Cyber attacks are on the rise:
One of the greatest risks to financial loss of our small business clients today are cyber attacks, which we have witnessed firsthand in our office. There has been a massive increase in fund transfer fraud and other cyber related claims from our clients, and unfortunately under the standard commercial insurance policy, most of these attacks are not covered.
Cyber attacks are a growing risk for the small & medium enterprises like you and us, so we encourage you to engage with us in some dialogue about how this cyber exposure is effecting you as well as your options for protecting against them.
Let’s make it clear that this is not a ploy to sell you more insurance, but rather a warning that cyber attacks are a legitimate exposure, and they are growing by the day. We are really concerned about this threat to the stability your business and guarantee it is worth your time to be informed. From there, you can decide if it’s worth insuring or not.
Some examples of claims we have seen:
• A retailer’s email was compromised, and a fraudster/threat actor was able to send incorrect banking details by posing as one of the retailer’s suppliers - our client sent a payment to the fraudster that was never recoverable. Most retail policies do not cover any fund transfer fraud - this client had some minimal coverage and was able to recover only $10k of over $40k sent.
• A financial services client received a really good fake email with new banking details from a trusted supplier – turns out they were not the supplier at all. The client sent over $40,000 to the fraudster - but were able to recover from their cyber insurance.
• A manufacturing client had their automated line shut down from a ransomware attack - they lost three weeks of production until over $250k was paid out.
There are some safe-guards you can take to reduce the risk:
• Implement a method to verify all banking details – use a secondary mode of communication to verify the details (ex. by phone or other method).
• Double authorize all funds transfers – This allows a second set of eyes to view and verify that all the information is correct before the money is sent.
• When an email seems unusual – take a closer look and ask yourself if the sender is who they say they are. Look at the letters in the email and make sure the domain or name matches what you have on your files or what they have on their website.
• Follow a funds transfer checklist - For simplicity, we have provided a link to a downloadable checklist created by the Law Society of British Columbia's Lawyers Indemnity Fund (LIF) below:
Cyber claims are increasing and we are all at risk to financial loss from these cyber attacks. To properly protect you from this exposure, a standard commercial business policy is not the route to take, but rather we recommend a standalone cyber specific policy.
If you are interested in starting this conversation, please reach out.
Office Telephone: 604-542-0077
Office Email: [email protected]