Episode Summary
A recent discussion between cybersecurity experts Chris and Daniel overviewed the top cybersecurity threats that insurance agents should be aware of going into 2023. They note that the cyber threat landscape has evolved rapidly, with cyber risks now topping the list of concerns for small and medium-sized businesses according to a survey of risk managers.
Over 30% of risk managers surveyed stated that cyber threats pose the single biggest risk to their organizations today. Coming in second on the list was business interruption, which is often the direct result of a cyber incident. The combination of these top two risks highlights the interconnected nature of cyber threats and business disruption.
Chris and Daniel outline how cyber threats have grown significantly more complex on an international level. Where attacks were once broad and untargeted, they are now becoming more precisely aimed. Cybercriminals are deliberately targeting smaller businesses, using their access to then penetrate the systems of larger partners and vendors downstream.
They provide real-world examples of how this is playing out for insurance agencies in particular. In one instance, an agent had his login credentials stolen when connecting to public WiFi. These stolen credentials were then leveraged in an attempt to access other agents' systems. In another example, a fraudulent actor was able to intercept and alter an electronic invoice mid-transit, redirecting the payment to the hacker's account.
Chris recounts his own experience dealing with the breach of the password manager LastPass earlier this year. He highlights how having multi-layered security measures in place helps mitigate risks even when one system is compromised. Relying on a single security product or practice creates a single point of failure.
Instead, Chris and Daniel recommend insurance agencies implement defense-in-depth strategies to secure their systems and data. This includes measures like using business-grade VPNs, employing endpoint detection and response tools, enforcing strong access controls, maintaining offline backups, and patching known software vulnerabilities.
For many small and medium businesses, managing cybersecurity in-house is becoming increasingly impractical given the expertise and resources required. Outsourcing security operations to a managed security provider can provide crucial capabilities like intrusion detection, log analysis, penetration testing, and incident response on an ongoing basis.
In summary, cyber threats now represent the number one risk for a majority of businesses, yet many small and medium companies remain underprepared. By making cybersecurity a top priority and partnering with specialists, insurance agencies can implement layered protections to reduce their risk and strengthen resilience.
Timestamps
(0:00:00) - Broker Link podcast features advice on how to protect your business in 2023
(0:00:39) - Cyber threats are the number one risk to any small to medium-sized business
(0:09:17) - We sometimes get asked, can you share some stories about cybersecurity
(0:16:47) - With brokerage bucks, we will reimburse you for marketing
(0:19:47) - One thing with online portal stuff is if they are in your system
(0:20:57) - Cyberfin protects insurance agencies and financial planners through a cybersecurity service
(0:24:34) - An agency went bankrupt because they didn't have cybersecurity in place
(0:26:52) - A lot of people aren't ready to sign up for service without talking to you
