Actuarially Sound

Don’t Be Scared! Cybersecurity Awareness Month Serves as a Reminder of Threats

Don’t Be Scared! Cybersecurity Awareness Month Serves as a Reminder of Threats

By Rob Fischer 
Policy Analyst, Casualty 

(10/01/24)

Fall is upon us, and with it comes something spooky to take heed of every October. No, it has nothing to do with ghosts or goblins—it’s the annual reminder that hackers and phishers are on the prowl to steal your data. That’s right, it’s Cybersecurity Awareness Month.  

In a proclamation released this week, President Biden said, “During National Cybersecurity Month, we recognize the important role that cybersecurity plays in keeping Americans safe, protecting our institutions, and upholding our democracy. We honor all of the cybersecurity professionals, who are working tirelessly to defend our digital world. And we look forward to all that we will accomplish as we work together to advance cybersecurity.”  

The president and Congress first declared October as Cybersecurity Awareness Month in 2004. Since then, the Department of Homeland Security has used the yearly commemoration to promote strong personal and operational cyber hygiene and to reduce online risk in both the public and private sectors.  

In the past five years, the FBI’s Internet Crime Complaint Center has received over 3.79 million complaints and reported losses of over $37.4 billion. The top five crime types in 2023 were phishing/spoofing schemes, personal data breaches, non-payment/non-delivery schemes, online extortion, and investment-related schemes.  

There is a way to curb such concerns, however. Cyber insurance is a newer line of business in the property and casualty space that offers protection. For most people, cyber insurance plans are offered as an endorsement to homeowner’s or renter’s policies. There is a growing portion of the industry, however, that is providing cyber insurance for businesses and individuals as a standalone policy.  

The Federal Trade Commission recommends that small businesses have cyber policies that cover data breaches, direct attacks on networks, acts of terrorism, and attacks on third-party vendors that store company data. They also recommend first-party coverage, which protects an organization’s data and provides support in the aftermath of an attack, and third-party coverage, which protects an organization from liability claims made against them.   

While many of the most newsworthy private-sector hacks during the past few years targeted some of the biggest companies (e.g., Equifax in 2018, Microsoft in 2021, and Facebook in 2021), small businesses are just as susceptible to cybercrime. The majority of cyber-attacks in the private sector are directed toward smaller businesses that tend to have fewer resources and money available to recover from a costly attack. 

The Academy’s Committee on Cyber Risk has been on the forefront of research into cyber insurance and released the Cyber Risk Toolkit in 2021. Since then, it has made regular updates and released new chapters to the collection of papers. The toolkit contains a number of interesting papers exploring specific areas of cyber risk such as: a thorough introduction to cyber insurance; a look into the security concerns related to digital assets and cryptocurrency; the growth of ransomware attacks; cyber attacks linked to possible foreign states, terror organizations and acts of war; and many others. 

As cyber threats change and evolve, the Committee on Cyber Risk will continue to publish new papers on trends and threats in the market to keep Academy members, regulators, insurers, and the public informed. Also, keep an eye out for the opening of registration for the Oct. 30 webinar “Navigating the Cyber Risk Landscape: New and Emerging Work.” 

For other resources from the Academy on cyber, be sure to follow the committee’s work as well as the resources found on the Contingences website

print
Previous article Actuaries Play a Critical Role in Helping Insurers Address Changing Climate Risks

Related posts