I come across a story like this every so often. We meet with a business executive to explain what we do and get the following response: “We have Cyber Insurance. We are all covered. We Don’t need whatever you’re selling.”
Don’t get me wrong; having Cyber Insurance is important, and you need to have it, but it’s not the end-all solution to combating cyber attacks.
In fact, if you don’t have proper cybersecurity controls in place, you can be denied a claim.
Cyber Insurance is excellent for financial restoration when you get attacked. No, I didn’t mistype what I said when. There are other things to consider, such as the fact that no amount of insurance can restore your reputation.
Anna and Robert’s Story Prequel
We recently had a story about Anna and Robert, who owned a resort for 43 years. Here is the link to that Article. Let’s go back to how I met Anna and Robert. We were at a mixer together and had a polite conversation. I asked about their IT needs and their concern with cyber attacks.
Robert replied, “We have a long-standing relationship with an IT support company with which we are comfortable. We have been working together for 20+ years. They have got us covered. Plus, we have insurance for those unexpected issues. We’re Good.” With that, I ended the conversation with, “Well, if anything changes, here is my card; give me a call.”
Fast Forward: The proverbial IT hit the fan. The Aftermath of a Cyber-Attack
Once Anna and Robert found out they had no backup, they called their insurance agent. One of the first things the insurance company does is bring in an approved IR team. IR stands for Incident Response. Their job is to determine how the incident happened and help get you back up. The insurance company may bring in someone to negotiate the ransom and extortion payments.
Treat it Like a Crime Scene.
At this point, it’s all hands-off. Nothing can happen unless the IR company tells you. You can’t turn off computers, reboot routers, or wipe and reload computers. You have to treat it like a crime scene. Everything is being documented. Everything is being reviewed.
And now, the rest of the story.
After the couple contacted the insurance company, Anna and Robert called me. They wanted to see if there was anything I could do. I explained, “Unfortunately, I can not. The IR company is running the show. They will likely use your current IT provider for hands-on work. However, I am here if you have any questions.” They thanked me for my time, and then Robert asked, “How long do you think we will be down? We are about to head into our busiest time of the year.” I replied, “Robert, I wish I had good news for you, but you will likely be down for 3-6 weeks minimum.”
I occasionally checked in with Anna and Robert to see how they were doing mentally and to see the progress of the restoration.
3 Months and none the Richer.
Three months later, the IR team had concluded their investigation, and the ransom and extortion payments had been negotiated and paid. The data was finally restored, and the resort was starting to come online.
The total hard costs for this cyber incident, including the IR team, the negotiation, the breach coach, notifications and credit monitoring for the affected, and the ransom itself, are slightly over a million dollars.
The Incident Response Team found:
- Insufficient Antivirus on some of the computers
- Out-of-date firewall
- No evidence of MFA
- Several Computers were End of Life.
- Most computers needed patching.
- Backup was inadequate, and there was no recovery plan in place.
Because of these findings, the insurance company would only pay 50% of the claim. Because they were down, they lost a lot of revenue because they couldn’t correctly accommodate their guests. Some guests, even some of their loyal guests, canceled because they didn’t feel safe. Anna and Robert, for the first time in over 30 years, experienced net losses.
Moral of the Story
Anna and Robert thought they were covered and were doing everything right. They had no idea that they were so vulnerable or that their insurance company wouldn’t cover them completely.
After this incident was over we sat down again. We discussed what had happened and what we can put in place to help protect them. Robert asked “So if we hire your company, this will never happen again?” I replied, “I never tell anyone we can stop this from happening, and you should never trust someone who does. But if we put enough layers of security in place, then maybe, just maybe, they will pass you by. Our goal is to make you insurable, so when it happens, your claim will be paid 100%.”
Underdog Cyber Defense is Your Partner
Unlock many IT providers that “Bolt On” cybersecurity solutions. We are unique. We are built from the ground up in cybersecurity. We combine the proactive disciplines of cybersecurity with reactive traditional IT support. The result is a security-first tailored solution for our clients.