You might not think cyber crimes could directly affect your cannabis company. Think again. Cyber crime is expanding so fast, the stats can barely keep up:
The global cost of cybercrime will reach $2 trillion by 2019 (a threefold increase since 2015 estimate). 48% of data security breaches are caused by acts of malicious intent (human error or system failure account for the rest).
So basically if your cannabis company has any activity online, you’ll need to know what’s covered under a cyber and crime policy.
Cyber insurance and the theft of data
While every cyber insurance policy can differ considerably, what do they generally cover? A comprehensive cyber insurance program for your cannabis company should cover the directs costs and liability to a third party after a cyber crime event.
These direct costs (or first party expenses) may include:
- Costs to recover and restore lost data corrupted or destroyed after a computer attack.
- Event management costs which may include the cost of forensics services, notification expenses, call center costs, legal services, identity monitoring and PR.
- Cyber extortion costs (potentially including expenses for consultants).
- Business interruption reimbursement. This may include loss of income as well as related expenses to get your cannabis company up and running.
Crime insurance and the theft of money
While cyber crimes and insurance get all the splashy headlines, many overlook the real-world need for crime insurance.
While crime insurance for cannabis companies is primarily designed to cover theft of money (robbery, burglary and forgery), it’s also evolved to cover more since bad actors have become more sophisticated. Criminals are now committing advanced cyber crimes from the comfort of their own homes.
It’s because of this that traditional crime insurance continues to expand its coverage to include new definitions of theft, not just a smash-and-grab from the petty cash drawer.
For example, these crime policies may now cover fraudulent instructions sent electronically or physically (telephone, fax, etc.) which instruct banks to transfer your company funds to another account.
Crime insurance, social engineering and using stolen information to steal money
Nowadays, bad actors give fraudulent transfer instructions directly to employees. Most cannabis companies believe their employees would never fall for such a scam. But the scams continue to improve in quality and (surprise) people continue to fall for them.
How are these crimes happening? Criminals are using a virus, phishing or employing traditional hacking methods to steal information. That stolen information allows them to pretend to be an authorized employee and instruct others to make transfers.
This scheme has many monikers, including social engineering, cyber crime, computer crime and spear phishing.
Coverage for cyber crime is available under both crime and cyber policies. But most underwriters agree that social engineering is just a newer method to enable the theft of money.
Some examples of these kinds of scams potentially covered under social engineering coverage are:
- A bad actor hacks into the CEO’s email. He or she sends an urgent message to an approved person who makes a fund transfer for a secret transaction.
- A cybercriminal collects publicly available information to impersonate the executive of your cannabis company and instructs an individual to make an immediate transfer of funds.
- An employee inadvertently inserts an infected storage device into a local network which allows criminal access to information.
- An employee responds to a seemingly legitimate email and voluntarily provides critical personal information that allows someone to pose as that employee and initiate a funds transfer. (This is also known as phishing.)
Cyber and crime insurance experts agree, it’s not if but when. In this day and age, just about every cannabis company risks some sort of cyber and crime exposure. Make sure your insurance program is broad enough to withstand any type of cyber attack.
The best method? Purchase both a cyber and crime with social engineering policy. Or better yet, speak to one of our knowledgeable account executives to make sure you have the proper coverage for your cannabis company.