COVID-19 Cyber Risk Checkup

COVID-19 Cyber Risk Checkup


Our cyber health and hygiene have declined as bad actors take advantage of our vulnerabilities during the COVID-19 Pandemic.

What do you think of when you hear that "human error" caused a cyber event?

Human error means that a member of your team, or a third-party supplier’s team, may override your cybersecurity measures when hackers manipulate or trick them.

Employees who are unaware of cyber threats become the access point into your network.

Hackers seek to manipulate or trick your employees via phishing or spoof emails sent by an imposter, text SMS messages with links that release malware into your network, or vishing attacks that give instructions with an authentic-sounding voice.

Once inside your network, criminals have time – which presents a danger to your cybersecurity and can lead to ransomware attacks, data breaches, or social engineering (leading to funds transfer fraud or invoice manipulation).

The Wild West of COVID-19

In the Wild West of COVID-19, bad actors are gaining a cyber advantage over unprepared or underprepared businesses.

One would not give a speech without preparation for fear of mishandling the message.

One would not attempt to run a race without preparation for fear of injury or losing.

Yet, sometimes we run our networks and computer systems without proper preparation to prevent cyberattacks (to the most reasonable degree possible) and without preparation for the ensuing financial loss by acquiring cyber insurance coverage (for residual cyber risk that we fail to prevent).

Industry Week reports that manufacturers, health providers, global supply chains, and the maritime industry are under attack.

As we have noted, cybercrime syndicates, nation-states, and lone-wolf hackers position themselves to disrupt the global supply chain in Third-Party Logistics (3PL).

Industry Week notes the Maritime Industry's cybersecurity maturity level is relatively low, while it transports 90% of the world's trade and is increasingly connected, automated, and remotely monitored.

Malware Attack on French Logistics Giant

The French maritime transport and logistics giant CMA CGM recently disclosed a malware attack affecting servers on its network's edge. The attack forced CMA CGM's IT teams to cut Internet access to some applications to block the malware from spreading to other network devices. CMA CGM has 755 offices, 750 warehouses, and over 110,000 employees in more than 160 countries, and it operates a shipping fleet of over 480 vessels on more than 200 shipping lines.

After CMA CGM initially informed customers that its network was still available for booking and operation requests, they amended their notice, urging customers to contact their local agencies for all bookings

According to Korn Ferry, 74% of logistics companies surveyed last year reported networking disruption increased by 63% from 2013.

Human Error – The Cybersecurity Bypass

Hackers seek to manipulate or trick your employees via phishing or spoof emails sent by an imposter, text SMS messages with links that release malware into your network, or vishing attacks that give instructions with an authentic-sounding voice.

Our recent Cyber Alert noted that cybercriminals are laser-focused on accessing your network via vishing attacks, in which they use valid login credentials to your Virtual Private Network (VPN) provided by your employee.

This information provides hackers with a gateway to your network. Once inside your network, criminals have time – which presents a danger to your cybersecurity and can lead to ransomware attacks, data breaches, or social engineering (leading to funds transfer fraud or invoice manipulation).

Social Engineering Attacks Increasing During COVID-19 Pandemic

Has your organization contemplated the increased social engineering risks this year?

Social engineering hacks have increased exponentially during the COVID-19 Pandemic, which means they need to be understood and risk-managed.

Funds Transfer Fraud (Imposter Emails)

Funds Transfer Fraud (FTF) is a cyberattack that manages to redirect seemingly legitimate company payments to cybercriminals. When hackers prey on our inherent sense of trust, they sometimes succeed in their spoof or phishing email campaigns.

FTF (aka Business Email Compromise (BEC)) is a significant business for cybercriminals, and without the right protocols in place, companies are vulnerable to sending massive payments (even multiple times) with devastating financial consequences.

According to the FBI's 2019 Internet Crime Report, complaints revealed an uptick in BEC scams by a considerable margin. The FBI found BEC to be the most damaging type of cybercrime in 2019. BEC losses averaged $75,000 per complaint, phishing, smishing, and vishing accounted for $500 per complaint, and ransomware averaged $4,400 per complaint.

Reports indicate that in April 2020, two phishing campaigns and one malware using COVID-19 lures impersonated shipping companies FedEx, DHL, and UPS, as well as US-based medical providers, with malicious attachments.

Furthermore, multiple BEC campaigns involved coronavirus themes, attacking payroll, wire transfers, and legal attention themes requesting targets to make fraudulent funds transfers.

Notably, a cyber insurance policy may refer to Social Engineering, FTF, BEC, Invoice Manipulation, Electronic Crime, Computer Fraud, or Financial Fraud. Your cyber insurance broker should conduct a thorough review of cyber insurance policy wording to ensure clarity about this coverage.

Invoice Manipulation (Imposter Emails)

Invoice Manipulation is a more complex and daunting form of FTF. An attacker gains access to a company's email account, typically through phishing, and sends an authentic email to an outside party requesting payment via for a fraudulent invoice. Having reviewed correspondence in the hacked email account, attackers will often mimic the sender's behavior to make the request look authentic. When the company follows up for the original invoice payment later, they discover the fraud, but the funds are long gone.

According to the FBI, BEC scams like invoice manipulation accounted for more than $26 million in corporate losses in the last three years.

Most Stand-Alone Cyber Insurance policies have quickly responded to this threat and now provide coverage for invoice manipulation. Beware of outdated coverage forms and packaged policies that might only respond to funds transferred by employees, not invoice manipulation, potentially leaving businesses uninsured.

Ransomware Attacks Increasing During COVID-19 Pandemic 

We define ransomware in our Cyber Insurance Glossary

Ransomware is a form of malware that effectively holds a computer system hostage until your business pays a "ransom" (usually in cryptocurrency such as Bitcoin). Most ransomware attacks result from opening infected email attachments or visiting malicious websites, installing a worm, or Trojan horse. Once the systems and files are locked (encrypted), a decryption key is needed to regain access, provided following the ransom payment. 

Coalition, Inc., a specialized cyber insurance MGA, tracks cyber claims frequency and severity. In H12020, Coalition found that hackers' ransom demands increased 47%.

According to Coveware, the average ransom payment amount increased by 104% in Q4 2019 to $84,116 with the highest-reported ransom payment of $780,000 – before the 47% increase in ransom demand reported by Coalition. 

Datto's Global State of the Channel Ransomware Report indicates that downtime increased by 200% year over year and that such costs are 23 times greater than the average ransom demanded in 2019. 

Coveware found the average downtime caused by a ransomware attack is 16.2 days (for larger enterprises not small to medium-sized businesses). 

Maze Ransomware Attacks are Game Changers 

Maze ransomware attacks are game-changers for cyber risk mitigation. 

Even with backups available to restore your data post-ransomware attack, your business may face an additional threat – publication of confidential or sensitive information – if you refuse to pay the ransom. Suppose the Maze group carries out the data leak and disclosure. In that case, your business must comply with all the legal obligations and liabilities required after a data breach (such as breach notification to all those impacted), making the cyber event even more costly. 

Notably, some more robust Stand-Alone Cyber Insurance policies cover the cost associated with ransomware attacks, including payments, if any, the costs for negotiations with the hackers, and costs incurred from cyber-related business interruption (BI).

We define business interruption in our Cyber Insurance Glossary

Business Interruption (BI) coverage under a cyber policy refers to lost profits and extra expenses incurred due to a disruption in business operations or services following a cyberattack. BI coverage has a designated waiting period that must elapse before a recovery is possible. Waiting periods essentially replace the policy retention (i.e., deductible) and are stated on an hourly basis, instead of monetary value. 

With the rise in ransomware events, BI coverage is a crucial component in Stand-Alone Cyber Insurance policy, responding to a ransom payment demand, including adherence to required compliance measures, which can prove crucial in saving your bottom line. 

Your organization's cyber risk management during the coronavirus will carry over in a positive way to your operations after the Pandemic. 


  • The benefits of remote work – continuing business operations -- outweigh the risks if you have robust Stand-Alone Cyber Insurance to reduce a cyber-related financial loss.
  • More than one-third of organizations have experienced a security incident caused by a remote worker's actions. Thus, employee awareness training is a vital cybersecurity measure.
  • Your business stands a better chance of not only surviving but thriving after a cyberattack with a dedicated Stand-Alone Cyber Insurance policy suited to your risk tolerance level. 
  • Cyber Armada and its cyber insurance carriers are ready to support policyholders during the COVID-19 crisis and beyond.

Reach out to a specialist cyber broker, such as Cyber Armada Insurance, to assist you with your Stand-Alone Cyber Insurance needs. We understand the evolving cyber risks, the dynamic cyber insurance market, and cyber insurance clients' demands.

Contact Cyber Armada today to explore how your company faces potential financial losses from a cyberattack.  Contact us at 888.727.6232.

Next Article

Please watch for our next article on GSA Cybersecurity Issues.

This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.

Topics: Cyber Security Ransomware Business Interruption Covid-19 3PL Logistics

Cyber Armada Team
Posted by Cyber Armada Team on Oct 14, 2020

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment