By Kate Norris
Each month, we will highlight trends we hear in conversations throughout our advisor network and identify the risk implications of those trends. We’ll discuss the ways families and their advisors can take proactive steps to prevent and minimize forecasted and current risks.
Our fifth edition of Risk Threads features the timely topic of cyber, including one family office’s devastating cyber loss and why it’s important to protect yourself from the risk of cyber criminals.
There is no doubt that malicious cyber activity continues to threaten individuals, families and businesses of all industries and sizes. In fact, cyber criminals continuously look for ways to take advantage and defraud people and companies by accessing their computer systems, devices, and networks. Perhaps that’s why in my conversations with fellow advisors serving successful families, the topic of cyber continuously comes up in our discussions. Specifically, many share stories of their clients’ losses, and to their detriment, they did not have resources or insurance to help. This too-often-seen scenario only adds to a client’s suffering.
One specific, recent cyber event that comes to mind—and one in which it had devastating effects on a family office—involved cyber extortion. According to NAIC Center for Insurance Policy and Research, cyber extortion, also known as ransomware, is a type of malicious software that infiltrates computer systems and locks them down until payments are made or other demands are met. When cyber extortion hit this particular family office, it resulted in significant financial repercussions for the family, in addition to an emotional toll and copious amounts of time spent cleaning up the fall out.
When family offices manage the personal and financial wellbeing of extraordinarily successful individuals, they are charged with keeping that information safe. I often say, “A family office literally has the keys to the castle,” meaning the family office has access to all of the home’s security measures, every account number, every legal document, all contracts, deal information, location of all high value assets, and so much more. One can imagine the value this treasure trove offers a cyber criminal.
What’s more, to add to the problem, the family office who experienced the incident actively chose to self-insure. Now, there is a time and a place when self-insuring is the right path but when it comes to cyber, the answer always is: TRANSFER THE RISK!!!
Why should you transfer the risk to an insurance company? Below are a few important reasons:
- 24/7 Incident Response Services that include access to:
- Legal counsel to help a client understand the law around a cybercrime
- Forensics firms to investigate the breachFraud consultants to also aid in the investigation, including looking at fraudulent transfers of monies, one of the most common cyber claims
- Public relations firms to manage the media landscape after a covered event, an important consideration for affluent and at times, famous, people
- Credit monitoring to help it protect your identity and notifying you of suspicious activity associated with your personal information
- Cyber vulnerability assessment services, which review the security weaknesses in systems and devices exploited by a cyber criminal or malicious software
- Solutions to prevent an incident
- Team and family member education, which help the family and employees understand cyber risk and schemes as well learn cyber security best practices
- A policy to respond and pay out after a covered incident
Cyber and cyber extortion losses can result in costing a family millions of dollars to get their data back and tens/hundreds of thousands of dollars to pay for all the resources needed to investigate, fix, and fortify their systems. A cyberattack is stressful enough, but to not have a cyber insurance policy in place to assist in the situation, adds unneeded distress to the predicament.
A cyber insurance policy is as critical as the proactive measures put in place to ensure security policies, procedures, protocols and tools are up to date and implemented. Today’s cyber risk landscape is ever changing, and cyber criminals always look to stay one step ahead of their targets. It’s too important for a family office to go at it alone when it comes to protecting themselves from cybercrime.
At Atténuer Risk, we are focused on helping families build a risk management architecture that begins before placing policies and continues after policies are placed, including on the pernicious threat of cybercrimes. We work with you and your team to build a holistic risk architecture that includes a strategic risk management plan with key performance indicators to make sure risk mitigation tasks are being conducted with regularity.
Connect with us today to learn how we can work together.