Why “Just Ticking The Boxes” Is A Bad Idea
Meet business owner Harry. Like most owners, Harry wears many hats during the day. Unfortunately, he doesn’t have time to think about cybersecurity. Instead, Harry is laser-focused on taking care of his customers—nothing else.
Harry heard a lot about ransomware. It seemed to be hitting companies of all sizes, and the costs were astronomical. So, Harry asked his insurance broker about it. Then, he signed up for cyber insurance.
Harry was distraught when he saw the cyber insurance questionnaire. It was over five pages long with IT-related questions.
Just Tick The Boxes—What Can Go Wrong?
Harry knew he needed to make some upgrades, so he asked his computer guy for help. Harry soon had new workstations, antivirus, firewalls, etc. He spent a lot of money. After, the IT guy told Harry he needed to have his network monitored. This, of course, came with a monthly charge—Harry refused. Enough was enough!
So, Harry answered the insurance questionnaire as best he could. He responded truthfully to those areas he knew he was covered. He fudged those where deficiencies existed. Who would know?
Then, one day Harry came into his office and turned on his computer. Staring at him was a prominent notice. His files were encrypted, and to get them back had to pay the hackers in Bitcoin within 48 hours. If he didn’t comply, he’d never see his files again.
With A Data Breach, Comes Responsibility And Loss
As soon as Harry saw the ransom message, he called his IT guy, lawyer, insurance broker, and accountant.
First, his IT guy told Harry his backups were corrupted. Harry never checked if his backups were viable, and he refused to pay for the service when offered by his IT guy.
Second, the lawyer said that Harry would need to report the incident since client data was stolen. He must also provide credit monitoring to affected customers.
Third, since Harry’s backups were not viable, he would have to pay the ransom to get his data back. His accountant mentioned that the Bitcoin ransom was equal to 20,000 dollars!
Harry paid the ransom and recovered most of his data. He also put in a claim to the insurance company for reimbursement. After all, he had cyber insurance!
Harry’s Insurance Refused To Pay
Before paying claims, all insurance companies investigate. The investigation showed that some protocols and systems were not in place. As a result, they concluded that Harry lied on the application.
The insurance company:
1. Refused to pay Harry’s claim.
2. Immediately canceled the cyber insurance policy.
3. Was considering filing charges against Harry for insurance fraud.
Harry had to bear the breach’s total cost and faced possible criminal charges as well.
The above story is not based on a real person. But, the circumstances can be very real.
Some are looking to “tick off the boxes.” But, unfortunately, they’re not serious about cybersecurity.
Cybersecurity is a commitment, a very real one. It has dire consequences if not done well.
Don’t be like Harry. Make this year one in which you commit to a complete cybersecurity program for your business. Be safe.
XSolutions is an IT Services Provider serving New York (NY), New Jersey (NJ), and Connecticut (CT). We provide Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection | Security Awareness Training. Call (845) 362-9675 for a free consultation.