Agents: Shocking New Cybercrime Facts to Encourage Clients to Get Coverage

Help your clients be better protected in a digital environment where threats change daily.

Billions of dollars are drained every year on ransomware payments – which risk getting business leaders sanctioned and/or losing their insurance. Most organizations don’t have sufficient cyber coverage to pay ransom demands, and only about half of companies have cyber coverage at all.

We’re not here to tell you how important cyber coverage is. You’ve known this for years. We’re here to tell you that your clients may not understand how critical it is, and we have some sobering information that may encourage them to purchase cyber insurance.

In response to these ever-evolving cyber threats, Glatfelter provides a more robust cyber coverage to clients. This cyber product includes:

• A dedicated cyber limit; limits do not erode Management Liability or GLPL coverage
• Regulatory action coverage in Security and Privacy Liability
• Network Interruption Coverage
• Access to an external Communications Platform to speak directly with the carrier

To hear more about Glatfelter’s powerful cyber product, visit the website of our wholesaler, Glatfelter Brokerage Services (GBS).

The clients we serve together – healthcare, ministry care, municipalities, schools, emergency services and water systems—are facing severe risks in this increasingly-dangerous digital environment. Let’s partner to help keep clients safe and better prepared to manage today’s cyber dangers.

1. 45% of small-to-medium-sized businesses say their cybersecurity measures aren’t sufficient to mitigate cyberattacks.

Last year, 66% of small-to-medium-sized businesses said they experienced a cyber attack in the last 12 months. This isn’t surprising since 45% have ineffective security measures in place. 69% also say that cyberattacks are becoming more targeted. Meaning, targets are picked intentionally because of their background.

2. Cyberattacks could be costing your collective healthcare clients an average of $100 million a day.

As you’re likely aware, in February of 2024, Change Healthcare—a notable company owned by UnitedHealth Group that processes medical payments for one out of every three Americans—suffered the largest cybersecurity attack on the American healthcare system ever. The hackers were allegedly paid $22 million in bitcoin.

As a result of the cyberattack, Change Healthcare was forced to take their systems offline, resulting in the disruption of patient care in many ways, including medication delays and having to make patients pay out-of-pocket for medications. In your client’s case, healthcare providers are having major cash flow issues as claims aren’t being processed and aren’t being paid.

Visit the Glatfelter Healthcare website for healthcare-related cybersecurity resources.

3. Houses of worship are becoming more targeted, including by more cyberattacks.

The World Council of Churches (WCC), an inter-church organization, reported in December 2023 that they had been the victim of a ransomware attack. Specifically, the Lutheran World Federation, a WCC member, was called by hackers on December 26^th, who demanded they pay six bitcoins, or about $280,000, to prevent stolen information from being released. The WCC said they would never give in to threats like these.

Cyberattacks against religious organizations have begun to rise since 2020, with a significant spike occurring in 2023. To find out what makes churches the perfect victim for cybercrime, check out this Glatfelter blog:

The US Department of Homeland Security analyzed four cyberattacks on houses of worship in a 2020 study. The damage to two of them, through a financial scheme and website defacement, cost each church $680,000 and $1,750,000 respectively. There’s also the reputational damage that happened because of the website defacement.

Visit our Glatfelter Ministry Care website for ministry care-related cybersecurity resources.

4. Malware attacks against municipal governments rose by 148% from 2022 to 2023.

Municipal government organizations saw noticeable growth in several types of cyberattacks between 2022 and 2023. There was also a 313% increase in endpoint security service incidents, like unauthorized access, data breaches and insider threats.

2023 was packed with cybersecurity incidents against municipalities. 2024 has been no different. In January, the city of Beckley, West Virginia confirmed they had suffered a cyberattack after city officials discovered issues with their computer network.

Visit the Glatfelter Public Entities website for cybersecurity resources for municipalities.

5. Cyberattacks against schools more than doubled between 2022 and 2023.

In March of 2024, the superintendent of Albuquerque, New Mexico schools received a disturbing call that there was a “bug” in the computer system. This “bug” turned out to prevent teachers, bus drivers and administrators from accessing all 70,000 student files to enter grades, map bus routes and take attendance. The ransom demand was for more than a million dollars.

In 2023, a whopping 80% of school IT professionals reported that the school they serve had been hit by a ransomware attack. Forbes reported that K-12 education was the single most targeted industry across the globe, beating out other sectors like government and healthcare.

In 2022, the US Government Accountability Office reported that 647,000 American students were affected by ransomware attacks, with recovery spanning anywhere from three days to months. This not only impacted schools financially, it also impacted students’ ability to learn because systems were down and schools were forced to close.

Visit the Glatfelter Public Entities website for cybersecurity resources for schools.

6. Emergency services’ systems are sorely out-of-date, and the National Emergency Number Association and National Association of Counties called on Congress to fund critical upgrades.

These outdated systems make it easier for cybercriminals to target emergency service organizations like 911 dispatch centers. Cyberattacks against the Emergency Services Sector (ESS) have become commonplace and are only expected to increase in frequency.

For more information about how your ESS clients can help protect themselves from a cyberattack, check out Glatfelter’s Cyber Safety for Emergency Service Organizations resource.

For even more resources, check out the Cybersecurity & Infrastructure Security Agency’s (CISA) Emergency Services Sector Cybersecurity Initiative, broken down by ESS organization.

7. On March 20, 2024, the Environmental Protection Agency (EPA) issued a warning that cyber criminals are targeting US water systems.

Water is necessary for our survival, and it, too, is being attacked. The EPA warned that threats from hackers linked with Iranian and Chinese governments could disrupt access to drinking water and impose “significant costs on affected communities.”

Water systems are being attacked because they are an infrastructure lifeline and often lack the resources and technical capabilities to implement sufficient cybersecurity measures. It’s essential that your water systems clients assess their vulnerabilities and take measures to secure their systems before it’s too late.

This year, CISA released Top Cyber Actions for Securing Water Systems. We recommend you share this resource with your water and wastewater systems clients in light of this governmental warning. Actions include:

• Reducing exposure to the public-facing internet
• Conducting regular cybersecurity assessments
• Changing default passwords immediately

Visit the Glatfelter Public Entities website for cybersecurity resources for water systems.

8. Only 19% of organizations claimed to have coverage for cyber events past $600,000, and only 55% of companies claimed to have cyber coverage at all.

You know that there’s been a sharp increase in cyberattacks year after year—and you recommend cyber coverage to your clients. But the severity of these attacks is increasing at an alarming rate. As of 2023, cyber insurance claims had increased by 100% in the previous three years.

The average ransom paid by breached organizations was $812,360, which means most organizations don’t have sufficient coverage to pay ransom demands.

9. According to Pricewaterhouse Coopers, those who are doing it right receive fewer breaches, and the attacks they do receive aren’t as costly.

They also found that more than 30% of companies surveyed don’t consistently follow what are considered common practices of cybersecurity defense.

Companies that prioritize cybersecurity innovation outpace the competition because they’ve streamlined their security solutions. These companies see great productivity as they dive into new technologies with confidence because they are well protected.

Glatfelter’s goal is to provide you with resources to help make your clients more successful. With our cybersecurity product helping better protect them from the kinds of attacks you read about here, ensures that they can better reach their full potential and focus on what really matters: serving their communities.