renewal.
NetDiligence Annual Claims Review
NetDiligence recently released its annual claims review, which analyzes claims over a five-year period from 2016-2020. To no surprise, ransomware headlined this year’s report, with the average cost of a ransomware event rising from $247k to $352k for small to mid-market businesses. Like in past reports, NetDiligence delves into several other components of a cyber event, including the cost by type of incident response services, business interruption and recovery impact, industry trends, and more. All of the factors can help support an organization in its efforts to understand its unique cyber risk.
US Government Continues Battling Cybercrime
Like others across the globe, the US government continues to search for answers in the fight against cybercrime. Most notably, OFAC (US Department of Treasury’s Office of Foreign Assets Control) updated its guidance on potential sanctions for companies that facilitate ransom payments, providing more input on the expectations around the cybersecurity practices organizations should have in place to prevent a cyberattack. Failing to take measures like having offline backup files, an incident response plan, conducting cybersecurity training and more can result in sanctions. Additionally, OFAC emphasizes the expectation that ransomware victims need to notify and cooperate with appropriate law enforcement when navigating these incidents. You can read the new OFAC guidelines here.
CCPA Key Takeaways
The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. Since then, there have been several plaintiff class-action suits filed invoking the CCPA. The California Privacy Rights Act (CPRA) is anticipated to become operational in January 2023.
A recent article from BakerHostetler provides helpful insights into some key takeaways for initial defense strategies seen in various CCPA class-action suits. In addition, they provide insight into the anticipated CPRA perspective related to the types of actions outlined.
Protecting Small Businesses From Big Cyber Threats
Cyberattacks continue to threaten businesses of all sizes and industries every day. While some industries are hit more than others, no industry is immune to them. We often hear about large companies hit with cyberattacks in the news, but small and medium businesses (SMBs) are also vulnerable. A recent Forbes article references some of the vulnerabilities that SMBs face and outlines some essential steps and tips to limit exposures and strengthen defenses to help reduce cyber threats.
Are You Cyber Ready for Your P&C Renewal?
The cyber liability marketplace is currently experiencing a sudden, substantial shift.
In recent years, cyber liability incidents have been increasing in both severity and frequency, with a 73% loss ratio measured in 2020 according to Fitch Ratings. As claims continue to rise, insurance carriers are scrutinizing cybersecurity controls and rigorously underwriting every risk. Implementing measures like multi-factor authentication and maintaining proper cyber hygiene practices are more crucial than ever before to obtaining coverage.
RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.