Cyber Risk: What You Need to Know
auto insurance refund saginaw bay underwriters
Auto Insurance Refund FAQ
March 15, 2022
wire fraud sbu blog
Understanding & Preventing Wire Fraud
July 27, 2022
Show all

Cyber Risk: What You Need to Know

sbu CYBER 2022

Cyberattacks are a potential risk for any business or organization. Data indicates the following trends:

  • The frequency of cyber incidents is increasing dramatically. Business Email Compromise (BEC) incidents alone rose more than 51% in the beginning of 2021.
  • Even more problematic, the severity of these incidents is also on the rise. Ransomware demands in particular grew nearly 170% between 2020 and 2021.

To respond, business leaders need to consider three things: The potential risks, ways to safeguard businesses and the consequences of not being prepared.

What Are the Potential Risks?

Data Breaches

Cyber criminals seek to gain unauthorized access to the valuable data you possess and then use it for financial gain. Exposure of data such as customer names and contact information, social security numbers, financial information, etc., leads to a number of costs:

Data restoration costs: In the case of a cyberattack, cyber criminals rarely leave your system in the condition they found it. Restoring the data and systems involved is typically a complex, time-consuming and costly process.

Notification costs: You may be responsible for notifying anyone affected by a data breach that their personally identifiable information was compromised. Numerous regulations apply to these notifications, which vary by state.

Regulatory fines and penalties: Exposing confidential data may lead to fines and penalties, and contractually transferring this risk may not always be possible.

Reputational harm: To some clients or customers, data breaches also represent a breach in trust, which can result in costly damage to a company’s reputation.

Ransomware Events

Ransomware is a type of malware – malicious software – that cyber criminals use to demand ransom from a victim. Typically this malware locks down a computer system, essentially holding hostage the victim’s data, intellectual capital, infrastructure, privacy and/or ability to operate the business.

There are more costs associated with a ransomware event than you may expect. First, there is the cost of the ransom itself, which data indicates is increasing. Second, there is the cost of business interruption. Whenever a business or organization is attacked with ransomware, the time it takes to resolve the attack and resume normal business operations can be very costly.

Social Engineering, Electronic Funds Transfer Fraud & Computer Fraud

Any time cyber criminals disguise their identity and motives to lure an individual or organization into giving them confidential information, computer access, or even money, that’s social engineering. Social engineering cyberattacks against organizations are becoming more and more frequent and sophisticated. What makes social engineering particularly dangerous is that it relies on human error rather than a system vulnerability.

Funds transfer fraud occurs when there is an unauthorized transfer of funds initiated through fraudulent instructions sent to your financial institution by someone outside your organization.

Computer fraud is another form of cyber crime, which occurs when money is transferred or stolen due to your actual computer system being compromised by unauthorized access.

What Can You Do to Safeguard Your Business?

There are five key ways to safeguard your business or organization, and help prevent a breach:

Employee Training

  • Create a culture of cybersecurity awareness in your company or organization through training and education. Regularly communicate cybersecurity best practices with employees.
  • Particularly focus on strong email hygiene, which would include items such as verifying legitimacy before opening suspicious emails, taking precautions with links and/or attachments from unknown senders, and immediately reporting possible breaches.
  • Consider enhancing cybersecurity awareness through use of a simulated phishing attack solution. Such solutions can regularly test employees with “scam emails.”
  • Develop and implement a strong password management policy. Such a policy would require strong passwords with length, complexity and other requirements, as well as requiring regular password changes.


  • Develop and implement a robust update and patch management policy for software and hardware. Doing so will help ensure that you’re not vulnerable to known exploits and generally keep your systems running smoothly.
  • If possible, activate automatic updates.


  • Perform regular backups. Store both offline and on separate networks. Be sure to also regularly test restoration of backups.

Multi-Factor Authentication

  • Enable Multi-Factor Authentication (MFA), particularly when your network is being accessed remotely.
  • Adopt a “zero-trust security environment” when it comes to cloud-based services and hybrid or fully remote workspaces. On this model, “never trust, always verify” becomes the policy both inside and outside your network(s). By limiting network access and not allowing free movement within it, you help to further minimize the risk of insecure remote network access points.

Disaster Recovery

  • Develop an Incident Response Plan (IRP) to implement immediately in the event of a cyber incident. Conduct simulation exercises to test your IRP on a regular basis.

What Are the Consequences of Not Being Prepared?

The consequences of not being prepared for a cyberattack can be devastating. Data indicates that 60% of companies go out of business within six months following a cyberattack. Small businesses and organizations are increasingly at risk, due to lack of security and growing payouts associated with these attacks. Between 2020 and 2021, cyber incidents at companies with less than 250 employees increased 57%.

Despite these negative trends, data also indicates that proper security measures and the proper insurance coverage can make a big difference when it comes to addressing cyber risk.

Making the Complex Simple

Businesses and organizations need to be aware of the cyber risks they face, ways to prevent a breach and the consequences of not being adequately prepared.

Are you ready to have a conversation about cyber security and data breach? Contact an SBU Risk Advisor today.

Saginaw Bay Underwriters has made every attempt to ensure this information has been obtained from reliable sources. Sources: Coalition H1 2021 Claims Report; Cowbell Cyber; Inc. Current as of: May 2022