Columns

Cyber Security: Insurance for the Unseen Risk of the Digital World

Cyber security is critical in today’s technological age. Costs from incidents can add up quickly.

By: Chris Morey

Associate Vice President, Bolton & Company

Many businesses today have shifted most of their process to the Cloud, or rely on computer systems to get the job done. It is nearly impossible to find a business that operates without some sort of digital presence. Whether it be a simple website for marketing purposes, or transactional business, or internal communication for employees to manage HR information and store client data, the “Cyber” world has grown exponentially.
 
With such rapid expansion, there is always bound to be room for error when relying on the digital world.
 
For example, with the sudden work from home movement via COVID-19, many businesses had to rapidly purchase laptops and get employees setup to work from just about anywhere. Many were not able to establish the proper remote login security or protocols for employees to follow, which left them exposed to what we call “Cyber Criminals.”
 
Cyber Incidents on the Rise
Data Breaches, Ransomware, Viruses and Social Phishing are just a few cyber events that have become more and more frequent. All of these can become a financial burden on a business when trying to resolve the issue.
 
Over the past 12 months, I have received dozens of calls that tend to circle back to a loss/coverage found within a Cyber Insurance Policy. 
 
This is a reminder that Cyber Insurance policies are available and have proven to be useful in today’s technological era, if not more useful than a General Liability policy simply due to the frequency of Cyber Claims all over the country. Below, I am going to outline a couple scenarios that have been presented to me and how a Cyber Insurance Policy would have played a role. 
 
Fraudulent Wire Transfer: An employee of a business receives an invoice/request to pay from a business you work with (manufacturer/supplier). The e-mail received by an employee shows it was sent from the business you normally transact with. Same e-mail, name, signature (or perhaps off by one miniscule detail). In today’s fast pace environment, the invoice is paid and business carries on.
 
Upon further review, the wire transfer instructions directed toward a “different” bank account. You didn’t catch it, your bank didn’t catch it, and the only indicator the funds are missing is that the recipient has yet to receive them. The funds were sent to an unintended third party that was impersonating (Phishing/Social Engineering) the business you are used to working with.
 
This happened to an e-commerce supplement client of mine, in a six-figure amount.
 
Cyber Insurance Policies have a coverage component called “Cyber Crime” in which there is coverage for Funds Transfer Fraud. Example language includes coverage for:
 

  • Any unauthorized electronic transfer of funds from your bank;
  • Theft of money or other financial assets from your bank by electronic means;
  • Theft of money or other financial assets from your corporate credit cards by electronic means;
  • Any Phishing, vishing, or other social engineering attack against any employee or senior executive officer that results in the transfer of your funds to an unintended third party.
 
System Damage/Security Breach: Network servers were targeted by cyber criminals that implanted a virus into the computer systems. The virus spread to 11 computers and compromised critical data of the business/customers. Costs begin to pile up from forensic investigations, replacement of computer equipment, data restoration, customer notification, loss of business income during down time, etc. It adds up quickly.
 
All of the above are coverage components of a Cyber Insurance policy. The most notable is the “loss of business income.”
 
I call this out because on a Commercial Property Policy, there is usually a line item that provides coverage for Business Income/Business Interruption. Please read that clause carefully because it more than likely **excludes** coverage for a loss caused by a Cyber Incident as this coverage is provided by a Cyber Insurance Policy.
 
Stay Informed
To put it simply, a Cyber Insurance policy contains many coverages that apply to a wide variety of Cyber related losses. Yet, it’s rather alarming the amount of businesses that are misinformed or even uninformed of what a Cyber Insurance Policy can do to help manage risk.
 
Most Cyber Insurance providers will include tools for risk management to help you better protect your business (in addition to carrying a policy).
 
I am always open to discussing hypotheticals and analyzing quotes or coverage language as it ties back to the supplement and CBD industry. With the rates on these Cyber Policies beginning to climb, I encourage all the businesses I work with to explore a quote and to then decide if the cost is worth the benefits. Please contact me if you wish to dive deeper into
this topic.


Chris Morey is associate vice president at Bolton & Company. He is a Certified Sports Nutritionist who focuses on the needs of clients within Bolton’s Dietary Supplement Practice Group. With more than seven years of customer service experience, Morey looks to find the right insurance solutions for his clients in the Health and Fitness industries. With a substantial focus on the supplement industry and all parts of the supply chain, he also strives to serve the hemp and CBD product space as the insurance industry continues to fluctuate and evolve. Prior to joining Bolton in 2015, Morey worked for Nutrishop USA. He holds a Bachelors of Arts in Business Administration from Azusa Pacific University. He can be contacted at cmorey@boltonco.com.

Keep Up With Our Content. Subscribe To Nutraceuticals World Newsletters