Cyber Security Awareness Tips

Find an Agent

An independent insurance agent can help you make the choices that are right for you.

March 2015

S.A.F.E.  Five Steps to Managing a Data Breach

The President has made it clear that, just like the government, people, businesses, and infrastructure are also vulnerable to cyberattacks. Unfortunately, many organizations are not prepared to quickly recover after an attack even though they may have taken some steps to protect their business. It is critical that business owners know what to do to secure their systems and mitigate financial and reputational damage in the event they are breached. These five steps can help keep your business S.A.F.E.

S: Set the strategy
Thinking about how to respond to a cyber event after it happens is a poor strategy. Business owners need to consider cyberattacks just as they would any other risk – like fire, theft, or severe weather – and plan for it as part of their business continuity strategy.

A post-cyber event plan should consider a number of issues, including:

  • notifying customers; 
  • assessing the scope of the breach; 
  • handling legal policies and procedures to report the event; and
  • contacting your insurance agent and carrier, and managing communications.

There also must be a clear protocol in place to identify which employees are managing each component of the plan. For example, it is important to determine who will be responsible for informing the insurance provider and what information he or she needs to provide in the event of a breach. The plan should also delineate which departments, including IT, HR, public relations, legal and operations, are on the incident response team.

Identifying how you will respond to a cyber breach in advance will help save time, and money, in the recovery.

A: Assess the breach
If an event occurs and data is exposed, it is important to quickly ascertain how widespread the breach was and if systems are secure. Data should also be categorized to determine whether personal information was compromised, such as Social Security numbers, medical records, or financial information. This will enable the company to accurately and quickly notify customers about what took place.

F: Fix the problem
Companies should identify and utilize external resources to assist in managing a cyber-event. A “breach coach” or attorney experienced in security and privacy compliance issues can assist with this. The “breach coach” can also help gather facts surrounding the incident, such as when and where the breach occurred, man-hours spent recovering, and estimates for the overall cost of remediation. These details are necessary to help re-secure a company’s data network, refine the internal and external communications plan, and serve as evidence if the data breach results in a legal battle.

Your cyber insurance carrier or agent should be able to connect your business with an experienced “breach coach” to help it recover from an event.

E: Examine your systems
Once a company determines how, when, and where the breach occurred, its IT staff should check to ensure that the data is secured with necessary patches or fixes. Systems should be tested and re-tested thoroughly to help identify process gaps and confirm that sensitive company and client data are secure.

Remembering the S.A.F.E. acronym and following each of the steps will help give your business an effective plan to make it through a cyberattack.

Travelers understands the complexity of cyber threats and has solutions to help protect businesses of all sizes, across all industries. To learn more, talk to your independent agent or visit Travelers.com/cyber.

January 2015

Cyber Resolutions for the New Year

In 2014, stories about cyber crime dominated media headlines and it’s likely to continue in 2015. As companies of all sizes evaluate their successes, business goals, operations and risks while kicking off a new year, protection against cyber issues should undeniably be part of the discussion. Undoubtedly, the cyber landscape is continuing to evolve as cyber criminals become smarter and more creative about their tactics to steal information from companies. Business leaders need to consider not only what they can do to avoid these incidents, but also the available safety nets for the company should a cyber event occur.

Protect Secure Customer Information. One of the greatest exposures when it comes to cyber incidents is the loss of personal information, which occurs when a hacker obtains sensitive personal information from a company’s computer system. This often happens when hackers are able to access employee laptops, mobile devices and tablets. When the company’s computer system is compromised, company and customer data is vulnerable, often resulting in claims being filed by customers against the company for allowing access to their information.

Review Vendor Vulnerabilities. It is important that companies understand the data that is exchanged with vendors; and if those vendors do not have the right data security in place, it can translate into significant exposure for the company and their customers. The “right” data security can range from having information security programs and complying with industry standards around data, to limiting access to data and how it is shared with subcontractors. Vendors should also have the  protection of cyber insurance and their own data breach plan in place.

Secure Passwords. Another common way for hackers to penetrate a company’s system is through breach of passwords. Employees with unsophisticated passwords leave their computers and accounts – and therefore, the company – vulnerable to attack. A best practice is to require employees to use more complicated passwords and to change them on a regular basis.

Monitor Mobile. Establish usage standards for mobile devices and be sure they are clearly communicated. For example, to avoid security breaches, employees should be instructed to use public Wi-Fi only in very limited circumstances. Any data or information that shouldn’t be made public, such as proprietary business or customer information  such as credit card numbers, should not be transmitted or accessed through public Wi-Fi. Hackers can easily intercept public Wi-Fi, so it is imperative that employees cautiously use the Internet and transmit information.

Establish a Plan. If a breach occurs, there should be a clear protocol for how it is managed. Leadership should clearly define and communicate who is responsible for managing the situation, what actions will be taken in the event of a breach, who should be involved in any  quick decisions, etc. The company’s insurance agent or broker can be a critical resource for developing this type of plan.

Plan for the unexpected. A message that has been made clear by media recently is that cyber incidents are becoming less of an “if” and more of a “when” for companies of all sizes. Establishing best practices and protections is the best first line of defense. However, companies also need to make sure to plan for the unexpected. If a cyber incident does occur, the company’s reputation and finances are perilously on the line. Securing proper cyber insurance coverage can help prevent significant financial losses and act as much-needed protection. Again, an independent agent or broker can help company leadership determine what type and level of coverage is appropriate, given that every company has different exposures and needs.

November/December 2014

Is your business ready to protect against cyber-attacks this holiday season?

Online holiday sales in 2014 are estimated to rise between 8 and 11 percent, reaching as much as $105 billion, according to the National Retail Federation. Because shoppers are expected to do much of their holiday shopping online, this presents a heightened concern over cyber security.

While, businesses should help guard against cyber-attacks all year long, they should be especially diligent during the holiday season when employees are at their busiest.

  • Train employees to protect sensitive information. All employees—even seasonal ones—should learn the importance of protecting the information they regularly handle to help reduce exposure to the business. This includes everything from locking up customer records to keeping passwords strong and confidential. Employees should also be taught how to handle a breach if one occurs.
  • Halt systems changes until the end of the year. Make sure your software and other technologies are running smoothly and avoid implementing new systems at this time. Of course, there may be exceptions to address critical new patches.
  • Ensure systems have appropriate firewall and antivirus technology and that security software patches are updated in a timely fashion. After the appropriate software is in place, evaluate the security settings on software, browser and email programs. In doing so, select system options that will meet your business needs without increasing risk. Regularly maintaining security protections on your operating system is vital to them being effective over time.
  • Monitor use of mobile devices and public Wi-Fi access for employees. Establish usage standards and be sure they are clearly communicated. For example, to avoid security breaches, employees should be instructed to use public Wi-Fi only in very limited circumstances. Hackers can easily intercept public Wi-Fi, so it is imperative that employees cautiously use the Internet and transmit information. To reiterate, any data that shouldn’t be made public, such as proprietary business or customer information or credit card numbers should not be transmitted or accessed through public Wi-Fi.
  • Insure your season is protected. Insurance coverage typically includes liability protection for when customers or other individuals who have been affected hold a company responsible for information stolen during data breaches or other network intrusions. A cyber policy can also include coverage for a forensic investigation, litigation and remediation expenses associated with the breach. In addition, a cyber program may include coverage for business interruption, which is critical during the holiday season.
  • Have a plan in place to manage a data breach. If a breach occurs, there should be a clear protocol for which employee is managing the situation, and what action should be taken, such as informing the insurance provider, etc.

October 28, 2014

Cyber is here to stay: Travelers can help

Constant reminders in the media have caused many businesses large and small to step back and consider how best to use the Internet safely and securely. In fact, the Symantec 2014 Internet Security Threat Report showed a 91 percent increase in targeted attacks over the last year.

As businesses consider protecting themselves against cyber attacks, it is important that they get up to speed to build out their digital security plans. Travelers offers numerous online resources to help business owners navigate the growing threat of cyber risk and keep their assets and their customers’ assets safe. Some examples include:

  • Travelers.com/cyber – a public online portal that provides insights on the threats associated with cyber risks and how to effectively manage them.
  • Travelers’ e-Risk Hub powered by NetDiligence® – a private, client-only web resource, contains additional information and technical resources to help customers prevent and respond to cyber events.

Travelers specialized cyber coverages address a wide range of risks associated with different sizes and types of businesses and will help you recover after such an event occurs.

Our cyber solutions are complemented by specialized claims expertise and provide tailored solutions including coverage for forensic investigations and litigation expenses associated with breaches. Many coverages also include regulatory defense expenses, crisis management expenses, business interruption support and cyber extortion.

The amount of coverage a business or organization needs depends on its level of risk. Travelers understands the complexity of cyber threats and have solutions to help protect businesses of all sizes, in all industries. Talk to your independent agent or visit Travelers.com/cyber to learn more.

October 20, 2014

Knowing Your Cyber Risks

To better understand the unique risks facing companies today, Travelers recently launched the Travelers Business Risk Index, a survey of business leaders from organizations of all sizes and industries. With repeated news of data breaches arising in the media, it is no surprise that American businesses large and small agree that technology-related dangers are among their top risks.

The survey polled more than 1,100 business decision makers to better understand what they believe poses the gravest threat to their business. Many leaders reported the risks they identified as their biggest concerns are also the issues their businesses are least prepared to address.

In fact, more than half (53 percent) of business leaders cited computer, technology and data-related risks as a major concern, with a particular focus on computer viruses and hacking. The top four risks survey respondents reported keeping them up at night are:

- Viruses infecting computer systems;
- Security breaches by a hacker;
- Unrecoverable loss of the stored data; and
- Potential theft or loss of customer and client records.

With thoughtful planning, businesses can prepare for and often avoid these risks. Some quick and easy steps a business can take include:

- Working with an independent agent to ensure all manageable exposures are covered.
- Ensure that employees are exhibiting behaviors that limit cyber risks.
- Utilizing resources such as Travelers.com/cyber to help understand and navigate the growing threat of cyber risks.

The amount of coverage a business or organization needs depends on its level of risk. Travelers understands the complexity of cyber threats and has solutions to help protect businesses of all sizes, across all industries. To learn more, talk to your independent agent or visit Travelers.com/cyber.

Open Infographic at left as PDF file

October 14, 2014

What is at Risk?

Individuals and companies alike are concerned about cyber risks. While it’s important to be aware that no organization or person is immune to cyber threats, understanding just what exactly can create a cyber risk exposure is equally valuable. Two of the largest concerns are personally identifiable information (PII) and personal health information (PHI) – and for good reason. In fact, most breaches involve the exposure of both of these categories of information¹, which open up the floodgates to what cyber criminals can access.

In 2013 alone, more than 800 million records were exposed², which marked a 211 percent increase over 2012³. With recent headlines like “Hackers Find New Ways to Breach Computer Security” from The New York Times, cyber breach activity doesn’t show signs of slowing. Almost half of PII and PHI breaches have involved the loss of password data⁴and 40 percent include the loss of names, user IDs and e-mails⁵.

While it is critical for organizations to have strict practices in place to ensure breaches don’t occur internally, 71 percent of breaches in 2013 were attributed to activity from outside the organization⁶. The 2013 statistic blows past the all-time high of 63 percent of breaches occurring from outside the organization⁷.

Having cyber insurance has gone from a “nice” option to a “necessary” activity in order to protect against cyber threats and to protect organizations and their clients in the event of a breach. Travelers understands the complexity of cyber threats and has solutions to help protect your business. Talk to your independent agent or visit travelers.com/cyber to find the cyber coverage that’s right for your organization.

Open Infographic at left as PDF file

1 NetDiligence® 2013 Cyber Liability & Data Breach Report
2, 3, 4, 5, 6, 7 An Executive’s Guide to 2013 Data Breach Trends Sponsored by Risk Based Security and Open Security Foundation

October 7, 2014

The Real Cost of a Cyber Breach

A solitary data breach might seem at first glance like an inconvenient, but wholly manageable, business exposure. After all, how much damage could one lost or stolen laptop or one hacked account create?

Here’s the surprising reality: a single data breach typically results in about 29,000 breached records¹, which cost roughly $201 each². That’s a whopping $5.85 million³ for the cost of the average single data breach. Breaches come in the form of attacks on personal computers, mobile devices and routers⁴. As explored earlier this week, approximately 20 percent of all data losses are due to lost or stolen devices⁵. While it’s important to understand the data that is at risk, it also is important to know the financial impact a breach can have on a company.

Costs associated with data breaches go well beyond the price of fixing the company security system. From notifying clients to legal settlements, these expenses add up quickly and can include, on average:

- Post-breach costs of $1,600,0006
- Notification costs of $509,0007
- Lost business costs of $3,300,0008
- Legal defense costs of $574,0009
- Legal settlement costs of $258,00010

Of course, there are “costs” that go beyond immediate expenses that are associated with data breaches, too. The loss of customer trust and damage to a brand’s reputation are not easily accounted for initially, but they can lead to significant financial losses over time.

Working with an agent or broker who understands not only cyber threats, but the exposures related to your specific industry can mean the difference between having to spend a fortune to put your company back on the right track after a cyber incident.

Open Infographic at left as PDF file

1 Ponemon Institute 2014 Cost of Data Breach Study
2 Ponemon Institute 2014 Cost of Data Breach Study
3 Ponemon Institute 2014 Cost of Data Breach Study
4 Symantec 2014 Internet Security Threat Report
5 NetDiligence® 2013 Cyber Liability & Data Breach Report
6 Ponemon Institute 2014 Cost of Data Breach Study
7 Ponemon Institute 2014 Cost of Data Breach Study
8 Ponemon Institute 2014 Cost of Data Breach Study
9 NetDiligence® 2013 Cyber Liability & Data Breach Report
10 NetDiligence® 2013 Cyber Liability & Data Breach Report

October 6, 2014

The Cost of Lost Devices

Cyber breaches, once viewed as a threatening hypothetical, have become an everyday reality. Given that this range of criminal activity continues to be among the world’s fastest growing criminal threats, cyber breaches pose a challenging decision for companies that have adopted tablets, phones and laptops to conduct their business.

The use of mobile devices has both benefits and drawbacks, particularly related to industries where employees travel and have remote access to sensitive information. On the one hand, mobile devices are efficient and streamline employees’ access to information. On the other, use of such devices may create several potential challenges and risks – one of the greatest being the loss or theft.

Device Disappearance

In fact, 20 percent of data losses are due to lost or stolen devices¹. The loss of just a single laptop costs an estimated $49,246², when you include the replacement of the device, legal costs, investigation, time and other minor miscellaneous expenses that can occur as a result of an incident.

Providing best practices for employees who choose to use mobile devices can be one way to help manage exposures. Simple steps, such as enabling auto-lock on devices; adopting passwords that combine letters, numbers and symbols; and ensuring employees keep devices in a safe place at all times can go a long way toward minimizing risks for hacking and theft.

In the event a laptop is stolen, a phone misplaced or an account hacked, cyber risk insurance policies can help companies minimize both their financial and reputational impact.

Travelers understands the complexity of cyber threats and has solutions to help protect your business. Talk to your independent agent or visit travelers.com/cyber to find the cyber coverage that’s right for your organization.

Open Infographic at left as PDF file

1) NetDiligence® 2013 Cyber Liability & Data Breach Report
2) Ponemon Institute Appendix 1 Summary of the Lost Laptop Framework

October 2, 2014

Spear phishing targets businesses of all sizes.

As U.S. businesses consider how to use the Internet securely, it is important to realize that targeted attacks over the last year have risen 91 percent according to The Symantec 2014 Internet Security Threat Report. One area of concern for all size businesses is spear phishing. These are attacks that target individual employees and attempt to manipulate them into divulging confidential information such as computer passwords, credit card or bank account information. Companies and employees need to understand the threat and be on the lookout.

Open Infographic at left as PDF file

September 29, 2014

Cyber Risk: What is exposed and what can you do?

Cyber. You can’t escape the topic and the news surrounding it never seems to be positive. A quick online search of the subject pulls news results with headlines that include words like: attack, warfare, defense, breach, threats, security and danger. But what information and who is actually at risk?

The answer: everything and everyone

Of the cyberattacks that occurred in 2013, four of them made the list of top 10 worst cyber breaches of all time – just one year, accounting for nearly half the list. Cyber-related attacks continue to become more prevalent and far more detrimental each year, amounting in thousands to millions of dollars in recovery costs for businesses, along with a significant blow to companies' reputations.

Cyber criminals target a wide range of information from user IDs and passwords to personally identifiable data and personal health information. The chart below breaks down information most commonly under attack.

So how can you help protect yourself and your organization?

Step 1: Know your data. Create an inventory of all data and information - digital or physical - along with where it is stored.

Step 2: Evaluate your cyber exposure. Understand which information and systems are most critical to protect. Then, determine the ramifications of a cyberattack on each

Step 3: Cover your assets. No risk management plan is complete without cyber insurance. Travelers cyber insurance solutions are robust, scalable and designed to address the broad array of exposures in today’s digital world.

The amount of coverage a business or organization needs depends on the level of risk. At Travelers, we understand the complexity of cyber threats and have solutions to help protect your business. Talk to your independent agent or visit travelers.com/cyber to find the cyber coverage that’s right for your organization.

Open Infographic at left as PDF File

Travelers Casualty and Surety Company of America and its property casualty affiliates.
One Tower Square Hartford, CT 06183

This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy or bond issued by Travelers. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy or bond. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy or bond provisions, and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations.

How safe is your data?

How safe is your data?

Help protect your business by establishing a comprehensive policy on cyber security

Learn ways to secure your business from cyber threats >
©  The Travelers Indemnity Company. All rights reserved.
Connect with usFacebook Twitter YouTube Linkedin