Oak Creek Insurance Agency

  • About Us
    • Family of Companies
    • Our People
  • Services
    • Personal Insurance
    • Business Insurance
    • Landscape Contractors Insurance
  • Newsletter
  • Contact

August 5, 2014 By Julian Aston

IN: Is Your Customer Information Properly Safeguarded Online?

Dear Valued Customer,

This issue of the “—————–” is focused on Cyber Security. Hundreds of millions of million data records of U.S. residents have been exposed due to security breaches, and businesses rely on their use of technology and access to the Internet. This reliance increases the potential for data security and privacy breaches.

Read on to understand the growing threat posed by high profile mega data breaches like those recently experienced at eBay, Target, Neiman Marcus and even the U.S. government. What does this mean to your personal security? And why most companies have cyber-risk gaps in their insurance coverage.

We appreciate your continued business and look forward to serving you.

Kind regards,

Filed Under: Commercial, Cyber/Digital, Identity Theft, Theme 102

August 5, 2014 By Julian

Cyber Risks: The Growing Threat

People_ManWithBinoculars

Amid a rising number of high profile mega data breaches—most recently at eBay, Target and Neiman Marcus—government is stepping up its scrutiny of cyber security. This is leading to increased calls for legislation and regulation, placing the burden on companies to demonstrate that the information provided by customers and clients is properly safeguarded online.

Despite the fact that cyber risks and cyber security are widely acknowledged to be a serious threat, many companies today still do not purchase cyber risk insurance. However, this is changing. Recent legal developments underscore the fact that reliance on traditional insurance policies is not enough, as companies face growing liabilities in this fast-evolving area.

Specialist cyber insurance policies have been developed by insurers to help businesses and individuals protect themselves from the cyber threat. Market intelligence suggests that the types of specialized cyber coverage being offered by insurers are expanding in response to this fast-growing market need.

There is also growing evidence that in the wake of the Target data breach and other high profile breaches, the number of policies is increasing, and that insurance has a key role to play as companies and individuals look to better manage and reduce their potential financial losses from cyber risks in future.

For an analysis of the state of cyber risk and the insurance industry, download the full White Paper below.

Please click on the file name below to view the white paper in PDF format. You will need Adobe Acrobat Reader to view the file.

Download paper_cyberrisk_2014.pdf

 

Source: Insurance Information Institute, “Cyber Risks: The Growing Threat” http://www.iii.org website. Accessed November 16, 2015. http://www.iii.org/white-paper/cyber-risks-the-growing-threat

© Copyright 2016. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

Filed Under: Commercial, Cyber/Digital, Identity Theft, Theme 102

August 5, 2014 By Julian

Identity Theft & Cyber Security

Money_People_IdentityThiefHandsComputer

The 2015 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen from 12.7 million U.S. consumers in 2014, compared with $18 billion and 13.1 million victims a year earlier. There was a new identity fraud victim every two seconds in 2014.

New account fraud also declined in 2014, according to the study. New account fraud occurs when a thief opens a new credit card or other financial account using the victim’s name and Social Security number. The thief runs up debts and leaves the victim responsible for the unpaid bills, and damaging the victims’ credit score. New account victims are three times more likely to take a year or more to discover that their identities were misused compared with other types of fraud, such as thieves taking control of existing non-credit card financial accounts. This allows criminals to use the victim’s identity for a long period, which can result in greater harm to consumers in the form of financial losses and problems with credit history and credit scores.

Of all demographic groups, students indicated the least amount of concern about fraud occurring, with about 65 percent saying they were not very concerned about fraud. Yet, this group is more likely than other demographic groups to perceive significant effects due to the occurrence of fraud (15 percent experiencing moderate or severe impact). Students are also the least likely to detect identity fraud themselves. In fact 22 percent of students who were victims of identity theft were notified of the fraud either by a debt collector or when they were denied credit, three times more frequently than other fraud victims.

IDENTITY THEFT AND FRAUD COMPLAINTS

The Consumer Sentinel database, maintained by the Federal Trade Commission (FTC), contains over 10 million consumer fraud and identity theft complaints that have been filed with federal, state and local law enforcement agencies and private organizations from 2010 to 2014. In 2014 over 2.5 million complaints were filed.

Of the 2.5 million complaints received in 2014, 60 percent were related to fraud, 13 percent were related to identity theft, and 27 percent were for other consumer complaints. The FTC identifies 30 types of complaints. In 2014, for the 15th year in a row, identity theft was the No. 1 type of complaint among the 30 categories, accounting for 332,646 complaints, followed by debt collection, with 280,998 complaints. Internet services, with 46,039 complaints, ranked tenth.

IDENTITY THEFT AND FRAUD COMPLAINTS, 2012-2014 (1)

170_2016.gif

(1) Percentages are based on the total number of Consumer Sentinel Network complaints by calendar year. These figures exclude “Do Not Call” registry complaints.

Source: Federal Trade Commission.

View Archived Graphs

HOW VICTIMS’ INFORMATION IS MISUSED, 2014 (1)

Type of identity theft fraud Percent
Government documents or benefits fraud 38.7%
Credit card fraud 17.4
Phone or utilities fraud 12.5
Bank fraud (2) 8.2
Attempted identity theft 4.8
Employment-related fraud 4.8
Loan fraud 4.4
Other identity theft 21.8

(1) Percentages are based on the total number of complaints in the Federal Trade Commission’s Consumer Sentinel Network (332,646 in 2014). Percentages total to more than 100 because some victims reported experiencing more than one type of identity theft.
(2) Includes fraud involving checking, savings and other deposit accounts and electronic fund transfers.

Source: Federal Trade Commission.

View Archived Tables

IDENTITY THEFT BY STATE, 2014

State Complaints per
100,000 population (1)
Number of
complaints
Rank (2) State Complaints per
100,000 population (1)
Number of
complaints
Rank (2)
Alabama 77.7 3,770 22 Montana 57.2 585 40
Alaska 73.6 542 29 Nebraska 48.6 914 46
Arizona 96.0 6,460 9 Nevada 100.2 2,846 8
Arkansas 83.6 2,481 15 New Hampshire 54.7 726 41
California 100.5 38,982 7 New Jersey 79.9 7,144 19
Colorado 85.5 4,579 13 New Mexico 77.2 1,611 23
Connecticut 85.4 3,071 14 New York 80.8 15,959 17
Delaware 78.1 731 21 North Carolina 73.8 7,334 27
Florida 186.3 37,059 1 North Dakota 43.1 319 48
Georgia 112.7 11,384 5 Ohio 79.0 9,161 20
Hawaii 40.9 580 49 Oklahoma 68.5 2,656 32
Idaho 58.9 962 39 Oregon 124.6 4,946 3
Illinois 95.6 12,317 12 Pennsylvania 81.7 10,446 16
Indiana 68.2 4,498 33 Rhode Island 66.2 699 34
Iowa 48.5 1,506 47 South Carolina 73.3 3,540 30
Kansas 65.2 1,892 35 South Dakota 36.3 310 50
Kentucky 53.4 2,358 43 Tennessee 76.2 4,993 24
Louisiana 73.8 3,430 27 Texas 95.9 25,843 10
Maine 52.1 693 44 Utah 53.9 1,586 42
Maryland 95.9 5,734 10 Vermont 64.2 402 36
Massachusetts 75.8 5,116 25 Virginia 71.1 5,921 31
Michigan 104.3 10,338 6 Washington 154.8 10,930 2
Minnesota 59.2 3,229 38 West Virginia 61.4 1,136 37
Mississippi 80.5 2,409 18 Wisconsin 74.4 4,283 26
Missouri 118.7 7,195 4 Wyoming 49.1 287 45

(1) Population figures are based on the 2014 U.S. Census population estimates.
(2) Ranked per complaints per 100,000 population. The District of Columbia had 142.8 complaints per 100,000 population and 941 victims. States with the same ratio of complaints per 100,000 population receive the same rank.

Source: Federal Trade Commission.

View Archived Tables

See also the Identity Theft section of our Web site Click Here

CYBERCRIME

As businesses increasingly depend on electronic data and computer networks to conduct their daily operations, growing pools of personal and financial information are being transferred and stored online. This can leave individuals exposed to privacy violations and financial institutions and other businesses exposed to potentially enormous liability, if and when a breach in data security occurs.

In 2000 the Federal Bureau of Investigation, the National White Collar Crime Center and the Bureau of Justice Assistance joined together to create the Internet Crime Complaint Center (IC3) to monitor Internet-related criminal complaints. In 2014 the IC3 received and processed 269,422 complaints, averaging about 22,500 complaints per month. The IC3 reports that 123,684 of these complaints involved a dollar loss and puts total dollar losses at over $800 million. The most common complaints received in 2014 involved auto and real estate fraud and government impersonation email scams.

Interest in cyber insurance and risk has grown in 2014 and 2015 as a result of high-profile data breaches, including a massive data breach at health insurer Anthem that exposed data on 78.8 million customers and employees, and another at Premera Blue Cross that compromised the records of 11 million customers. The U.S. government was targeted by hackers in two separate attacks in May 2015 that compromised personnel records on as many as 14 million current and former civilian government employees. A state-sponsored attack against Sony Pictures Entertainment, allegedly by North Korea, made headlines in late 2014.

Cyberattacks and breaches have grown in frequency, and loss costs are on the rise. In 2014 the number of U.S. data breaches hit a record 783, with 85.6 million records exposed. The majority of the 783 data breaches in 2014 affected medical/healthcare organizations (42.5 percent of total breaches) and business (33.3 percent), according to the Identity Theft Resource Center. In the first half of 2015 some 400 data breach events were publicly disclosed, with 117.6 million records exposed. These figures do not include the many attacks that go unreported. In addition, many attacks go undetected. Despite conflicting analyses, the costs associated with these losses are increasing. McAfee and the Center for Strategic and International Studies (CSIS) estimated the likely annual cost to the global economy from cybercrime is $445 billion a year, with a range of between $375 billion and $575 billion.

NUMBER OF DATA BREACHES AND RECORDS EXPOSED, 2005-2015

168_2016.gif

(1) As of June 30, 2015.

Source: Identity Theft Resource Center.

CYBERCRIME COMPLAINTS, 2010-2014 (1)

169_2016.gif

(1) Based on complaints submitted to the Internet Crime Complaint Center.

Source: Internet Crime Complaint Center.

View Archived Graphs

TOP 10 STATES FOR CYBERCRIME, 2014

Rank State Percent (1)
1 California 12.54%
2 Florida 7.56
3 Texas 6.87
4 New York 5.85
5 Pennsylvania 3.30
6 Illinois 3.14
7 Virginia 2.88
8 New Jersey 2.85
9 Washington 2.59
10 Ohio 2.48

(1) Percent of complaints submitted to the Internet Crime Complaint Center via its website.

Source: Internet Crime Complaint Center.

View Archived Tables

Source: Insurance Information Institute, “Identity Theft and Cyber Security” http://www.iii.org website. Accessed November 17, 2015. http://www.iii.org/fact-statistic/identity-theft-and-cyber-security

© Copyright 2016. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

Filed Under: Commercial, Cyber/Digital, Identity Theft, Theme 102

August 5, 2014 By Julian

Most Companies Have Cyber-Risk Gaps In Their Insurance Coverage

Workers_ManLeadingMeetingAs companies become more dependent on their computer networks for vital data, business continuity and communications, their vulnerability to cyber catastrophes increases.

“Unfortunately, most companies are operating in a 21st century threat environment with 20th century insurance coverage,” states John Spagnuolo, spokesperson for the Insurance Information Institute (I.I.I.). “The dynamics of risk management have changed with technology.”

The insurance industry has developed cyber insurance products to help businesses confront the growing number of network security risks that have the potential to shutdown a network, destroy vital data or steal customer information. For example, as the public becomes more concerned about privacy, businesses will become more aware that they are liable if their customers’ personal information is compromised. However, only a small number of businesses are properly insured.

According to a recent Ernst & Young survey of 1,400 organizations in its 2003 Global Information Security Survey, only seven percent of respondents knew they had a specific insurance policy geared to this network and cyber-risk. Nearly a third (33 percent) thought they had coverage they actually lacked. Another 34 percent knew they lacked such coverage, while 22 percent didn’t know the answer. Ernst & Young characterized the fact that only 7 percent of surveyed companies had cyber insurance as “astonishingly low, given the risk environment and the fact that general policies don’t provide such coverage.”

Regardless of its product line or service, virtually all major businesses today rely on computer networks to function,” adds Spagnuolo. “But they need to recognize that network security risks are fundamentally different than traditional physical risks like fire. If a hacker or virus shuts down a network or destroys computer software or data, most businesses today have either limited or no coverage. Insurers have excluded these risks from standard commercial policies and are now offering stand alone coverage. Whether your company conducts business over the Internet, stores customer data on servers or simply uses email, it is at risk.”

The Risk

In fact, the number of incidents reported rose by 377 percent between 2000 and 2002, increasing from 21,756 to 82,094, according to the CERT® Centers at Carnegie Mellon University’s Software Engineering Institute, which focuses on ensuring the integrity and survivability of computer networks. An incident may involve one site or possibly thousands of sites. The CERT® Centers also indicate that the number of potential system vulnerabilities has increased by 378 percent, increasing from 1,090 in 2000 to 4,129 in 2002. Possible effects of a cyber attack include denial of service, unauthorized use, loss/misuse of data and loss of public confidence regarding an organization.

The Computer Security Institute (CSI), in cooperation with the Computer Intrusion Squad of the San Francisco Federal Bureau of Investigation (FBI), released the results of its 2003 Computer Crime and Security Survey. More than 250 respondents, which included computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities, reported over $200 million in losses. According to CSI, the findings confirm the threat from computer crimes and other information security breaches continues unabated.

“The trends the CSI/FBI survey has highlighted over the years are disturbing,” states Chris Keating, CSI Director. “Cyber crimes and other information security breaches are widespread and diverse. Fully 92 percent of respondents reported attacks.”

The number of intruders grows each day and they are quite different from those of 10 years ago. A hacker does not have to be a sophisticated programmer to be able to harm a computer system. Intruders can use the Internet to educate themselves, and now have access to easy-to-use tools which allow them to do large amounts of damage in short periods of time.

“Intruders could be professional criminals, terrorists, industrial spies, teenagers and perhaps even employees,” emphasizes Spagnuolo.

Cyber-Risk and Homeland Security

Securing the nation’s cyberspace is also a critical element of homeland security, a strategic challenge that requires commitments by both the public and private sectors.

According to the National Strategy to Secure Cyberspace, released by the Bush Administration earlier this year, “Cyber attacks on U.S. information networks can have serious consequences such as disrupting critical operations, causing loss of revenue and intellectual property or loss of life?There is no special technology that can make an enterprise completely secure. No matter how much money companies spend on cybersecurity, they may not be able to prevent disruptions caused by organized attackers. Some businesses whose products or services directly or indirectly impact the economy or the health, welfare or safety of the public have begun to use cyber-risk insurance programs as a means of transferring risk and providing for business continuity.”

“The insurance industry can play a pivotal role in securing cyberspace by creating risk-transfer mechanisms, working with the government to increase corporate awareness of cyber-risks and collaborating with leaders in the technology industry to promote best practices for network security,” says Richard Clarke, former chairman of the President’s Critical Infrastructure Protection Board.

By writing policies for network security exposures, the insurance industry is providing:

  1. Vital risk transfer for network security exposures;
  2. Incentives for network security best practices, including lower insurance premiums; and
  3. Improved cyber-risk management and education.

Coverage

“Traditional insurance policies such as standard property and commercial general liability insurance do not adequately deal with the risks of a cyber attack or network security failure,” cautions Spagnuolo.

Specialized cyber-risk coverage is available primarily as a stand-alone policy. Each policy is tailored to the specific needs of a company, including the technology being used and the level of risk involved. Both first- and third-party coverages are available, including:

  • Loss/Corruption of Data – covers damage to or destruction of valuable information assets as a result of viruses, malicious code and Trojan horses.
  • Business Interruption – covers loss of business income as a result of an attack on a company’s network that limits the ability to conduct business, such as a denial-of-service computer attack. Coverage also includes extra expense, forensic expenses and dependent business interruption.
  • Liability – covers defense costs, settlements, judgments and, sometimes, punitive damages incurred by a company as a result of:
    • Breach of privacy due to theft of data (such as credit cards, financial or health related data),
    • Transmission of a computer virus or other liabilities resulting from a computer attack, which causes financial loss to third parties,
    • Failure of security which causes network systems to be unavailable to third parties,
    • Rendering of Internet Professional Services, and
    • Allegations of copyright or trademark infringement, libel, slander, defamation or other “media” activities in the company’s web site.
  • Cyber Extortion – covers the “settlement” of an extortion threat against a company’s network, as well as the cost of hiring a security firm to track down and negotiate with blackmailers.
  • Public Relations – covers those public relations costs associated with a cyber attack and restoring of public confidence.
  • Criminal Rewards – covers the cost of posting a criminal reward fund for information leading to the arrest and conviction of the cyber-criminal who attacked the company’s computer systems.
  • Cyber-Terrorism – covers those terrorist acts covered by the Terrorism Risk Insurance Act of 2002 and, in some cases, may be further extended to terrorist acts beyond those contemplated in the Act.
  • Identity Theft – provides access to an identity theft call center in the event of stolen customer or employee personal information.

Depending on the policy, coverage can apply to both internally as well as externally launched attacks as well as viruses which are specifically targeted against the insured or widely distributed across the Internet. Premiums can range from a few thousand dollars for base coverage for small businesses (less than $10 million in revenue) to several hundred thousand dollars for major corporations desiring comprehensive coverage.

Risk Prevention Services

As part of the application process, some carriers offer an on-line and/or on-site security assessment free of charge regardless of whether the applicant purchases the insurance. This is helpful to the underwriting process and also provides extremely valuable analysis/information to the company’s chief technology officer, risk manager and other senior executives.

The Market

“Thousands of policies have been written for cyber coverage since the late 1990s,” according to Robert Hartwig, chief economist for the Insurance Information Institute. “Policies written for cyber insurance are likely to reach $2 to $3 billion within the next four to five years as companies recognize existing gaps in their coverage.”

cent legislation and regulation such as the Gramm-Leach-Bliley Act (GLB), Health Insurance Portability and Accountability Act (HIPAA) and California’s Security Breach Information Act (SB 1386), effective 7/1/2003, are also expected to substantially increase potential legal liabilities in this area, increasing the need and demand for cyber-risk insurance coverage.

Source: Insurance Information Institute, “Most Companies Have Cyber-Risk Gaps in Their Insurance Coverage, States The I.I.I. — Traditional Insurance Policies Not Adequate For Cyber Exposures” http://www.iii.org website. Accessed November 17,2015.  http://www.iii.org/press-release/most-companies-have-cyber-risk-gaps-their-insurance-coverage-states-iii-traditional

© Copyright 2016. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

Filed Under: Commercial, Cyber/Digital, Identity Theft, Theme 102

OakCreek_Button_CallUs OakCreek_Button_PersonalInsuranceQutoe OakCreek_Button_BusinessInsuranceQutoe OakCreek_Button_LandscapeContractorsQutoe



Copyright © 2023 · Oak Creek Insurance Agency. All Rights Reserved. Oak Creek Insurance Agency a division of Landscape Contractors Insurance Services, Inc.
1835 N. Fine Ave | Fresno CA 93727 | Tel 800.628.8735 | Fax 559.650.3558 CA LIC # 0755906 Site design by INTOUCH.