Cyber Insurance Coverage & Terminology Guide

What Is Business Interruption (BI)?

Insurance coverage that pays the loss of income and extra expenses resulting from a network security event.

• BI Coverage — like cyber risk prevention as a whole — is constantly changing. Understanding what it covers (and what it doesn’t) can save you or your client trouble. Watch for long waiting periods. These hold a company responsible for a specified period of system downtime before insurance starts paying out.

What Is Incident Response?

The steps taken to prepare for an attack, mitigate the damage, and respond accordingly to prevent adverse events in the future.

• The fire drills of the cybersecurity world — a necessary plan that every organization should have in the event of a catastrophic cyber attack. Following an Incident Response Plan (IRP) secures that an organization knows how to contain and recover from a threat. Some questions you’ll need to cover in your IRP: When will you contact your cyber insurer, who is in charge of what, and how will you work with vendors in the event of a breach?

What Is Social Engineering?

The use of deception to manipulate individuals into giving up money, sensitive data, or confidential information.

• 70-90% of all malicious breaches are due to social engineering tactics. Due to these losses, insurers frequently define social engineering coverage narrowly or implement sub-limits (leaving the majority of the responsibility on insured organizations to train employees against phishing attacks and phishing scams).

• Policy language isn’t universal. Other terms to watch for: financial fraud loss, unwitting data breach, business instruction fraud, wire fraud. Since there are so many forms of social engineering, an overwhelming amount of terms are often packed into one coverage agreement on your cyber policy. Always confirm with carriers on their specific definitions for all.

What Is Multi-factor Authentication (MFA)?

An authentication method that requires the user to provide two or more credentials to gain access to an account.

• If your cyber insurer is going to require any security measure be implemented (which they probably will!) you can bet it’ll start with MFA. As a relatively affordable option, it’s a security control with a massive bang for your buck. It helps protect against unauthorized access, data breaches, and password-based cyberattacks. Think of it like a form of data protection insurance!

What Is Endpoint Detection Response (EDR)?

An integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

• Cyber attacks continue to get more sophisticated, which means Antivirus (AV) technology doesn’t cut it anymore. While original AV is useful for personal computers, it is really only effective at catching generic malware. Most businesses face more advanced risks. EDR offers “Flight Recorder” technology that tracks activity on the system before and after an alert to clearly identify what malicious activity occurred on the system (and provides the tools to isolate impacted areas). This is useful for when forensic teams are piecing together a full picture of the attack.

What Is Software Patching?

Patches are small updates to software to fix bugs, address security vulnerabilities, or add new features in between larger software “releases” or updates.

• Patching matters. What may seem like a tedious or inconsequential chore for the IT team can be your frontline defense against threat actors targeting vulnerable organizations. For example, consider the Microsoft Exchange vulnerability discovered last year, where threat actors targeted a zero-day exploit — with a whopping 170,000 unpatched systems in the wild — leaving organizations open to ransomware attacks. Keeping your software as up-to-date as possible can protect against threat actors seeking an easy entrance to your operating systems.

What Are Forensics?

Scientific tests or techniques used to detect a crime.

• In this context, this includes the extraction or gathering of data from a computer or network to determine whether there was an intrusion, how it occurred, when it occurred, who the intruder was, and what information they accessed.

• If an organization experiences a ransomware attack, they should expect that one of the first vendors they’ll work with is a forensics team. As data consumption experts, they’ll gather all information that is available to them to paint a picture of the attack from start to finish.

What Is Business Email Compromise (BEC)?

In the most common type of social engineering attack, malicious actors scout for a vulnerability within your client’s system, which they exploit to dupe employees into moving money into a fake account.

• Through targeting individuals — whether with stolen credentials or through impersonation — threat actors seek access to a business email account. This can act as a golden ticket to sway victims to believe they are working with someone they trust and typically ends with financial gain through the transfer of funds to an attacker-controlled bank account. Educating employees on telltale signs of BEC attacks (through phishing education) can be the best way to prevent cybercriminals from succeeding.

What Is Distributed-Denial-of-Service (DDoS)?

Denial-of-service attacks (DoS) are where a cybercriminal uses a single system to overwhelm their target victim’s system or network with a large amount of network traffic, preventing legitimate traffic from accessing the targeted website.

• Distributed denial-of-service attacks incorporate an army of systems that coordinate an overwhelming amount of network traffic (think advanced persistent threats) to one target.

• DDoS attacks are a popular choice for threat actors and hacktivists alike. They’re relatively easy and cheap to accomplish, as they don’t require breaching a security perimeter. While attacks can be crippling on their own, they may be used in association with a ransomware attack to overwhelm victims. A well-timed attack can stall remediation efforts and create further confusion.