Why Give Employees Cyber Security Training? Because Insurance May Not Cover Human Error
A rash of major cybersecurity incidents in recent months has caused billions in potential losses. According to Bloomberg, global shipping and logistics company Maersk filed for around $300 million in losses stemming from NotPetya attacks in early 2017. A new breed of cyber threats can spread like a worm through infected systems, hijacking administrator accounts to deepen their infection.
Stopping ransomworms like WanaCry and NotPetya once they have taken root can be difficult, but there is a solution: prevention. NotPetya first infected systems through deceiving end users into opening phishing emails or applying fake software updates. Once the infection was within systems, it could spread on its own.
In fact, human error is the root cause of many cyber attacks and data breaches. Just under a quarter of breaches were caused by human error, according to 2016 reports, and an additional 31% can be attributed to employees falling victim to phishing schemes.
With seven-digit losses on the line, insurance companies will be looking for ways to hedge against risk by including exclusions for certain breaches involving human error, poor judgment, and negligence. Employees will be increasingly expected to understand basic cybersecurity concepts, such as the importance of end-to-end data encryption. Some policies already do not cover losses related to theft of unencrypted data.
In turn, companies should respond with employee cybersecurity training. By taking steps to educate end users on how to recognize threats and follow security best practices, you can dramatically reduce your risk of having uncovered losses.
Cyber Security Insurance Exemptions on the Rise
Cybersecurity insurance is still a relatively new market and, as underwriters grow to understand it better, they will be taking steps to reduce their exposure to risk. One of these steps is to decrease the number of paid-out claims by applying blanket exclusions to cybersecurity coverage.
Popular chain restaurant P.F. Chang’s, for instance, had to absorb nearly $2 million in losses related to a contractual agreement with Bank of America Merchant Service since their cybersecurity policy did not cover contractual liabilities.
Human error will likely emerge as a similar common exclusion in the future. Just like how many car insurance companies will deny collision coverage if the driver was acting recklessly, companies with unaware end users could cause their cybersecurity loss claims to be denied. As a result, every company has a vested interest in upskilling and training all end users.
“It’s incredibly important to train your employees in data security best practices,” says Insureon executive vice president and CFO Jared Kaplan. He notes how 25% of data breaches in 2013 happened “not because of hacking, but because of human error. Another 14% were caused because of theft or loss of devices.”
How to Train Your End User Employees and Lower Cyber Security Risks
Cybersecurity training involves both basic knowledge of concepts, like encryption, and strict adherence to best practices, such as never copying passwords down in an unprotected file. End users must also be taught how to recognize suspicious activities so that they do not fall victim to phishing attacks and other types of intrusion vectors.
U.S. Computer Connection can provide employee cybersecurity training solutions as part of a comprehensive cybersecurity consulting, monitoring and risk assessment package. Let us help you reduce your risk of employees making a critical mistake that costs you — and your clients — dearly.
Learn about our customizable cyber security solutions and employee training packages when you contact us today.