Today we’re sharing insight from guest blogger Kurt Thoennessen, Vice President, Ericson Insurance Advisors. We hope you enjoy Kurt's wisdom and perspective.
The Internet has taken us from the physical world, where fire, flood, and earthquakes are the typical causes of catastrophic damage, into the digital world, where identity theft, ransomware, and computer viruses have the potential to be just as destructive. It is no longer sufficient to simply lock your doors and turn on the alarm system. Today, your personal information is at risk from criminals who can attack at any time. This means your information needs to be protected, locked up, and secured with an alarm—just like your home.
This article will help you to accomplish the following.
- Assess your cyber-risk level
- Understand the different types of cyber risks
- Learn practical strategies to improve your security while online
- Discover software solutions and services to assist you with loss prevention and post-loss response
- Understand the cyber-insurance coverages available today
What Is Your Risk Level?
Cyber crime is a massive problem. According to Steve Langan, CEO at Hiscox Insurance, over $450 billion in global economic losses were recorded in 2016.1 The Equifax data breach of 2017 exposed over 147 million Social Security numbers, and there were over 1,500 other recorded breaches in 2017.2 Everyone has the potential of being a victim of cyber crime, but there are factors that can cause your risk level to increase. Some of those factors are the following.
- Your level of wealth
- The number of connected devices you have in your home
- Your level of fame/celebrity
- If you have domestic employees
- The number of trades you make per year in the stock market
- If you run a business out of your home
The more risk factors you have, the higher your level of risk is and the more you should consider taking action to protect yourself. Once you have an understanding of your risk level, you can determine the actions you need to take to mitigate the risk of becoming a victim of cyber crime. A self-assessment is a good start, but having a cyber-security professional to work with is a viable option as well.
Cyber Risk Overview
The average household today has 10 to 20 Internet-enabled devices in the home.3 Laptops, smart phones, Internet TVs, security systems, thermostats, and other connected devices are all part of the intricate web of technology that is expanding exponentially in homes across the United States.
These devices hold valuable information, such as passwords, dates of birth, and travel schedules. They may control critical functions in your home, such as temperature control. Each of these devices connects to the Internet to derive value for the user but in so doing also creates an entry point for nefarious hackers to access the devices and the information they hold. Once criminal hackers gain access to these devices, they can easily transfer funds from bank accounts, unlock doors that use smart locks, and install harmful ransomware on computers to hold them hostage.
Criminal hackers use many different strategies to cause physical, emotional, or financial harm. The following are some of those strategies.
- Email phishing. This strategy involves email scams looking to dupe email recipients into clicking a link that can install harmful software onto the recipient's computer.
- Identity theft. Criminals use personally identifying information (e.g., address, name, birth date, Social Security number, etc.) to sign up for credit cards, open bank accounts, or initiate other transactions using your personal information.
- Cyber extortion. Hackers coerce victims to pay large sums of money when they take control of their website, servers, computers, or other digital assets and hold them hostage until their demands are met.
- Cyber bullying. Cyber bullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation.4
- Unauthorized payment or transfer. This strategy involves hackers gaining access to your banking and credit card information and illicitly transferring money or making fraudulent purchases.
- Social engineering. Cyber criminals use deceptive tactics to trick people into giving them access to sensitive information through phishing scams, pretexting, and baiting.
Practical Cyber-Protection Strategies
Everyone is at risk of being affected by cyber crime, whether it is a direct or indirect attack. There is no surefire solution that will guarantee your data is secure, but there are strategies you can implement to make it more difficult for hackers to gain access to your information.
The list below offers some of the strategies you can implement to improve your security on the Internet.
- Protect your Wi-Fi network at home with a strong password, one that contains more than six digits (longer passwords are more secure) and uses special characters (i.e., $%$#@), lowercase and uppercase letters, and numbers.
- Change your passwords every 6 months.
- Use passphrases instead of passwords. A passphrase is a string of words used to control access to a system. They are easier to remember and could be more secure than passwords (Example: JohnisSIttingon2Largechairs).
- Set up a guest network at home with a separate password for guests to use rather than giving them the password to your primary network.
- Use multifactor authentication whenever possible. This is a security protocol that uses a secondary device to verify you are whom you say you are. Verification codes are sent via text or email for you to enter during the sign-in process.
- Store your passwords in a secure location, such as a password manager. LastPass.com and Dashlane.comare websites that you can store all of your passwords on to help improve your security.
- Use one network for connected appliances and gadgets, and a separate network for your computers, tablets, and phones. This way, if someone hacks your device network, they will not be able to access your accounts.5
- Download software updates as soon as they are available.
Software and Service Solutions
In addition to the practical steps you can take to protect yourself, there are software solutions and services to assist you with building your cyber-protection strategy. These solutions can help you detect suspicious intrusions into your network as well as monitor for fraudulent activity.
Here are examples of software solutions and service providers who specialize in working with individuals to help them with cyber security.
- CyberScout.com—CyberScout offers a full suite of services to improve your cyber security, including identity management tools, credit monitoring services, breach response services, and data privacy consulting.
- Norton.com—Norton provides software that identifies viruses and malware and blocks them from causing damage. It also offers other related services including a router device that monitors and protects everything within a connected home network.
- Rubica.com—Rubica.com developed a technology for your tablets, smartphones, and computers that helps you avoid being the victim of a cyber crime.
- K2Intelligence.com—K2 Intelligence is a full-service cyber-defense consultancy that brings enterprise-level cyber-security solutions to the private client and family office markets.
Even with the best security practices in place, and all of the practical risk mitigation strategies being utilized, there will always be a risk of loss. That is where insurance comes in. Cyber insurance not only offers financial protection when a loss occurs, but it also may include complimentary or discounted access to software tools and services like those mentioned above.
Today, a handful of insurance companies offer cyber-insurance policies for individuals to purchase. Some are in the midst of developing a solution, and others are in the planning stages. Most companies offer identity theft coverage as part of their homeowners policies, but that coverage falls short of covering most of the cyber crimes happening today. Although the cyber-insurance products are relatively new, they are very broad in the coverage they offer.
The following is a list of coverage highlights from a few cyber-insurance products on the market today.
|Cyber Extortion and Ransomware||Provides reimbursement for money paid by an insured to terminate a cyber-extortion threat. Insureds have access to expert cyber consultants to assist if a criminal demands a ransom in exchange for the insured's data.|
|Cyber Bullying||Covers related costs as a result of an insured or family member being victimized by cyber bullying. Related expenses include professional digital forensic analysis to aid in prosecution, professional cyber-security consultant services, loss of salary due to wrongful termination, public relations service fees, and temporary relocation.|
|Fraudulent Transfers||Provides protection against the loss of funds stolen from an account due to a cyber attack.|
|Social Engineering||Provides coverage if your authorized account user—such as a personal assistant or family office manager—is deceived into wiring money from your account.|
|Data Restoration||Provides coverage for the cost of a professional to reinstall damaged software, remove malicious code, reconfigure your device or system, and replace electronic data that has been lost or corrupted.|
|Crisis Management / Reputational Injury||Provides reimbursement and access to crisis management consultants to protect an insured from reputational harm.|
|Cyber Disruption||Provides support in dealing with a cyber attack that prohibits the clients from accessing their home or interrupts their incidental business operations in their home.|
*Coverages above are representative of those found in cyber-insurance policies offered by AIG Private Client Group, Chubb Personal Risk Services, and PURE Insurance.
Coverage limit options vary from company to company with options ranging from $50,000 to $1 million per occurrence. Prices range from $400 to $2,000 per year depending on the coverage limits selected, the coverage options included, and the company offering the coverage.
Conclusion: Personal Cyber Security
Insurance is a tool that can be used to help protect your wealth from cyber risk. Adequate coverage should be obtained to match the maximum financial loss. However, it is also important to use the practical strategies, software products, and services mentioned above to protect yourself from cyber risks and to develop a plan of action should an incident occur.
1 Luke Graham, "Cybercrime Costs the Global Economy $450 Billion: CEO," CNBC, February 7, 2017.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.
Kurt Thoennessen writes the personal risk management column for IRMI.com.
He is vice president of Ericson Insurance Advisors and has over 10 years of experience as a personal risk adviser.
Mr. Thoennessen has a passion for technology that has led him to develop several initiatives to bring value to Ericson's clients and future clients. One initiative involved the development of an online portal, Client Diagnostic Central, where personal insurance clients can easily keep their insurance up to date. Another embodies a reimagined personal insurance buying experience for new and existing clients online called InsurScope.com. He also created a YouTube channel to deliver advice and education to high net-worth insurance buyers.
As a founding member of the Private Risk Management Association, Mr. Thoennessen leads its marketing and thought leadership committees. He is also the founder of another industry group, with over 1,000 members, that is dedicated to peer-to-peer information sharing and education in the high net-worth insurance space.
Mr. Thoennessen has been quoted in national periodicals including MarketWatch, CNN Money, Best's Review, Moneymagazine, and Car Collector magazine on insurance topics related to high-value homes, automobiles, and personal liability. He has also written several articles on various insurance topics for Worth magazine, is a regular contributor to the Private Risk Management Association's blog, and maintains a blog on InsureScope.com.
He was named one of Risk & Insurance Magazine's Power Brokers for 2016 and was awarded the JoAnn Heltibridle Award for Professional Excellence in 2015 by the Private Risk Management Association at its annual summit.
Mr. Thoennessen has a bachelor's degree in management and business from Boston University and earned the Certified Advisor of Personal Insurance designation. He is highly involved in his community, has coached soccer for his three daughters, sat on the Chamber of Commerce board, and also volunteers for SingOut! CT.