With Philomena Comerford, President & CEO, Baird MacGregor Insurance Brokers LP
The pandemic has changed how we live—the way we work, interact, shop, and spend our free time—by moving as much of that activity online as possible. The cyber risks presented by these changes aren’t new, but their necessary solutions will take a significant amount of effort and careful consideration.
Philomena Comerford, President & CEO of Baird MacGregor, has shared her expertise on cyber threats in a previous issue of TOB, but the current situation has presented a new set of challenges and opportunities.
“If anyone doubted that insurance was an essential service or feared that brokers would be digitized out of existence: not true. All of us are pretty much working around the clock. It’s unbelievable how much we’re needed right now.”
INCREASED CYBER THREAT
Since the start of the pandemic there has been a noticeable increase in cyber events and claims. Some of that activity can be attributed to cyber criminals purposefully taking advantage of the current crisis using techniques we’ve seen before, including phishing scams.
“Everybody’s hungry for information about the coronavirus and all of these criminals know that. They’re trying to draw people in either to hawk fake products or get them to go on what appear to be legitimate sites, mimicking for example John Hopkin’s University and then unleashing malware.
“Since everyone’s working from home now, new conversations need to take place with our clients about the fact they’re more vulnerable than ever.”
HIDDEN RISKS
In the rush to get running quickly, some businesses have overlooked cyber security best practices, which has introduced new technical risks. Some people are using personal devices and many remote set-ups are running off a patchwork of systems that each come with their own set of vulnerabilities.
While technological risks are serious, human risks have been driving a lot of the recent increase in cyber events. Prior to the pandemic, many cyber incidents involved some form of deception and that has only increased. People are working in a new way, from a different location, possibly with a different device and their lack of familiarity with the situation makes them more susceptible to threat. In this environment of uncertainty, deception raises fewer flags.
“We had to deploy devices to staff that hadn’t traditionally worked from home, so they’re getting used to new procedures. We had to focus on being safe ourselves.
“I do want to give a shout out to all the IT people. By allowing people to work from home, the IT community has prevented the spread of the pandemic. They should be counted among the heroes of this pandemic.”
WHAT THE PANDEMIC HAS TAUGHT US
Having plans in place is important, but it’s crucial for businesses to develop a culture of cyber security, because it’s difficult to prepare for every contingency and it only takes one weak link to expose a business to a cyber threat.
“We’re deploying online cyber training for our staff. And we’re going to retest them every six months to keep awareness up. It’s like the message wash your hands, wash your hands, well we’re doing the same with cyber hygiene.”
THE FUTURE OF CYBER INSURANCE
This incident has underscored the need for cyber insurance at all levels as people realize how much they depend on their IT systems. This is no longer just a concern of large corporations, it’s especially true of small and medium businesses since they likely have far less cyber security in place.
“We’re warning our clients and continuing to talk about cyber being part of their insurance lineup. With the increase in electronic communication and ecommerce, it’s only a matter of time until banks start demanding cyber insurance be part of the lineup of coverages they’re looking for before entering into any loans or lines of credit.”
As much as cyber insurance is becoming a necessity for brokers’ clients, that’s even more true for brokers themselves. Getting hacked during this pandemic would create the perfect storm for Principal Brokers who are already grappling with the challenges of supervising a remote workforce. Maintaining a properly secured network in the current telecommuting work environment adds to brokers’ business continuity challenges.
Under RIBO regulations, brokers are required to protect their clients’ privacy and must comply with federal mandatory breach notification law. It’s in brokers’ best interest to meticulously maintain email contact information for every client and know which clients prefer phone or mail contact. By doing so, they’ll be positioned to efficiently fulfill their breach notification responsibilities if client information is accessed by a hacker. Brokers who carry cyber insurance can turn to their insurer partner for help in the wake of a breach.
“I think they should be making cyber mandatory for insurance brokers because of the amount of personally identifiable information we have—it’s immense. Brokers should know that if RIBO knocks on your door for an audit, they’re going to ask about your cyber hygiene. To not have cyber insurance right now is like walking outside with no clothes on.”