Dustyne Bryant, MBA, CIC, CISR
Dustyne Bryant is the Personal Lines Academic Director for The National Alliance for Insurance Education & Research. In her role, Dustyne collaborates with National Alliance faculty and industry colleagues to research and analyze Personal Lines segment trends, data, and coverage in an effort to deliver relevant and quality educational content to growing insurance professionals.
Recent tensions in eastern Europe are giving an increased cause of concern on cyber security. With the U.S. working to counter the tensions, a more prominent bullseye has been placed on cyber infrastructure, but not just for the U.S.
Cyberattacks are not new and have escalated since the Covid-19 pandemic which sent a great majority of the workforce into working from remote offices, by and large secluded from the protection of corporate information security. In 2013 Target Stores were subject to a cyber-attack on their credit card systems. The Colonial Pipe Lines was crippled for 5-6 days in 2021 following a cyber ransomware attack. CNA Financial was also hit with a cyber ransomware attack in March 2021 paying $40 million to the ransomware operators to release locked up computers and files and the losses were not fully recovered by CNA’s own Cyber Insurance.
Reports are coming fast that both large and small companies should be ramping up their efforts to be prepared for the possibility of increased cyber-attacks as tension in easter Europe continues. Are we close to seeing a cyber “war”?
A cyberwar is _____
Govinfo.gov provides that on September 30th, 2015, the Committee of Foreign Affairs of the House of Representatives convened to address the growing threats to U.S. National security as it pertains to cyberspace. At the time the term “cyberwar” was considered a new term and it was said that the Pentagon counts cyberspace as the fifth domain of warfare alongside land, air, sea, and space. Experts who presented to the committee all agreed that the Law of Armed Conflict applies in cyberspace. Unfortunately, the Committee did not come to a conclusion on what cyber “war” definitively means.
Source: https://www.govinfo.gov/content/pkg/CHRG-114hhrg96817/html/CHRG-114hhrg96817.htm
So, what is cyber “war” or, better yet, what could it be? That’s a great question and still, there appears to be no concrete definition of what constitutes “cyberwar.” The term is broadly ambiguous (and contested by some) but many articles, scholars, and the U.S. Government tend to dance around the term and discuss more how current laws might apply to a “cyberwar.” In generalization, cyber “war” is thought to be an act that causes disruption or destruction which may lend cause to a use of force.
What could a cyber “war” mean for individuals?
Many intelligence and security officials are urging that Americans should start considering how they can protect themselves from cyberattacks. The threat of cyberattacks to individuals specifically is low but the increasing threat to mass infrastructure is high which means the impact to individuals will be collateral damage simply because our lives are so dependent on technology.
Individuals can take the time now to lighten any temporary blow. Anyone in the Midwest who is used to tornado season, North/North East under blizzard conditions, or Gulf Coast during hurricane season understands what a temporary impact due to an emergency or disaster looks like. Consider the same emergency preparedness but fine-tune it to technology:
- Back up important files onto external drives
- Turn on MFA (Multi-Factor Authentication) wherever possible to ensure only you are logging into your devices and sites
- Reduce time on public WI-FI, or use a VPN (a virtual private network) when accessing public WI-FI
- With the possibility of supply chain disruption:
- Seek local resources like local farms and small businesses that source locally
- Have a small emergency supply. Understand that hoarding supplies is not practical or sustainable – (let’s not hoard the toilet paper again)
- Have cash on hand… don’t rush the banks, just have some cash on hand in case of a temporary disruption
- An emergency radio could come in handy along with solar flashlights or other similar emergency devices
Personal Cyber Insurance/Protection
We’ve all been aware of the threats to identity theft for a number of years, but a cyber threat is more than just identity theft as our lives have become ever more connected and dependent upon technology. Cyber extortion, ransomware that infiltrates expensive personal devices (phones, tablets, and computers), cyberbullying, cyber scams, deep fakes of an individual’s physical identity, and much more are all part of a person’s or family’s exposure to cyber risk. According to the FBI’s 2020 IC3 Report, phishing email scams represent an adjusted loss of over $54 million.
Homeowners or Renters policies are not likely to be much help. The newest edition of the Homeowners Policy (ISO HO 00 03 03 22) flat out excludes loss to business data stored in computers, credit cards, EFT cards, and to virtual currency (regardless of the name it’s known by). There is also some limited coverage for securities and account which might be maintained on computer software. Coverage does vary by carrier, so if a carrier does offer coverage it most likely must be added to the policy, is likely quite limited, and certainly does not represent coverage for all types of cyber risk an individual may face. But understand, even if coverage is present or can be purchased, the cause of loss must be one covered by the policy and war (even undeclared war) is specifically excluded.
Personal Cyber Coverage is newer to the Personal Insurance market even though cyber insurance has been present in the commercial or business insurance market space for a number of years. In the past, individual or Personal Cyber Coverage may have only been accessible to or thought to be useful for high-value or high-net-worth clients, but this is changing. A quick web search for personal cyber insurance will offer several possibilities for obtaining coverage at generally affordable prices.
Cyber coverage for individuals will vary greatly between insurance carriers so it is important to review the contract terms and agreements along with the advertised and stated coverages. One might generally expect coverage to help with counseling, access to technology restorative services, or reimbursement related to the financial impact resulting from a covered loss. But, again, review coverage terms carefully and understand that your (business or personal) insurance, even if it is cyber insurance, is not likely to cover events that are triggered by “acts of war” which is why it is ever more important to take steps toward reducing or managing your personal risk in this arena.
