vbs logo bar
August/September 2018  Volume 16, Number 4        


Cyber Attacks on Workers Compensation

Cyber attacks have completely shutdown a number of businesses in the past and likely will in the future. What can you do to avoid or reduce your risk?

In 2017 cyber attacks on health systems shut down numerous hospitals and practice computer systems worldwide. These attacks resulted in malfunctioning systems, treatment and medicine production and delivery delays and ransomware attacks where money was demanded for digital keys to unlock the systems. All types of health delivery stakeholders, including workers compensation payers and recipients, were affected.

Your ability to provide workers compensation benefits to injured workers could be affected by cyber threats, either as a result of an attack on your providers or upon your own systems. So, it just makes sense to adopt an effective cyber risk management strategy and to find out what your providers are doing to manage their own exposure to cyber risk. Here are some guidelines:

Cyber Risk Management

The primary defense against cyber security loss is a well-designed and conscientiously maintained risk management program.

The first step is to identify vulnerabilities, including systems, procedures, programming and personnel. The next step is to control those vulnerabilities as much as possible. This short checklist covers the basics:

  1. Make sure all company computers have the latest security software, web browsers and operating systems to protect against viruses, malware and other online threats.
  2. Turn on automatic software updates, if that's an option. Many updates specifically address known security risks.
  3. Scan all new devices, including USB devices, before they are attached to the network.
  4. Use a firewall to keep criminals out and sensitive data in.
  5. Use spam filters. Spam can carry malicious software and phishing scams, some aimed directly at businesses.
  6. Adopt a privacy policy and post it on your website and other online sites. Your policy tells customers what information you collect and how you use it.
  7. Know what Personally Identifiable Information (PII) you're storing on your customers, including where you store it, how you use it, who can access it, and how you protect it. Delete any unneeded information.

No matter what firewalls, software and authentication protocols you've installed, your cyber security system is vulnerable if you're not educating your employees on avoiding risky behavior online. The Workplace Security Risk Calculator, available free at https://bit.ly/2JOFGgL, lets your employees gauge the level of risk their online behaviors pose. You can get more good advice from the National Cyber Security Alliance, a nonprofit public/private alliance that fosters cybersecurity and privacy for individuals and businesses. Check out their website at https://staysafeonline.org.

Cyber Liability Insurance Policies

Even with a cyber security plan in place, your business still needs a failsafe to protect it against cyber risk. Currently most standard commercial lines policies do not provide coverage for cyber risks. You need a special cyber liability policy. Due to the lack of actuarial data, however, it’s difficult to price. Insurers deal with this by evaluating each insured according its risk management procedures and risk culture. As a result, cyber risk coverages are more customized and, therefore, more costly.

The type and cost of cyber liability coverage offered by insurers is based on the type of business, its size and geographical scope, the number of customers it serves, its web presence, the type of data it collects and stores and other factors, including its risk management and disaster response plan.

Cyber liability policies might include one or more of the following types of coverage, according to the National Association of Insurance Commissioners:

  • Liability for security or privacy breaches. This would include loss of confidential information by allowing, or failing to prevent, unauthorized access to computer systems.
  • The costs associated with a privacy breach, such as consumer notification, customer support and costs of providing credit monitoring services to affected consumers.
  • The costs associated with restoring, updating or replacing business assets stored electronically.
  • Business interruption and extra expense related to a security or privacy breach.
  • Liability associated with libel, slander, copyright infringement, product disparagement or reputational damage to others when the allegations involve a business website, social media or print media.
  • Expenses related to cyber extortion or cyber terrorism.

For more information about cyber security insurance, please contact us.

[return to top]





In this issue:

This Just In...

Cyber Attacks on Workers Compensation

Nine Ways to Save on Workers' Comp Insurance

Auto-Related Workers Comp Claims on the Rise

Does Technology Have a Solution for Distracted Driving?



The information presented and conclusions within are based upon our best judgment and analysis. It is not guaranteed information and does not necessarily reflect all available data. Web addresses are current at time of publication but subject to change. SmartsPro Marketing and The Insurance 411 do not engage in the solicitation, sale or management of securities or investments, nor does it make any recommendations on securities or investments. This material may not be quoted or reproduced in any form without publisher’s permission. All rights reserved. ©2018 Smarts Publishing. Tel. 877-762-7877. https://smartspublishing.com