Cybersecurity insurance: The impact from hacking one Marshfield company is seeing

Updated: Jun. 9, 2021 at 7:40 PM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

MARSHFIELD, Wis. (WSAW) - Got hacked? There is insurance for that. Having coverage is one recommendation a central Wis. cybersecurity company in Rib Mountain gives as industries and individuals around the world increasingly see ransomware attacks.

Among many other types of coverage, Burns Insurance Agency in Marshfield also offers cybersecurity insurance from companies that solely specialize in technological attacks. Dan and Cindy Burns started looking into that type of coverage about 15 years ago. Cindy said when Target was hacked, they wanted to see who else was vulnerable to attack and educate themselves on this growing, new world. As the years have gone by, they have also seen it change.

“It’s happening in Marshfield, and Neillsville, and Wausau, and Weston, and Tomahawk, and Rhinelander, everywhere,” Dan said.

They did not share specific names of companies or individuals, but scenarios of people in north-central Wisconsin who have fallen victim to hackers.

“They got in through the laptop of the business owner and got into the schematics of the machines that ran the line in the manufacturing plant and they shut the whole plant down,” Dan recalled of a local manufacturer.

Recently, one of their associates was also hacked personally after he made his home into a smart home, with internet and computer technologies in things like the fridge, the door locks, the air conditioning, etc. One day he came home and his house locked him out. Eventually, he got inside.

“The TV came on, he didn’t have it on and they said ‘we have your system locked. We have full control of your house,’” Cindy said, explaining that they had put a $15,000 ransom for him to gain control back. “‘And if you don’t believe we have control of your home...’ then they proceeded to turn things on and off while he stood there.”

The Burns used to see clients having to use their cybersecurity insurance coverage a couple of times a year; now, they see it used a couple of times a quarter. If a business or individual gets hacked, they said the person almost always has to pay the ransom because the cybercriminals have gotten more sophisticated, especially over the last two years.

“Back then, they weren’t able to lock up your backups; that’s been the game-changer,” Dan stated. “Now they get in and they’re dormant for a long time gathering information and locking up your backups, taking control of everything before they show your hand. Where, before, they would just show their hand and if you were diligent on backups and everything else, you were pretty OK. You might lose a day or a week or whatever your system was, but not today. They’ve got your current and past. They’re getting smarter.”

The ransom is also tailored to the victim because the hacker spends more time to get to know what amount is realistic for the individual or company to pay.

“They’re not going to break you, but they know enough that you can afford, this is going to sting,” Dan explained.

Before, he continued, the hackers did not spend as much time getting to know their victims so the ransom amount was more random and it was easier to negotiate the ransom down. Now, the hacker can see exactly what the victim has to lose.

However, the ransom is not the only expense to these hacks, especially for businesses.

“First, you investigate how and who has been affected and then notifying them, and then in many cases they have to have a credit report monitoring for a full year for all of those customers. That’s expensive, it really adds up,” Cindy noted.

Those expenses can be covered under insurance. Having insurance can also allow businesses and people to get back up and running after an attack faster because the ransom can be paid, which is also part of the problem fueling hackers to continue exploiting people and businesses, but not paying holds the people and businesses hostage.

Dan noted, having insurance also allows people and businesses to have a plan of action when a cyberattack happens. While not everyone needs cybersecurity insurance, the Burns said everyone with a smartphone or computer should consider it and look at options.

“Everybody thinks it’s not going to happen to them. It’s the other guy, somebody else; it’s not going to happen to me,” Dan said. “We’ve had plenty of exposure that it happens to every kind of business.”

Copyright 2021 WSAW. All rights reserved.