Hackers

Data Backup Hackers Security

Cyber Insurance in the Modern World

Yes, you read that correctly, cyber insurance is a real thing and it does exactly what is says. No, cyber insurance can’t defend your business from a cyber-attack, but it can keep your business afloat with secure financial support should a data security incident happen. Most organizations operate their business and reach out to potential customers via social media and internet-based transactions. Unfortunately, those modes of communication also serve as opportunities to cyber warfare. The odds are not in your favor, as cyberattacks are likely to occur and have the potential to cause serious losses for organizations both large and small. As part of a risk management plan, organizations regularly must decide which risks to avoid, accept, control or transfer. Transferring risk is where cyber insurance will pay massive dividends.

 

What is Cyber Insurance?

By definition, a cyber insurance policy, also known as cyber risk insurance (CRI) or cyber liability insurance coverage (CLIC), is meant to help an organization alleviate the risk of a cyber-related security breach by offsetting the costs involved with the recovery. Cyber insurance started making waves in 2005, with the total value of premiums projected to reach $7.5 billion by 2020. According to audit and assurance consultants PwC, about 33% of U.S. companies currently hold a cyber insurance policy. Clearly companies are feeling the need for cyber insurance, but what exactly does it cover? Dependent on the policy, cyber insurance covers expenses related to the policy holder as well as any claims made by third party casualties. 

Below are some common reimbursable expenses:

  • Forensic Investigation: A forensics investigation is needed to establish what occurred, the best way to repair damage caused and how to prevent a similar security breach from happening again. This may include coordination with law enforcement and the FBI.
  • Any Business Losses Incurred: A typical policy may contain similar items that are covered by an errors & omissions policy, as well as financial losses experienced by network downtime, business disruption, data loss recovery, and reputation repair.
  • Privacy and Notification Services: This involves mandatory data breach notifications to customers and involved parties, and credit monitoring for customers whose information was or may have been violated.
  • Lawsuits and Extortion Coverage: This includes legal expenses related to the release of confidential information and intellectual property, legal settlements, and regulatory fines. This may also include the costs associated from a ransomware extortion.

Like anything in the IT world, cyber insurance is continuously changing and growing. Cyber risks change often, and organizations have a tendency to avoid reporting the true effect of security breaches in order to prevent negative publicity. Because of this, policy underwriters have limited data on which to define the financial impact of attacks.

How do cyber insurance underwriters determine your coverage?

 

As any insurance company does, cyber insurance underwriters want to see that an organization has taken upon itself to assess its weaknesses to cyberattacks. This cyber risk profile should also show how the company and follows best practices by facilitating defenses and controls to protect against potential attacks. Employee education in the form of security awareness, especially for phishing and social engineering, should also be part of the organization’s security protection plan. 

Cyber-attacks against all enterprises have been increasing over the years. Small businesses tend to take on the mindset that they’re too small to be worth the effort of an attack. Quite the contrary though, as Symantec found that over 30% of phishing attacks in 2015 were launched against businesses with under 250 employees. Symantec’s 2016 Internet Security Threat Report indicated that 43% of all attacks in 2015 were targeted at small businesses.

You can download the Symantec’s 2016 Internet Security Threat Report here

The Centre for Strategic and International Studies estimates that the annual costs to the global economy from cybercrime was between $375 billion and $575 billion, with the average cost of a data breach costing larger companies over $3 million per incident. Every organization is different and therefore must decide whether they’re willing to risk that amount of money, or if cyber insurance is necessary to cover the costs for what they potentially could sustain.

As stated earlier in the article, cyber insurance covers first-party losses and third-party claims, whereas general liability insurance only covers property damage. Sony is a great example of when cyber insurance comes in handy. Sony was caught in the 2011 PlayStation hacker breach, with costs reaching $171M. Those costs could have been offset by cyber insurance had the company made certain that it was covered prior.

The cost of cyber insurance coverage and premiums are based on an organization’s industry, type of service they provided, they’re probability of data risks and exposures, policies, and annual gross revenue. Every business is very different so it best to consult with your policy provider when seeking more information about cyber-insurance.

Data Privacy Hackers Security

Apple’s Bug Bounty Program : Hacker’s Getting Paid

How does one of the largest and most innovative companies in history prevent cyber attacks and data hacks? They hire hackers to hack them. That’s right, Apple pays up to $1 million to friendly hackers who can find and report vulnerabilities within their operating systems. Recently, Apple announced that it will open its Bug Bounty program to anyone to report bugs, not just hackers who have previously signed up and been approved. 

 

Apple’s head of security engineering Ivan Krstic says is that this is a major win not only for iOS hackers and jailbreakers, but also for users—and ultimately even for Apple. The new bug bounties directly compete with the secondary market for iOS flaws, which has been booming in the last few years. 

 

In 2015, liability broker Zerodium revealed that will pay $1 million for a chain of bugs that allowed hackers to break into the iPhone remotely. Ever since, the cost of bug bounties has soared. Zerodium’s highest payout is now $2 million, and Crowdfense offering up to $3 million.

So how do you become a bug bounty for Apple? We’ll break it down for you.

 

What is the Apple Security Bounty?

As part of Apple’s devotion to information security, the company is willing to compensate researchers who discover and share critical issues and the methods they used to find them. Apple make it a priority to fix these issues in order to best protect their customers against a similar attack. Apple offers public recognition for those who submit valid reports and will match donations of the bounty payment to qualifying charities.

See the Apple Security Bounty Terms and Conditions Here

Who is Eligible to be a Bug Bounty?

 

In order to qualify to be an Apple Bug Bounty, the vulnerability you discover must appear on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration. The eligibility rules are intended to protect customers until an update is readily available. This also ensures that Apple can confirm reports and create necessary updates, and properly reward those doing original research. 

Apple Bug Bounties requirements:

  • Be the first party to report the issue to Apple Product Security.
  • Provide a clear report, which includes a working exploit. 
  • Not disclose the issue publicly before Apple releases the security advisory for the report. 

Issues that are unknown to Apple and are unique to designated developer betas and public betas, can earn a 50% bonus payment. 

Qualifying issues include:

  • Security issues introduced in certain designated developer beta or public beta releases, as noted in their release notes. Not all developer or public betas are eligible for this additional bonus.
  • Regressions of previously resolved issues, including those with published advisories, that have been reintroduced in certain designated developer beta or public beta release, as noted in their release notes.

How Does the Bounty Program Payout?

 

The amount paid for each bounty is decided by the level of access attained by the reported issue. For reference, a maximum payout amount is set for each category. The exact payment amounts are determined after Apple reviews the submission. 

Here is a complete list of example payouts for Apple’s Bounty Program

The purpose of the Apple Bug Bounty Program is to protect consumers through understanding both data exposures and the way they were utilized. In order to receive confirmation and payment from the program, a full detailed report must be submitted to Apple’s Security Team.  

 

According to the tech giant, a complete report includes:

  • A detailed description of the issues being reported.
  • Any prerequisites and steps to get the system to an impacted state.
  • A reasonably reliable exploit for the issue being reported.
  • Enough information for Apple to be able to reasonably reproduce the issue. 

 

Keep in mind that Apple is particularly interested in issues that:

  • Affect multiple platforms.
  • Impact the latest publicly available hardware and software.
  • Are unique to newly added features or code in designated developer betas or public betas.
  • Impact sensitive components.

Learn more about reporting bugs to Apple here

Contact Us for a Quote / Ask a Question

Get Trusted IT Asset Management!

As one of the industry’s leading IT asset management service providers, DTC provides a suite of effective solutions.
Discover what it feels like to work with a quality partner.

Solutions
Contact US

Get Started

Services

Repairs

Data Destruction

dtc1.com  |  Copyright © 2024. All rights reserved.

Linkedin
Facebook-f
Twitter
Instagram
Yelp
Scroll to top