The Expert Podcast

Every day, you see more and more news about cyber attacks and cyber hacks, but also more news about what's being done about them. There's a really good article from the state of Oregon in Bend, Oregon. It's a kind of resort-type town, a mid-sized town in the center of the state, where they hired a person specifically for cyber defense, cyber retention, or cyber protection. Cybersecurity risk and incidents are the new reality for this relatively small city, so they're recognizing that this is not a fad; it's not going away; it's not something that is here today and gone tomorrow. Companies, government agencies, and employers are all having to deal with this reality in different ways, either through insurance, IT protection, or usually both.

The city of Bend is taking proactive measures to protect the data of employees and citizens. This is important because we've all heard about the hacks and how a lot of consumer data is taken in these cyberattacks. This person is responsible for maintaining the city's cybersecurity program to detect, prevent, and respond to threats to employees and the public.

Now, if you run a small or medium-sized company, you probably have an IT person, but they're probably not dedicated to cyber defense, and they're probably not able to watch every single type of attack because you're only going to know about the ones that hit your company. What kind could those be? Well, here's a hosting company: a major hosting company lost all customer data after a ransomware attack. This was in Denmark, where ransomware attacks caused a loss of the majority of customer data, forcing the hosting provider to shut down all systems, including websites, email, and consumer sites. So look, you could not even be the company attacked, but if your hosting company is attacked, you still have the same problem. That's why it's important if you're looking at cyber liability insurance to see if there's coverage for third parties upstream or downstream. Not all policies cover that, and maybe you don't want to have that coverage because it's a little cheaper if you don't have it. Operational status remains problematic, so look, if this hosting company had a thousand customers with a thousand websites, all those websites are now dark; they're out of business, and that's going to create financial liability for the hosting company for the websites, maybe even third parties. If you are a business that relies on one of these websites for your ongoing operations and now your supply chain is affected, you may have a claim against your upstream provider or the hosting company, and this is a good example. Sadly, it's been impossible to recover more data. The majority of our customers have constantly lost all their data with us.

So if any of these companies had a cyber defense plan or a cyber insurance policy, they probably would have been aware that this was happening beforehand and maybe done a backup. Or, as your cyber insurance company may have told you, make sure you do backups on a regular basis because that's usually part of the proactive insurance requirements. Be aware that it's not always big companies that they go after. A lot of times, hackers go after smaller companies because they don't have the same level of technical defense that larger companies might have.