Typical Coverage Of Cyber Insurance

Hacking is no longer a hobby for a script kiddie’s 15 minutes of fame, but it is now a very serious business earning cybercriminal organization billions of US$ yearly. In the report made by a team from SCOR, MSIG, TransRe in the coordination of Cyber Risk Management initiative revealed that the cybercriminal organizations are set to commit $85 to $193 billion worth of damage by their cyber attacks. If no significant improvements will be done with cybersecurity defense, the damage sustained due to cyber attacks and the profits earned by cybercriminals will continue to grow.

The good news is the Insurance industry has taken the responsibility to help companies to pay for the damages for the attacks, with total claims range from $500,000 to $200 million depending on the extent of the damage received. Suffering an attack of this kind can have dire consequences. As they are cyber insurance can be very useful for companies, since a cyber attack can be very harmful. Cyber risk is a probability that a threat will materialize on a vulnerability of a computer system, causing situations that may include the loss of equipment, the theft of data, the action of hackers to manipulate data and actions, power supply interruptions, etc.

The consequences of a cyber attack can be very serious. Among these consequences is the loss of data of the company and third parties, claims of third parties, complaints from the Data Protection Agency, loss of confidence or even cessation of activity. Cyber insurance, which has been marketed in Spain for a few years, helps mitigate the effects of these attacks. However, companies still need to be aware of the real risks they face.

Cyber insurance can include coverage such as responsibility for security and privacy, legal defense and bonds, third-party notification and crisis management expenses, administrative sanctions, multimedia liability, loss of income, data restoration and extortion of data.

The following concerns are usually covered by cyber insurance companies:

• The Malware .- With this generic term refers to all malicious software that allows infiltrate a system with the intention of damaging it.
• The virus.- It is the best-known type of malware, which systematically infects the files of a system by means of malicious code, after the user activates or executes the same, destroying the system or the network.
• The worms .- These are programs that, once activated, proceed to make copies of themselves and spread through networks and they are different from viruses, while not requiring the user to activate or need a means of backup since they can be transmitted by emails or the networks themselves. The intention of this type of malware is not the destruction of the system but the creation of botnets, this is networks of computers that simultaneously execute any order or action that is indicated to them in a remote way.
• The Trojans.- They are malware very similar to viruses, but with the difference that they do not have a direct destructive purpose, on the contrary, it allows the entry of other malicious codes or programs (that is, it acts as a Trojan horse).
• Spyware.- It is a spyware program that allows obtaining information from a system in a camouflaged and silent manner, which allows this malware to spy on the system without being detected and can even install other programs in it.
• The ransomware.- It is a type of software designed to hijack data or systems with the intention of requesting a ransom for them, either by means of a bank transfer or through the use of bitcoins.
• The spoofing or phishing.- The highlight of this modality pretension of something with the goal to capture user information. To use these stolen identities, through emails, messages or telephone calls, for perpetrating fraudulent transactions.
• Denial of distributed service or DoS .- This cyber attack is aimed to saturate all the system resources of a server, which is achieved through the mass, and from various computers, of requests to that server.
• The cryptojacking.- This is a recent form of cyber attack that consists of hijacking computers, mobiles, and tablets with the aim of mining, without the knowledge and authorization of the user, cryptocurrencies. This is achieved through the unauthorized use of such devices, which upon entering a web insert without knowing a hidden code, so every time the person visits the web, part of the processing of the equipment is used to mine or generate cryptocurrencies.