Glossary
B
Botnet - refers to a set of Internet connected devices, such as computers, smart phones and smart devices, that are running automatic software applications. Typically Botnets are infected with Malware to perform a Distributed Denial of Service Attack. They can also be used for their combined processing power to launch other attacks, such as a Credential Stuffing Attack. The word botnet comes from bot meaning robot and net meaning network.
Brute force hacking - is when an attacker tries to guess passwords or usernames by trying different words or combinations of words. Brute force attacks are run systematically checking potential passwords or phrases until the right one is guessed. It's an attack by trial and error! A commonly used tool is a dictionary. The attacker will try to guess words combined with a special character or number, until they guess correctly. When passwords are weak, the attacker can be successful in seconds. More complex or longer passwords may take months or even years to crack.
C
Contingent or Dependent Business Interruption refers to the insured's lost income as a result of an interruption in service from a third-party service provider. Businesses depend on third-party service providers such as vendors and suppliers to make an income, such as cloud providers. A simple example of depending on a third party is the credit card processing done by a third party for an online store. If the credit card processor goes down, the business will not be able to collect revenue.
Watch a video on Contingent Business Interruption
Credential Stuffing is a type of cyberattack where the attacker takes massive lists of usernames (typically email addresses) and passwords, and then tries to “stuff” them into different websites to gain access. The massive lists of passwords have typically been obtained from data breaches. Unlike brute force attacks, attackers are not guessing passwords. They simply automate the process to attempt thousands or millions of logins using different automation tools. Attackers can be very successful using this approach because users typically have one password on several logins and rarely change them.
Cyber Extortion is when a hacker holds data, computer systems, applications, or a website hostage until the business pays a ransom demand or is able to remove the intruder. Common threats include the threat to:
- To damage or destroy data
- To block access to computer systems or applications
- To publicly disclose data
- To introduce malicious code
- To slow down or interrupt computer systems
Cyber extortion is typically executed in the form of ransomware (a type of malicious software) or a denial of service attack.
See more under Extortion Threat Coverage
Cyber Insurance is an insurance policy that’s intent is to cover the loss a company experiences due to a privacy or a network security breach. Due to cyber being a relatively new coverage, there is very little consistency in the insurance market as to what is covered by a cyber policy. Coverage, definitions and terminology vary from insurance company to insurance company. This is one of the challenges of today’s cyber market.
D
Data Corruption refers to electronic information that becomes unreadable, unusable or inoperable. This can be caused by human error, however it can also be caused by malware. Data restoration may be covered by a cyber policy depending on what caused the data corruption. Some policies even cover data recreation. Data restoration and recreation are not the same thing.
Deep-linking refers to citing a website address to the home page by using a hyperlink. Deep linking also refers to the use of hyperlinks to take the user directly to a page that is not the top or home page, but rather a page like this one. There have been lawsuits involving complaints about improper deep linking to content that is copyrighted, again such as this page! This is what is referred to as improper deep-linking.
Denial of Service Attack is a hack committed against a computer system or website. The attack usually involves either flooding or attacking a specific vulnerability, and can result in a slowed or unavailable system or resource or restricted access. Not all denial of service attacks are malignant. Cyber policies may or may not cover a denial of service attack, and if coverage is granted, the definition of what constitutes a denial of service attack varies.
Distributed Denial of Service Attack is like a DoS attack on steroids! The difference is, the incoming traffic flooding the victim originates from many different sources instead of just one. This makes it almost impossible to stop the attack simply by blocking a single source. Because the attack originates from different sources, a successful Distributed Denial of Service attack can cripple an organization for an extended period of time and it is far more complex to resolve than a Denial of Service Attack.
E
Employment Practice: refers to all actions, processes and procedures related to the work environment starting with the hiring process, through ongoing employment, to termination and even post-employment. External factors have an impact on employment practices. For example, the shift to remote working brings with it numerous employment practice challenges, especially when employees are based in multiple jurisdictions.
Employment Practices Liability Insurance: is an insurance policy that protects employers against financial loss arising from claims alleging employment related wrongdoings. Employment Practices Liability Insurance is also known as EPLI. EPLI policies are typically offered as claims made, named peril, insurance contracts. EPLI covers injury-causing employment practices perils such as discrimination, harassment, wrongful dismissal and retaliation. Financial losses can include defense costs, damages or settlement; however the most frequent loss incurred is defense costs.
Read about 5 Things to Review on an EPLI policy
Extortion Threat Coverage: coverage for a ransom demand to an extortionist who holds applications or data hostage or threatens an attack. Not all cyber policies include this coverage. If coverage is provided, check if the policy will pay a ransom demand in bitcoin or other cryptocurrency.
See Cyber Extortion for more details
I
Insuring Agreement is a clause in an insurance contract that specifies what is covered. An insuring agreement is what grants coverage. In a D&O policy, for example, there is consistency in the market and most policies have a Side A, Side B, and Side C. In a Cyber Insurance you’ll find a range from 1 to 12, making it harder to compare policies. Read insuring agreements carefully; what you’ll want to look for is how insuring agreements are worded as triggers - in other words, what are the terms and conditions under which coverage will be granted.
M
Malware or malicious software, is a blanket term for software created by attackers with the intent to gain access or cause damage to a computer system. Viruses, ransomware, and trojan horses are all examples of types of malware.
Media Liability refers to the liability risk that may arise from creating and disseminating content such as on a business’s website or social media pages. The risk for companies also applies to printed from and publications such as magazines and brochures. A media liability policy is available in the insurance marketplace as a stand alone policy. Slivers of coverage may also be found in some cyber policies for online activities.
N
Network Security Breach refers to unauthorized access to computer systems - often this comes down to third parties identifying and exploiting a vulnerability in an insured’s system (one common vulnerability amongst all companies is humans) - this can lead to the transmission of malware, unauthorized access or denial of service attacks.
Network Security Liability harm caused to a third-party losses due to a failure of the insured’s security, or a security breach. In other words, it is loss a client would experience due to a security failure of the insured. For example, a failure in an insured’s security resulted in a virus making its way onto the insured's system. From there the virus replicated through their contact's systems. If one of their clients, vendors, or suppliers sues because the virus caused them damage -this is a network security liability.
P
Personally Identifiable Information (PII) is information that could be reasonably linked or associated with, directly or indirectly, a consumer or household. What constitutes PII data varies by region, as different privacy laws govern different regions, and each have their own definition.
Typically what it boils down to is information that could allow someone accessing it to identify, locate or contact an individual. It’s important to keep in mind that what defines PII from a regulatory perspective may not be the same as how an insurance policy defines it. It may be broader, more restrictive, or piggyback off of the regulatory definition. Always read the definition of PII on a policy wording carefully as this is a space that continues to evolve.
Privacy Breach boils down to access to private information without permission. This can come in the form of unintentional or intentional disclosure (someone sending out a client list with names and addresses), employee error, lost devices (for example losing a flash drive or laptop with private information stored) or a hacking event where a third party gets access to private information.
Privacy Liability refers to harm done to a third party typically associated with a privacy breach, or access to or disclosure of private information without permission. Privacy is one of the biggest components of Cyber Insurance - why? Because data is valuable, and individuals have a legal right for their information to remain protected when entrusted to companies using it. In addition, privacy liability may arise from the disclosure of confidential corporate data pertaining to others.
R
Ransomware is a type of malware designed to either encrypt files or block access to critical applications or programs in order to extort money out of the computer system owner. Many policies will cover ransomware as a peril, however the extent of the coverage varies. Read more about ransomware here.
Watch a video explanation on Ransomware
Restoration Period (or period of restoration) on a cyber policy refers to the time between the moment the network security event happens and the moment when the insured’s income is back to a “normal level”. Normal being whatever the income would have been without the network security event. Restoration periods varies greatly and a longer period may be negotiated for an additional premium.
S
Side A refers to an insuring agreement in a Directors and Officers Liability Insurance policy. Side A, Side B and Side C are the core agreements in a D&O policy. Side A coverage is also known as non-indemnifiable loss. The purpose of Side A coverage is to protects the assets of directors and officers. Through this insurance agreement, insurers provides coverage for individual directors and officers when the organization is unable or not allowed to indemnify them, e.g. in the case of insolvency. While it’s common practice and important for an organization to indemnify the directors and officers sitting on its board,this isn’t always possible. It could be that the company is facing insolvency and doesn’t have the resources to indemnify the individual directors or it could be that they’re legally not allowed to do so.
Watch a free video example on the importance of Side A coverage
Read an article on How does D&O Insurance work?
Social Engineering Fraud is the use of psychology to manipulate someone into following instructions to share confidential information or send money.
Social Engineering Fraud Coverage is an endorsement that may be added to a cyber insurance or a crime policy. The purpose of the coverage is to be reimbursed in the event an employee falls victim to a social engineering scam.
T
Trojan Horse: Like the name implies, this is a type of malware that gets downloaded because it’s disguised as a legitimate program. So you might think you’re downloading a version of Adobe, but in fact it’s malware disguised as adobe. Usually it causes its damage once a user runs the program.
U
Underwriter are employed by insurance companies to assess the risk of insuring people and assets. They are responsible for determining a premium (revenue for the insurance company) based on the risk exposure (potential loss) to the insurance company after a thorough assessment of the risk. Insurance companies look for bright, business-minded, analytical individuals with strong interpersonal and commercial skills to become underwriters.
V
Virus is a type of malware that hides within legitimate programs, it has the ability to self replicate and infiltrate other programs and files. Like a non-computer virus, a computer virus’ goal is to replicate and spread itself as much as possible. A forensic investigator is usually hired to determine the extent of damage caused by virus. This is an example of a first party coverage that you want to look for in a cyber insurance policy.
W
Waiting Period in a cyber policy refers to the time that has to go by before coverage kicks in. You can think of it as a retention - a certain number of hours the insured has to absorbed before coverage is triggered. Similar to a retention, there is a cost to having less of a waiting period. Depending on the risk, the insurer might be open to negotiating on the waiting period.