Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
1 year ago · by · 0 comments

Cyber Insurance & The Construction Industry

Cyber risk management is a hot topic for businesses across all industries, many high profile breaches have been in the media from financial institutions, healthcare organisations, law firms and IT companies.  The construction industry is no different and definitely on the radar for cyber criminals.

In a piece written for VirginiaBusiness.com, Collin J. Hite, leader of the Insurance Recovery Group and the Data Privacy and Security practice at Hirschler Fleischer says, “The situation is getting so bad that businesses, large and small, finally are realizing that the question is not if they will get breached, but when. The construction industry is not immune from data breaches.”

Difficulties facing the construction industry

For many construction industry decision makers there is a mistaken belief that their organisations are not at risk because their business does not deal with the general public, have an online presence or handle large amounts of credit card information. While some may not consider construction to be a target, cyber criminals can see the vulnerabilities. Construction firms have access to large amounts of information such as confidential employee information, intellectual property, project plans and drawings, financial data and accounts, contractor details, etc.

Traditionally workers in the construction industry haven’t had to bat an eye lid regarding cyber security which has contributed to an overall lack of security awareness, training and skepticism towards cyber risks and insurance.

The Internet of Things is also presenting new challenges for the industry as terrific new equipment and methods are created with connectivity in mind. For example, internet connected field equipment which can be remotely controlled is hurriedly implemented for it’s efficiency but less forethought is given towards the security of these devices.

High Profile Incidents

Let’s take a look at some major cyber incidents which were targeted at various areas of the construction industry.

Target & Fazio Mechanical Services

“The attackers got access to login credentials for Target’s computer network from one of their vendors, Fazio Mechanical. An employee fell victim to a phishing scam that allowed malware to be installed on the company’s computers. Fazio had access for electronic billing, project management, and contract submission and not because they were remotely monitoring and controlling any of the HVAC and refrigeration systems at any of their stores.”

“Multiple sources close to the investigation now tell this reporter(Brian Krebs) that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers.” Krebs on Security.

German Steel Mill

The German Federal Office for Information Security (BSI) detailed in a report that attackers used booby-trapped emails to steal logins that gave them access to the mill’s control systems. This led to parts of the plant failing and meant a blast furnace could not be shut down as normal. The unscheduled shutdown of the furnace caused the damage, said the report.

In its report, BSI said the attackers were very skilled and used both targeted emails and social engineering techniques to infiltrate the plant. In particular, said BSI, the attackers used a “spear phishing” campaign aimed at particular individuals in the company to trick people into opening messages that sought and grabbed login names and passwords. The phishing helped the hackers extract information they used to gain access to the plant’s office network and then its production systems.

Once inside the steel mill’s network, the “technical capabilities” of the attackers were evident, said the BSI report, as they showed familiarity with both conventional IT security systems but also the specialised software used to oversee and administer the plant.

Turner Construction

Turner Construction was the victim of a spear phishing scam in March when an employee sent tax information on current and former employees to a fraudulent email account. Hackers spoof the “From:” field in an email to make it appear to come from a trustworthy source, say from your CEO or CFO. Typical spear phishing scams include messages requesting personal information on employees such as names and addresses, Tax details, corporate banking account information, or login credentials.

In the case of Turner Construction, the information provided to the fraudulent email account included full names, Social Security numbers, states of employment and residence as well as tax withholding data for 2015. All employees who worked for the company in 2015 were affected by the data breach. Turner, which is headquartered in New York, is one of the largest construction management firms in the U.S. with offices in 24 states.

Cyber Insurance Can Help Protect Your Business

The cyber insurance market has already seen a surge in demand for stand alone cyber liability insurance policies as a direct result of the Notifiable data breach regulation which is set to begin from February 22nd 2018.  A cyber insurance policy can protect against many potential incidents, including loss of data, cyber extortion, business interruption, identity fraud and malicious data damage.

A good policy will also cover defence costs and the cost of public relations experts, which is very important when considering reputational damage and loss of business which a data breach is shown to cause.  A recent study showed that following a data breach or cyber attack, stock prices fall an average of 5%. Thirty-one percent of consumers impacted by a breach stated they discontinued their relationship with an organization that had been breached, and 65 percent lost trust in that organization.

Current scams and prevention methods should be regularly circulated for employee knowledge. There are a number of third parties offering a wide range of solutions such as All Secure IT Services which offer customised managed services for all IT needs or DDM Security Systems which offer email security and encryption solutions.

One email can breach the entire network and as a result we suggest getting employees to subscribe to and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates or join the monthly newsletter at cyberinsuranceaustralia.com.au

Contact us on 1300 462 923 to discuss insurance options today.

 

Cyber Insurance Australia Logo

Comments

Not found any comments yet.

Leave a reply

Your email address will not be published, and your website url is not required.

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd T/as Cyber Insurance Australia ABN 59 378 032 992. CAR 1250594

Authorised Representative for National Advisor Services Pty Ltd t/as Community Broker Network (CBN) ABN 60 096 916 184 | AFSL 233750

Financial Services Guide (FSG), Privacy Policy & Complaints & Dispute Handling, Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!