Hacker Attack: How to Protect Your Business from Cybercrime
Cybercrime is one of the biggest risks Finnish businesses face today - but what happens when a successful cyberattack not only affects your own business, but also your clients'? This article explains why this is more common than you might think, and how Professional Indemnity Insurance can help in these cases.
Cybercrime Affects Every Business
Recent studies show that nine out of ten companies have been victims of data theft, espionage or sabotage. The total cost to the economy was around 203 billion euroes. The biggest threat to businesses and institutions is ransomware - where cyber criminals gain access to servers, programs or systems, then encrypt data and/or access and demand a ransom for its release.
In the following article, we summarised in detail how a ransomware attack works and what measures can be taken to keep your business safe: Ransomware Risk: How to Protect Your Business Against Becoming a Digital Hostage
The situation becomes particularly dangerous when a ransomware attack leads to a so-called supply chain attack. In this case, the original victim's systems also attack their customers' systems. A good example of the devastating consequences of such a combined hit is the case of the hack of the American software company Kaseya in July 2021.
What Is a Supply Chain Attack?
A supply chain attack means that a cyberattack accesses a company’s network via third-party providers, suppliers or the supply chain. Such an attack therefore not only affects those who are directly targeted (e.g. service providers, software manufacturers), but also their clients or customers.
The Kaseya Case: Cyberattack with Worldwide Consequences
All 800 stores of the Swedish supermarket chain COOP were forced to close in July 2021 because their POS system stopped working. The reason was that the VSA desktop management tool, sold by Kaseya and used by many IT service providers worldwide to manage their customers' IT systems, had been hacked. COOP's IT company, which managed the POS systems, used VSA and after a ransomware attack on Kaseya crippled the software, the supermarket chain's entire checkout systems went down. In total, the Kaseya hack affected approximately 1,300 other companies and service providers worldwide.
This ransomware attack combined with a supply chain attack is considered the largest cyber attack in the world to date because of the domino effect of so many other companies being affected. This is the problem with supply chain attacks: They affect not only the company itself but, in the worst case, all its clients and their customers. The risk of a hack on your own systems or programmes affecting your customers is not just something that large companies need to worry about - it can affect small service providers too.
What to Do If a Cyber Incident Against you also Affects your Clients?
It’s bad enough if your business falls victim to a successful cyberattack - but it’s a real catastrophe if your customers are also impacted. Unfortunately, there’s no such thing as 100% protection against cybercrime - because operating systems and software can also contain vulnerabilities that criminals exploit. Microsoft alone releases a number of patches and updates every month to fix such vulnerabilities. If your customers suffer damage as a result of a cyberattack on your business, this is referred to in insurance terms as “third-party (cyber) damage”.
Cybercrime: How to Protect Your Business
This is exactly why Professional Indemnity Insurance from exali automatically includes insurance coverage for data and cyber damage caused to third parties by a mistake on your part - for example a cyberattack. So if your business in Finland becomes the target of ransomware that results in a supply chain attack on your clientele, the damages they might sustain as a result, such as stolen or encrypted data or a business interruption, are insured.
Ransomware Attack with Consequences: a Real exali Damage Event
The cyberattack on your customers doesn’t even necessarily have to take place via your systems, even neglected updates and backups can cause considerable damage. For example, an IT service provider had not adequately secured the email server and backup server systems of a consulting company in a real exali damage event. When they fell victim to a phishing attack, some of the data and systems could not be restored. In the end, the consulting company demanded around 900,000 euros in damages for the IT service provider’s failure (so-called third-party cyber damage). Read about how it all turned out in this article: Ransomware: A Damage Event Involving a Virus and Inadequate Protection.
Cybercrime: What Insurance Options Are there for First-Party Claims?
In addition to the (third-party) damage your customers can suffer from a cyberattack, your business can of course also suffer damage. This not only affects the recovery and/or repair of your infected systems, programs or data, but also the costs for IT forensic experts, legal fees and possibly also additional costs for PR and marketing. In terms of insurance, this type of cyber damage is called “first-party cyber damage”, since it is caused by you or your business and not your customers. The good news: exali also offers an insurance solution for such cases:
First-party Cyber and Data Risks Insurance
First-party Cyber and Data Risks Insurance is an add-on that you can book with Professional Indemnity Insurance from exali. It protects you from the financial consequences of a cyber attack that arises from your business itself. This includes, for example:
- Hacker damage to your own IT systems
- First-party data rights claim (in particular spying on personal data)
- Expenses for an (imminent) interruption in business (additional cost coverage)
- Breach of trust damage (intentional damage to own IT by employees)
- Costs for criminal defence (internet criminal legal protection)
What makes us special: In addition to insurance for your own damages, additional costs in connection with restoring your business capacity are also covered. This includes, for example, the commissioning of …
- ... external forensic computer scientists
- ... specialised lawyers and consultants to inform data owners
- ... credit protection and monitoring services
- … professionals for PR and crisis management.
Do you have any questions or would you like advice on Professional Indemnity Insurance and/or insurance solutions to protect against the consequences of cybercrime? Then feel free to contact our insurance experts in customer service on +49 (0) 821 80 99 46-0 (reachable by phone: Monday to Friday 09:00 to 18:00 CET).
Daniela has been working in the areas of (online) editing, social media and online marketing since 2008. At exali, she is particularly concerned with the following topics: Risks through digital platforms and social media, cyber dangers for freelancers and IT risk coverage.
In addition to her work as an online editor at exali, she works as a freelance editor and therefore knows the challenges of self-employment from her own experience.