2021 RIMS Conference Cyber Takeaways

RIMS LIVE 2021 recently took place; a conference considered the most comprehensive risk management event globally and a must-attend event for anyone providing services to risk professionals in 2021. It featured over 100 hours of risk management knowledge and insights surrounding everything cyber. The conference brought in dozens of industry expert speakers and held dozens of events throughout the week. 

Let’s discuss the key trends in cybersecurity and how they relate to CPAs, accountants, and professional service firms. 

Healthcare remains the top target

While many CPAs, accountants, and professional services firms don’t work in the healthcare industry exclusively, they should be following what’s going on with ransomware in the industry.

According to a 2020 Q4 Coveware report, although cybercriminals are attacking all industries, the healthcare industry remains one of their favorite targets. It makes up up 18 percent of all ransomware victims. 

We observed an increase in searches for and the sale of healthcare data on the dark web. As of November 2020, there has been a 45 percent spike in attacks, demonstrating the growing criminal interest in the sector.

Camille Charaudeau, VP of strategy at CybelAngel

Criminals search on the dark web specifically for unprotected databases, emails, passwords, and medical data. The most common flaws that give bad actors access include the misconfiguration of cloud networks, open databases, and poor, privileged access controls. 

The true cost of ransomware attacks

The primary threat for healthcare providers is now ransomware. For example, in 2020, 560 healthcare providers experienced ransomware attacks bringing the industry into the top three for these types of cyberattacks. The very nature of the healthcare industry and the time sensitivity involved make it a prime target for a ransomware attack.

Today, the average ransomware payment is $154,000, according to the same Coveware report above. This number represents a 34% decline as a result of an increase in refusals to pay. Additional costs involved with a ransomware attack outside of paying the ransom. An average ransomware incident results in 21 days of downtime and can be 5-10 times more expensive than the ransom payment.

Every cyber insurance and risk management stakeholder needs to understand how severe these downtime costs can be.  

Immediate actions following a ransomware attack

If your client suffers a ransomware attack, the first thing they should do is contact their data breach insurance provider to work with a vetted privacy attorney or “breach coach.” If they don’t have insurance find a privacy attorney or “breach coach”, as soon as possible.  There will be many tasks to navigate, and privacy attorneys and breach coaches are experts at helping their clients coordinate the must-do functions in the proper order. 

A breach coach will walk clients through a series of questions in the beginning stages of the investigation to help establish the scale and notification requirements. Typical questions asked include:

  • What kind of data do you have?
  • Where do you keep it?
  • Who has access to it?
  • How do you secure it?
  • When do you purge it?

Ransomware payment

Considering the cost of downtime, paying the ransom, although frustrating, is often the best way forward. When companies pay, they receive a decryption tool 96% of the time and can recover 92% of the data on average.

Victims and their representatives can consider asking cybercriminals to prove they have the tools ready to decrypt the data. A small sample of data can usually demonstrate this.  

Protecting against an attack

CPAs, accountants, and professional service firms can reduce the chance of ransomware attacks. A few simple steps include:

  1. Know the data you possess and how valuable it is.
  2. Training any additional staff on how to recognize attacks.
  3. Create file back-ups and evaluate bandwidth capabilities.
  4. Ensure only those who need the sensitive information have it.
  5. Stay updated on firewall and antivirus technology.
  6. Develop a plan for your business if a breach occurs.

It’s important to note that each state may have different laws regarding reporting data breach information. Consult with an attorney to understand your regulatory and fiduciary responsibilities for reporting breaches.

Communicating with your clients and all available channels can go a long way in protecting the reputation and future of your business. Share what you are doing to protect client information to protect trust and establish stronger relationships if a breach does occur. 

The final safety net

Before an incident occurs, it’s highly recommended that the insured talk to their insurer in detail. They need to understand how the claims process will work if something happens and get familiar with the individuals who will work with them.

One of the most important things for companies in all industries is that not all policies are created equal. Traditional property and casualty insurance were not designed to respond to cyber threats and cyber perils in general. Today, many standard property and casualty policies, such as general liability, property, crime, D&O, and professional liability, do not cover any cyber-related events and sometimes exclude them altogether.

Companies should be looking at supplementing their insurance with a standalone cyber solution. A robust cyber insurance policy acts as a hybrid product incorporating elements of first-party reimbursement expenses and third-party liability costs in the event of negligence lawsuits.

McGowanPro offers the cyber insurance companies need when the unexpected happens.