It's difficult to see how $2,000,000 worth of insurance coverage would ever pay out more than $100,000 unless you were ...
It's difficult to see how $2,000,000 worth of insurance coverage would ever pay out more than $100,000 unless you were the victims of multiple crimes at once. I'm not an insurance broker...but after reading over 1,000 pages of policies in Q1 of 2023 that's my impression. You should review your policy with your insurance broker and IT team to make sure you understand it.
There are lots of new limits on limits appearing in policies. For example, Fraudulent Instruction Loss has been around for a while but it has a new limit. Funds where your company acted as the custodian may now be excluded. If your payroll was redirected, it's not clear you'd get it back. It does seem clear that taxes you withheld wouldn't be paid.
There seems to be much more effort put into reasons an insurance company would never pay a ransom. In one policy, payment could not be made if it caused issue with "any sanction, prohibition or restriction under United Nations resolutions or the trade or economic sanctions, laws or regulations of the European Union, United Kingdom or United States of America." Even if you don't operate in foreign countries their future laws might diminish your insurance coverage.
If you're attacked by a bad actor with ties to a anyone "designated by any government as a terrorist or terrorist group," your ransom won't be paid. The US Justice department, FBI and a host of other agencies designate groups as terrorists on a regular basis.
Frequently Asked Questions: Open-Source Intelligence (OSINT)
What is Open-Source Intelligence (OSINT)?
Open-Source Intelligence (OSINT) is the practice of collecting and analyzing information from publicly available sources—news, social media, search engines, public records, breach databases, and more. It’s widely used by researchers, security teams, and, unfortunately, attackers.
What kinds of information about me or my business can OSINT tools find?
The article notes that OSINT tools can uncover:
- Public records
- Leaked passwords and breach data
- Social media and dating profiles
- Job postings, which reveal hiring plans and tech stacks
- SEO/keyword data about your business and competitors
What OSINT tools does the article mention?
- OSINT Framework – a directory of tools to search public records, breaches, and more
- Have I Been Pwned – checks whether your email/passwords have appeared in known data breaches
- SEMrush – shows which keywords your competitors are targeting and how they rank over time
Why should small businesses care about OSINT?
Because attackers can use the same free tools to:
- Discover leaked credentials for your staff
- Map your technology stack and vendors
- Profile executives and employees for social-engineering attacks
If you don’t know what’s exposed, it’s hard to defend against targeted attacks that use this information.
Check our our Cyber Security Guide to find out more or to submit a question. You ask . We answer.
