Cybercrime: Are You Prepared?

OCTOBER 3, 2023

No one is immune from cybercrime. Large corporations, government facilities, family businesses and individuals are all prey for hackers. In 2022, Americans lost $10.3 billion to a wide variety of internet scams.¹

According to the FBI’s Internet Crime Complaint Center (IC3), more than 2,000 complaints are reported daily. Further, Donna Gregory, the unit chief at IC3, states only 10% to 12% of cybercrime victims reach out for help.²

Keeping up with criminals on the dark web is daunting for those who aren’t technologically inclined. However, turning a blind eye to holes in your cybersecurity is no longer an option.

Consider these facts about the dark web:

• For $1, you can get the tools to install a malware application on someone’s PC.
• For $3, you can get someone’s date of birth and social security number.
• For $25, you can get a digital copy of a fake driver’s license or passport.

A small investment for a hacker can lead them to great rewards. As if those facts are not scary enough, consumers are making it easy for hackers to access their personal information. According to a survey conducted by Chubb, half of consumers in the U.S. and Canada, including the wealthiest families, continue to use the names of their pets, or a similarly identifiable names or dates, for their new passwords.³ It’s time the public educates themselves on cybersecurity.

Cybersecurity: Where Do You Start?

In 2022, Chubb found that 92% of consumers are concerned about a cyber breach exposing their personal information or identity — but only 51% are doing anything about it. Proactive steps are necessary to keep your personal information and finances safe. Begin with these cyber threat mitigation efforts:

• If you do not recognize the sender, delete the text or email.
• Navigate directly to trusted sources via your web browser (if you’re on your computer, your browser should be protected by antivirus and spyware software that you’ve purchased and installed).
• Be wary of social media posts, articles or links that promise free offers, as these can be fraudulent attempts to access your personal information.
• Never provide personal or financial information online or via a telephone solicitation.
• Do not allow your computer to autofill passwords.
• Do not access financial or other personal accounts on public Wi-Fi or on a mobile device.

For more best practices, see USI’s Cyber Safety Checklist.

Bringing in an expert third party to evaluate your cybersecurity, although scary, is necessary. Once completed, the auditor provides a list of prioritized recommendations to strengthen your defenses. Failure to prioritize your risks could result in areas of weakness in your risk management strategy.

What Do You Do Next?

After your audit is completed, it’s time to create a plan of action or framework. The framework should outline your approach to cybersecurity and address the prioritized concerns uncovered by your audit.

While the goal of the framework is to prevent criminal activity, it must also be user-friendly. As you build out your action plan, create a best practice guide and implement controls to ensure everyone is adhering to those practices. The framework should be viewed as a fluid document. Revisit it regularly to keep it up to date as new threats arise.

You Implemented a Plan — Now What?

Keep investing, learning and improving security. One of the easiest ways to improve security is to install updates. According to cybersecurity firm Artic Wolf, “a system with out-of-date software is like a house with doors cracked open or windows thrown wide. By leaving software updates uninstalled, you’re leaving openings for cybercriminals to exploit.”⁴

It’s impossible to eliminate all risks, so, focus on the most significant risks and address them accordingly. If you are hacked, have a strategy in place to allow a quick rebound to avoid significant disruption.

You Took All the Steps and Still Got Hacked. What Now?

Even if you do everything right, there is still a chance your efforts may be futile. You should have a backup plan. This is where cyber insurance comes into play.  

Cyber insurance is not a one-size-fits-all type of coverage. USI Insurance Services recommends working with a trusted advisor to create a custom-tailored policy that meets your needs.

Remember, cyber insurance should be a last resort. Chubb also reported that cyber policyholders are less likely to take precautions to protect themselves compared to those without cyber coverage. Creating a holistic risk management plan around your cyber needs is the best, most prudent course of action.