Every business, regardless of sector or industry, is covered by a privacy law or regulation. In our last two posts we addressed common cybersecurity threats, and the different types of cybersecurity exposures. In today’s post, we look at types of civil and regulatory liability created by state and federal law.
A critical component of a good cybersecurity plan is an analysis of the insurance policies to make sure they cover the kinds of loss that leave your business most vulnerable. In our last post, we covered one of the most common cyber threats, the CEO Fraud or Business Email Compromise. Businesses that fall victim to the CEO Fraud suffer what is known as a first-party loss, which is not covered by many cyber insurance policies.
One of the most common causes of loss for businesses in the cyber sphere is so-called CEO Fraud, or Business Email Compromise (BEC). According to the FBI’s Internet Crime Complaint Center (IC3), “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.” CEO Fraud is usually initiated by an email that appears to come from a high-level executive and instructs a lower-level employee to immediately wire a large amount of money to a business account because it’s critical for a client, an account, or a transaction. These fake emails or “spoofed” emails are commonly referred to as “phishing” attacks.