Eye on: Cybersecurity
September 26th, 2019 · 3 min read
An interview with Jessica Burch, managing director of Bryce Point Insurance Agency, underlines the threat posed by cybersecurity breaches to small and midsize financial-service firms — and how her firm and its affiliate Coalition work with Chalice to protect these businesses.
Hackers only go after big firms, right?
Not exactly. Everyone remembers headline-grabbing incidents like Yahoo and Target, but Verizon has a study showing 58% of cyber attacks hit small businesses. Those tend to fly under the radar. As Robert Mueller said when he headed the FBI, "There are two types of companies: those that have been hacked, and those that will be."
Why don’t they exclusively target bigger fish?
Because small firms are gateways — often unguarded gateways — to larger firms that have direct or indirect access to the smaller firm’s client data. And the assumption you referred to earlier? — the idea that small firms are exempt from hacking? That’s actually the reason small businesses are so vulnerable. Hackers know small firms tend to be complacent about security, and tend to have insufficient infrastructure or security. That means hackers can automate their processes to attack many small firms at once, increasing the chance that, through these insecure small firms, they can get at more secure big firms. The Target hack in fact started at a smaller firm.
Can you put a price tag on the damage hackers can do to a small or midsize firm?
It adds up quickly. Take a small broker-dealer or RIA with 100,000 records. You could be looking at $40,000 in legal fees, $60,000 for the forensic investigation, $100,000 for client notifications, that much again in ID monitoring, $50,000 in call-center costs — and a good $500,000 to $600,000 in regulatory fines and penalties. That’s all ballpark, obviously, but a hack could easily cost a firm $750,000. And that’s not counting reputational damage.
How does the partnership with Coalition benefit Bryce Point’s clients?
Our partnership with Coalition lets us mitigate risk to our policyholders. In the event of a cyber breach, Coalition will provide pre-claim assistance such as a forensic team at no additional cost to policyholders. That way, the firm that has been attacked can take immediate action with the assistance of expert guidance. This could mean hiring PR professionals to counteract negative press, or paying additional IT costs to lessen the damage from civil or criminal complaints. The value of our partnership with Coalition is priceless when it comes to quickly making our clients whole again in the event of a breach. This means getting the firm back to business as quickly as possible.
How quickly can a firm get Coalition-powered coverage up and running?
With a few pieces of key data, a risk assessment and quote can be generated in as little as three minutes. Once a firm is ready to be covered, coverage can start immediately. Once coverage is ready to be finalized, the firm can sign electronically. When this application is signed, the firm's cyber insurance policy will be issued and made available via their private online secure dashboard at the Coalition.
How can Chalice members get a better feel for how Bryce Point and Coalition can help them?
Coalition is the first insurance-enabled technology firm built to help businesses before, during, and after a cyber incident, while sharing the same incentives as our customers to avoid and prevent loss. No amount of investment in defense has solved the problem. It seemed clear that there should be an insurance-enabled, technology-driven platform that allows businesses to prevent losses while remaining resilient in the face of a breach. With these ideas in mind, I encourage Chalice members to sign up with Coalition for a Cyber Risk Assessment of their firm.
How much would that set them back?
It’s free for Chalice members. Regularly it’s $2,500 — but if you’re with Chalice, it’s free. Chalice members can also save 30% to 50% off regular prices by bundling Coalition software and cyber insurance