UNIG-logo-2C-oneline_web

E&O Risk Management Newsletter

Volume 3 – Issue 3 – March 2025

Ready to Help
Are you looking for risk management guidance on a particular topic? Reach out to Tabitha DeGirolano of our E&O team for help at tabitha.degirolano@uticanational.com.

The “Why” and “How” of Helping to Secure Your Agency Against Cyberattacks

Cyberattacks have become a major concern for agencies of all sizes. Even the smallest of agencies can experience a cyberattack. With hackers constantly evolving their tactics, it’s crucial to take proactive steps to safeguard your data. Cyberattacks can lead to data breaches, financial loss, disruptions, and damage to client trust.

Understanding the Risks
It is vital to understand some of the risks you could face that could target your agency. These include:

  • Phishing/Smishing – Uses various methods to entice you to click a malicious link, download infected files, or reveal personal information such as passwords.
  • Ransomware – Malware that locks your data until a ransom is paid.
  • Malware – Designed to harm or exploit systems.
  • DDOS (distributed denial-of-service) – Attacks aimed at overwhelming your system to cause disruption.
  • Data breaches – Unauthorized access to confidential or sensitive data. Data breaches are often the result of other types of cyberattacks such as phishing.

The following are some risk mitigation strategies insurance agencies can use to help defend against cyberattacks:

  • Staff Education – Human error is one of the most significant causes of cyber breaches. Phishing scams and social engineering attacks often succeed due to a lack of employee awareness. Invest in regular cyber security training for your staff. This training can help your employees recognize suspicious activities, avoid risky behavior, and adhere to best practices.
  • Use Multi-Factor Authentication (MFA) – Passwords alone are no longer sufficient to secure your accounts. Multi-factor authentication adds an additional layer of protection by requiring users to provide two or more verification factors to gain access.
  • Back Up Your Data – It is important to back up your data frequently to help ensure that in the event of a cyberattack you can restore your systems without paying a ransom or experiencing significant data loss. Isolate backup systems from the primary network to prevent them from being compromised if there is a breach.
  • Update Your Software – Updating your software regularly can help avoid cyberattacks that take advantage of weaknesses in your operating system and programs. Regularly updating with security patches can increase the efficacy of your computer system’s built-in security. Antivirus software is critical for early detection, however, if it is not updated often, it will not be as effective at locating and isolating potential malware.
  • Third-Party Vendors – Insurance agencies often use third-party vendors for various services which can be entry points for cybercriminals. When contracting with vendors, assess their cybersecurity practices to ensure they have stringent security standards.
  • Establish an Incident Response Plan – Having an incident response plan in place will allow you to more effectively respond to a cyberattack and minimize the impact. Your plan should outline clear steps to follow in the event of an attack, including identifying and containing the threat, notifying relevant parties, communicating with clients, and coordinating with law enforcement and/or legal professionals.

Implementing strong cybersecurity policies and practices can significantly reduce the risk of cyberattacks against your agency. This is essential to protecting your business and maintaining your clients’ trust.

Examples of Cyber Claims that Could Impact an Insurance Agency

  • An employee receives an email that appears to be from the President of their company indicating they need to urgently make a payment to a vendor.
  • An agency management system is shut down for weeks due to an attack which originated from an employee clicking a link in a phishing email. The agency is unable to process business and/or accept payments during this time period, resulting in the need to hire experts to remediate the situation as well as loss of revenue.
  • An Account Executive’s laptop containing clients personally identifiable information (PII) is stolen.

Top

Cyber Security Resources for You

Zywave offers a Data Privacy & Information Security course. This course, and others, are available to all policyholders. View a listing of courses in the Zywave Course Catalog below and contact our Education Department at 315-235-4700 to arrange access to these courses.

If you have Cybersurance endorsed to your policy, you have access to additional resources through Cyberscout. These resources include:

  • Guide to develop an incident response plan
  • Risk calculators
  • Risk Management Training Courses
  • State Breach Regulation and Notification Requirements Database

CLICK HERE for instructions on how to access these resources.


Ready to Help

Are you looking for risk management guidance on a particular topic? Reach out to Tabitha DeGirolano of our E&O team for help atabitha.degirolano@uticanational.com.

This information and any attachments or links are provided solely as an insurance risk management tool. They are derived from information believed to be accurate. Utica Mutual Insurance Company and the other member insurance companies of the Utica National Insurance Group (“Utica National”) are not providing legal advice or any other professional services. Utica National shall have no liability to any person or entity with respect to any loss or damages alleged to have been caused, directly or indirectly, by the use of the information provided. You are encouraged to consult an attorney or other professional for advice on these issues.