Topic of the Month USI Cyber Risk Solutions Expand to Address Evolving ThreatsIncreased access to technical tools needed to launch cyberattacks, minimal risk of apprehension, and lucrative payouts have created a perverse incentive for criminals to embrace crimes that are cyber-enabled or cyber-dependent.

The nature of cybercrimes, the motivation behind them, targets and actors are all evolving. The cyber underworld, once dominated by mischievous computer geeks, is now attracting financial criminals, hacktivist groups driven by different agendas and nation-states all of whom are targeting organizations of all types, small and large alike. The motivation for hacking has gone from shaming targets to exposing or stealing sensitive data to disrupting critical business processes.

At significant cost to corporations and their customers, criminals are netting millions of dollars trading personally identifiable information (PII) stolen via data breaches and/or hacking of corporate networks.

Tackling an Evolving Threat USI Insurance Services designed its proprietary PrivaSafe Insurance Solution to be flexible and adaptable to the evolving nature of cyber threats.

The program, which offers more than 20 unique coverage enhancements designed and tested in the market against main street insurers, was built in conjunction with London-based underwriters who have hands-on experience handling cyber claims.

Since the program’s introduction, USI’s management and professionals services (MPS) team has continuously broadened its features and capabilities to ensure clients are properly equipped to manage their cyber exposures. Following are examples of areas where USI’s improved cyber solutions are making a significant impact.

Breach Exposure A major source of business income loss these days comes from unauthorized corporate network breaches. USI is actively engaged with clients to help them protect their businesses against the financial impact of such threats.

Recently, when a laptop belonging to an executive of a West Coast-based mortgage company was stolen, management feared criminals would gain access to sensitive customer data. The potential breach required that roughly 18,000 customers spread across 22 states be notified and have their credit monitored. Working with USI MPS Continued on page 2

©2015 USI Insurance Services. All rights reserved.

Risk Management | Property & Casualty | Employee Benefits | Personal Risk Services | Retirement Consulting

92% of cyberattacks targeting a broad range of industries come from nine basic sources, according to Verizon. Source: Verizon

POS Attack Web App Attack Insider Physical Theft Misc. Errors Crimeware Card Skimmers DoS Cyber-Espionage Other

professionals, the client was able to immediately notify affected customers and provide credit monitoring services for a year.

The company did not sustain any significant business income loss and the cost of notification and credit monitoring, which totaled $255,000, was covered by the USI PrivaSafe facility, subject to a self-insured retention and policy conditions.

Hacking Event Hardly a week goes by without news of organized criminals accessing systems to inflict financial and/or reputational damage on organizations.

The PrivaSafe Solution provides best-in-class coverage for hacking events. They include:

� Loss of income � Data restoration � Brand/Reputational management � Defense & Damages

In a recent example USI assisted a Midwest furniture chain whose computer systems were attacked by “Backoff ” malware, a virus that targets point-of-sale systems used throughout the retail industry.

The furniture chain had to suspend operations for four days at five major store locations. Approximately 96 hours was spent on the data recovery efforts, costing the company $19,200.

Meanwhile business lost as a result of the partial shutdown of the store locations totaled $216,000. Fortunately for the furniture company, which had purchased USI PrivaSafe coverage just months before, the expenses were covered in full, subject to policy terms and conditions.

Social Engineering Exposures Increasingly social-engineering techniques are being used to induce employees to break normal security procedures, leading to a dramatic rise in cyber security incidents and resulting financial exposures.

According to a recent Cyber risk survey, 48% of large companies and 32% of companies of all sizes have experienced 25 or more social engineering attacks in the past two years – 30% of all victims of social engineering cite an average per incident cost of more than $100,000.

As part of its PrivaSafe offering, USI provides coverage for actual monies lost, subject to a policy sublimit and terms and conditions, as a result of social engineering.

Cyber Extortion Risk Cyber extortion, which involves a demand for money to avoid or stop a cyberattack or release of customer information, is on the rise. Companies are paying out millions of dollars to cybercriminals for the safe recovery of stolen or encrypted data. Organizations that have fallen victim to cyber extortion include Domino’s, Nokia, and Code Spaces and several police departments across the country. In March 2015 hackers used ransomware to hijack a New Jersey school district’s computer systems, and demanded 500 Bitcoins (approximately $123,000) to restore the network to normal.

Cyber Risk Management Services In response to client needs USI recently broadened its PrivaSafe partner services to include pre-and-post cyber incident best practices assistance, a new risk management hotline, webinars and cyber risk updates.

These services, along with our exclusive PrivaSafe offerings, provide businesses with critical financial protection from a threat that is real and growing. Having handled real life cyber claims, the USI MPS team understands the intricacies of cyber threats.

For more information about USI PrivaSafe or addressing Cyber Risks please contact your USI representative.

Continued from page 1

©2015 USI Insurance Services. All rights reserved.

Risk Management | Property & Casualty | Employee Benefits | Personal Risk Services | Retirement Consulting

USI ONE™ is a fundamentally different approach to risk management, integrating proprietary business analytics with a networked team of local and national experts in a team based consultative planning process to evaluate the client’s risk profile and identify targeted solutions to address those risks. Learn about the USI ONE Advantage today!