Insurance a second line of defence against cyberattack losses

Insurance a second line of defence against cyberattack losses

DAVID ISRAELSON | The Globe and Mail

Even if small or medium-sized businesses do everything to protect themselves against hackers, they may want to consider a second line of defence – cyberliability insurance.

It’s relatively new, but it’s a growing area for insurance companies. And with the advent of worldwide threats such as the recent WannaCry ransomware virus, it is suddenly a more urgent consideration than ever.

“We haven’t had a lot of requests so far, but it’s a huge field,” says Mark Lipman, president of Consolidated Insurance Brokers Ltd. in Toronto.

By the end of last year, the worldwide market for cyberinsurance was about $3-billion (U.S.), according to a report from Allied Market Research of Portland.

The market is expected to grow year over year by 28 per cent and reach $14-billion in gross premiums by 2022, Allied’s report says.

Mr. Lipman says that, to date, the SMBs his brokerage deals with tend to add on a small amount of cyber-related coverage to their standard commercial policies.

“It’s usually around $25,000 in coverage – which costs an extra $100 on a $1,000 commercial policy,” he says.

Mr. Lipman adds that his firm recommends that SMBs boost their coverage, because of the ever-growing risk of cyberattacks. “We put it [a recommendation] in all the letters we send, either to take coverage or to increase it.”

While this may sound like a self-serving sales pitch by insurers, trends and statistics suggest that the threat of attacks on SMBs is not only real, but also growing fast.

“Cybersecurity insurance is becoming a must-have for most businesses. There is simply no way for an organization to be completely protected from a breach,” say Rohit Sethi, chief security officer for Security Compass, a Toronto-headquartered firm that provides tech-based protection for corporate data.

“This is especially true for SMBs who rarely have security teams on staff and can scarcely afford many leading-edge security solutions. Insurance helps mitigate the financial impact to any company, but every business should treat it as an additional safeguard,” he says.

Small businesses appear to be growing targets for phishers, spear-phishers and cyber-ransomers. A report by security firm Symantec noted in 2014 that attackers targeted small businesses 34 per cent of the time – an increase from 11 per cent just three years before.

Lawyer Lisa Lifshitz, a partner at Toronto firm Torkin Manes LLP, says it has been estimated that criminals launch 3.5 new digital threats against SMBs every second.

Writing in Canadian Lawyer magazine, she said that, “29 per cent of all small businesses have experienced a computer-based attack that affected their reputations, involved the theft of business information, resulted in the loss of customers or experienced network and data centre downtime.”

While any SMB can be a cybercriminal’s target and suffer damage, the risk goes up if the business’s data is ultrasensitive. Since 2014, LawPro, the mandatory insurance program covering Ontario-based lawyers, includes coverage for up to $250,000 for cybercrime.

This coverage is “modest” for firms whose data can easily be compromised in, say, a $1-million residential real-estate deal. “We say modest because, like the fraud risks the profession has faced over the years, there is no way to predict the total possible exposure,” LawPro says.

Lawyers (and others) should always look to what’s covered and what’s not covered in their cyberpolicies, says Addison Cameron-Huff, a Toronto-based tech lawyer. “The interesting part of every policy is the exclusions,” he says.

Indeed, LawPro cautions its lawyer policy holders to “remember that any losses from cybercrime that are not connected with the provision of legal services will not be covered … [such as] damage to equipment or software, business interruption and reputational harm.”

Lawyers, and any other SMBs, can buy coverage that either pays out more or includes more possible types of losses. But it’s buyer beware, Ms. Lifshitz warns.

“Every insurance company deals with coverage differently. There are always going to be carve-outs” for situations that insurers won’t cover, she says.

Speaking in an interview, Ms. Lifshitz adds that insurance companies will do their own due diligence of SMBs before offering coverage. It’s the equivalent of having an inspector come to your house to see whether you have railings and fire alarms before you get home coverage.

If a smaller entity hasn’t taken the steps to become cyberinsurance ready, they’re not going to get coverage, she says.

The Insurance Bureau of Canada has published a checklist for businesses looking for cyberinsurance. These businesses should ask themselves:

– How many records with personal information does your company keep?

– How much sensitive commercial information do you keep?

– What security do you have in place that might reduce your insurance premium?

– Do you need to encrypt all your laptops, phones and tablets?

– Do any third parties you deal with have unencrypted media?

– Would you be able to make a claim on the policy you choose even if you haven’t discovered a breach for several months or years?

Cyber mortgage fraud on the rise, lenders warn

Cyber mortgage fraud on the rise, lenders warn

Excerpted article was written by Duncan Hughes | Financial Review

Sophisticated mortgage fraud using authentic digital applications are on the rise, according to fraud experts tracking an estimated $1 billion in fraudulent credit applications each year.

Connective, a leading mortgage and service provider to broker networks, is warning about an increase in the use of new technologies being used to  deceive lenders and brokers.

“Technological advancements of digital applications enable people to create documents or change existing documents to be more and more authentic looking,” said Paul Palmer, a compliance manager for Connective, which claims to play a role in 10 per cent of the nation’s mortgages.

Mr Palmer warned there is a “significant increase” in the number of suspicious loan application referrals to mortgage brokers from real estate agents or other mortgage brokers.

 A referral is when one agent refers a client to another agent in return for potential future work.

“New-to-industry brokers are being targeted by people who have clients that can only service or get a loan through submitting fraudulent applications,” Mr Palmer said.

The cost of financial fraud in Australia is growing by more than one third a year, according to analysis by Equifax, which monitors data provided by the nation’s big four banks, international financial institutions, telecom providers and other credit providers.

Mortgage fraud increased by 13 per cent, the third fastest increase after personal loan (16 per cent) and consumer credit card (47 per cent) fraud, Equifax’s analysis reveals.

Imelda Newton, general manager, said online fraud and an 80 per cent increase in stolen identities – the fastest growing type of fraud – are fuelling the rapid increase.

More than 70 per cent of frauds happen in Melbourne and Sydney, with the highest concentrations in Sydney’s Parramatta and Melbourne’s north-west.

Identity fraud happens where genuine identity is stolen from an individual and misused for financial gain.

Other major causes of mortgage fraud include falsifying personal details, payslips, bank statements and tax assessments; failing to disclose debts, lying about financial commitments and fabricating identity.

“We see a lot of differences in fonts, in key financial data, and a lot of mathematical errors,” said Mr Palmer, who recommends brokers get certified identification.

Australian Securities and Investments Commission investigated 583 cases of misappropriation, theft and fraud in the six months to the end of August last year, a 3 per cent increase on the previous 12 months.

Online applications account for more than half of fraudulent applications followed by brokers, according to Equifax’s analysis of channels used by fraudsters.

Matthew Bransgrove, a lawyer with Bransgroves Lawyers and mortgage fraud specialist, said lenders and other financial institutions are not keen to admit the amount of fraudulent activity.

Mr Bransgrove said fraudulent activities range from opportunistic individuals to criminal networks that pay bogus loan applicants to submit fraudulent applications using false information.

“The fraudsters would not be doing it if they were not winning,” he said.

Local lenders began cracking down on overseas loan applications last year when they discovered a large number of applications were fraudulent.

For example, The Australian Financial Review recently revealed foreign real estate buyers paid about $200 each for forged bank income and spending statements used in mortgage applications, mortgage industry sources said.

Bilingual lending experts said a loan application in Chinese was a “ludicrously obvious forgery” for a $960,000 loan to purchase a $1.06 million Sydney apartment.

Since then, most of the loans have been stopped or are subject to stricter lending criteria. Self-employed applicants need to provide confirmation the business has been running longer than two years and details of ownership structure. There are also much more stringent checks on documents and identity.

Connective’s group legal counsel, Monique Hope-Pearson, said: “Culture and fraud continue to be big ticket items for the regulator. As an industry, we need to work together to ensure that all players are acting ethically and doing the right thing.”

Ms Hope-Pearson said it conducts regular review, provides policies, procedures and training to ensure compliance.

Read more: http://www.afr.com/personal-finance/cyber-mortgage-fraud-on-the-rise-lenders-warn-20170328-gv8m85#ixzz4crGT7xaf
Follow us: @FinancialReview on Twitter | financialreview on Facebook

2 Toronto residents face 18 forgery charges in ‘secret shopper’ fraud probe

The Royal Canadian Mounted Police and Toronto police say two Toronto residents are facing a total of 18 forgery charges arising from a nine-month investigation into what investigators are calling a “sophisticated mass-market text fraud.”

The investigation began in January when the RCMP was alerted by HCM Staffing Solutions that forged cheques bearing their company logo were being deposited by alleged victims in a so-called secret shopper fraud.

Police say they seized equipment capable of sending out 96,000 texts per day to random Canadians, allegedly in an attempt to victimize them, from a west-end Toronto apartment.

Investigators called the apartment a one-stop shop for sending text solicitations and forging cheques that appeared to be from reputable businesses.

It’s alleged those who responded to the text received a custom-forged cheque, which they were to deposit into their own bank account and then wire the money overseas to alleged confederates of the accused.

Police say when the bank discovered the forgery, it was the victim who had to repay the money and investigators allege each batch of 96,000 text messages had the potential to result in approximately $400,000 being stolen from Canadians.

In addition to HCM Staffing Solutions, Goeasy Ltd., and Ivari Insurance were among the Canadian companies whose logos were used.

Police say anyone who receives a cheque in the mail is urged to contact the company purported to have issued it to confirm its authenticity prior to depositing it.

 

Cybersecurity Incidents In Canada Increased by 160% Year Over year

TORONTO – According to PwC’s Global State of Information Security® (GSISS) Survey 2016, Canadian companies are taking steps towards establishing holistic, integrated safeguards against cyberattacks. While investment in safeguards against cybersecurity threats have increased by 82% year over year, it still accounts for an average of only 5% of overall IT (Information Technology) spending.

Because of the impact cybersecurity attacks can have on the overall health of a company and a brand, boards are playing an increasingly significant role in informing the development of cybersecurity strategies. In fact, this year’s report found that 50% of Canadian companies surveyed indicated that their board participates in defining their organization’s security budgets, compared to only 25% in 2014.

As part of an expanding digital service offering PwC Canada is launching, Game of Threats™, a digital game that simulates the speed and complexity of real-world cyber breaches to help executives better understand how to resource and protect companies. Using gaming theory, the interactive game replicates real-world challenges faced by companies on a daily basis.  Users will learn about different threats, identify reputational, operational, financial and regulatory impacts as well as understand what can be done to prevent an attack.

“Overall, the Canadian data provides solid evidence that Canadian companies are taking steps towards mitigating cyberattacks but the threat is still very real,” said Richard Wilson, Partner, Cybersecurity & Privacy Practice, PwC Canada. “Canadian business and public sector leaders need to better understand the full range of impacts a cybersecurity breach can have on their organizations.  This issue has evolved far beyond data loss. Beyond financial and reputational damages, we are seeing impacts to competitiveness, product and service quality, employee retention, and the health and safety of both employees and the public.”

There are 3 areas where public and private sector organizations are heavily investing in cybersecurity right now,” said David Craig, Partner, Cybersecurity & Privacy Practice, PwC Canada. “Solutions to manage how employees, customers and third parties access and use data, outsourced Managed Security Services to monitor and detect security events more efficiently, and data privacy compliance in anticipation of mandatory breach notifications.”

According to the GSISS report, harnessing the power of cloud-based cybersecurity as a viable tool in Canada has led companies to greater productivity such as streamlined monitoring, advanced authentication, and threat intelligence.  Overall, Canadian companies surveyed matched their global counterparts on the adoption of cloud-based cybersecurity services.

Additional notable findings this year’s report include:

  • Evolving Cybersecurity Roles: 50% of respondents have a CISO (Chief Information Security Officer) in charge of the security program.
  • Investing in Insurance: Technically adept adversaries will always find new ways to circumvent security safeguards. That’s why many businesses (59%) are purchasing cybersecurity insurance to help mitigate the financial impact of cybercrimes when they do occur.
  • Threats at Home and Abroad: Incidents attributed to foreign nation-states increased the most (up 67% YoY) while current or recent employees continue to be the most cited source of incidents (66%).

To explore the Canadian insights emerging from this year’s survey please visit: www.pwc.com/ca/gsiss.

About PwC Canada

PwC Canada helps organizations and individuals create the value they’re looking for. More than 6,500 partners and staff in offices across the country are committed to delivering quality in assurance, tax, consulting and deals services. PwC Canada is a member of the PwC network of firms with more than 195,000 people in 157 countries. Find out more by visiting us at www.pwc.com/ca.

© 2015 PricewaterhouseCoopers LLP, an Ontario limited liability partnership. All rights reserved.

PwC refers to the Canadian member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

SOURCE PricewaterhouseCoopers (PwC Management Services LLP)

Nanaimo, B.C., man nearly loses thousands of dollars in iTunes scam

Police in Nanaimo, B.C., are warning the public after a man was caught in an iTunes scam.

RCMP say the man received an email that appeared to be from Apple iTunes listing several transactions on his account, and asking him to click on a link if the charges were incorrect or fraudulent.

He opened the link and was prompted to enter his credit card number, the security code, his social insurance number, date of birth and his mother’s maiden name.

Mounties say the man’s bank called the next day asking if he was withdrawing $9,000 on his credit card and the man realized he had been scammed.

RCMP Const. Gary O’Brien says alarm bells should have been ringing when the man was asked for his credit card information and social insurance number.

O’Brien says such personal information should never be given out because it can be used to make purchases, or open fraudulent bank accounts.

 

U.S. charges three in huge cyberfraud targeting JPMorgan, others

U.S. charges three in huge cyberfraud targeting JPMorgan, others

U.S. prosecutors on Tuesday unveiled criminal charges accusing three men of running a sprawling array of hacking and fraud schemes, including a huge 2014 attack against JPMorgan Chase & Co, that generated hundreds of millions of dollars of illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein were charged in a 23-count indictment over alleged crimes targeting 12 companies, including nine financial services companies as well as media outlets including The Wall Street Journal.

Prosecutors said the enterprise dated to 2007 and included pumping up stock prices, online casinos, payment processing for criminals, an illegal bitcoin exchange, and at least 75 shell companies and accounts around the world. Another defendant, Anthony Murgio, was charged over the bitcoin exchange.

“By any measure, the data breaches at these firms were breathtaking in scope and in size,” U.S. Attorney Preet Bharara said at a press conference.

Tuesday’s charges substantially expand a criminal case first announced in July. They are also the first tied to the JPMorgan attack, which compromised information in 83 million customer accounts in what prosecutors called the largest theft of customer data from a U.S. financial institution.

Authorities said Shalon and Aaron executed that hacking, using a computer server in Egypt that they had rented under an alias that Shalon often used.

E*Trade Financial Corp, TD Ameritrade Holding Corp and News Corp’s Dow Jones unit, which publishes The Wall Street Journal, said they were also targeted by defendants in the case.

Fidelity Investments was also a target, a person familiar with the matter said, and Scotttrade Inc was also a target, according to a law enforcement source.

Shalon, 31, and Orenstein, 40, are Israeli nationals who were arrested in July. Murgio, from Florida, was also arrested that month. Aaron, 31, is a U.S. citizen who has lived in Moscow and Tel Aviv.

JPMorgan on Tuesday confirmed that the latest charges relate to the 2014 attack, and said it continues to cooperate with law enforcement efforts to fight cybercrime.

E*Trade said it has contacted 31,000 customers who may have been affected. News Corp said the indictment relates to a breach that targeted subscribers, and which was disclosed on Oct. 9.

Lawyers for the defendants were not immediately available for comment.

WANTED MAN

The new charges portray Shalon as the ringleader, having orchestrated hackings since 2012 against nine companies in which personal information for more than 100 million customers was stolen.

He and Orenstein were accused of having since 2007 run at least 12 illegal Internet casinos, generating millions of dollars of profit each month.

They allegedly also ran IDPay and Todur, through which they collected $18 million of fees to process hundreds of millions of dollars of transactions for criminals.

According to the indictment, the illegal proceeds included tens of millions of dollars from manipulating the prices of stocks sold to customers whose information had been stolen.

Shalon was also accused of concealing at least $100 million in Swiss and other accounts, and running Coin.mx with Murgio.

Aaron, meanwhile, was identified in an FBI “wanted” poster as the “front-man” in a scheme where, using the alias “Mike Shields,” he conspired to drive up stock prices and then dump shares at inflated prices, collecting tens of millions of dollars of profit.

The indictment against Shalon, Orenstein and Aaron includes counts of computer hacking, securities and wire fraud, identity theft, illegal Internet gambling and conspiring to commit money laundering. Not all counts were brought against all defendants.

Murgio faces seven counts including wire fraud, money laundering and operating an unlicensed money transmitter.

The U.S. Securities and Exchange Commission previously filed civil charges against Shalon, Aaron and Orenstein.

Page 1 of 612345...Last »

Pin It on Pinterest

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!