Recent Collapse of Silicon Valley Bank (SVB) Creates Additional Cyber & Security Risks for Insureds
The recent collapse of the Silicon Valley Bank (SVB) has sent shockwaves throughout its tech sector clients and the banking industry.
U.S. regulators have taken protective steps, including ensuring SVB clients can access their deposits and have emergency funds ready for other banks. However, other banks have also recently failed. Regulators closed New York’s Signature Bank (a commercial bank serving commercial real estate and digital asset banking), and Silvergate Capital (which served the crypto industry) voluntarily shut down.
According to a New York Times article, the Federal Reserve was concerned about SVB’s risky banking practices for over a year. It cites a source that indicates that among various problems, SVB executives were advised by the Feds and by their own employees that the bank had cybersecurity problems but ignored them.
Increased Cyber &
Security Risks for Insureds
Bank closures have emboldened cybercriminals
The ripple effect of the uncertainty sparked by the SVB failure has emboldened cyber criminals to target Americans, likely including their insureds.
In times of crisis like this, criminals are ready to take advantage of the fear and sense of urgency. Some will begin phishing email campaigns to lure personal details out of worried people. Others will stage business email compromise (BEC) attacks, doing their best to trick people into providing information.
We can anticipate these bad actors will pretend to be trusted carriers or their affiliates who need to have payments for policies or other business transactions sent to a different bank account number due to the SVB collapse and resulting issues. Cybersecurity experts already report an increase in the number of internet domain names with “SVB” in them.
Act now to mitigate an increase in fraudulent instruction losses
Remind your insureds to be wary of any emails asking for information, especially in the wake of the bank collapse.
It’s a great time to review cybersecurity protocols to reduce the risk of falling prey to a phishing scheme or BEC attack. Here are some key points to highlight when you communicate with your insureds:
Educate staff and clients: Remember that clicking on a link or attachment is always a security risk, especially if this form of communication is an unusual way for a client or vendor to conduct a transaction.
- When in doubt, don’t click on a link or attachment until you verify that it is legitimately a request from a trusted source. Look for email addresses that mirror genuine addresses with small variations.
- Be very wary of requests to change bank information, wire funds, or pay an invoice. Only make changes once the request is verified to be authentic.
- Implement multi-factor authentication (MEC): Protecting email accounts from being accessed and hijacked by cybercriminals is critical. MEC is an extra layer of protection. If you’re using an email protocol that doesn’t permit MEC, it’s time to upgrade.
- Invest in other protective technology: Besides MEC, there are additional ways to guard your cyber security. You can use email filters to flag suspicious emails, for example, emails sent from unusual domains, and block users from forwarding emails to outside domain providers. Endpoint security options now boast next-generation protection, including artificial intelligence (AI), real-time predictive methods such as machine learning (ML), and behavioral analysis. Endpoint security detects threats and responds, for example, by managing devices and preventing data leaks.
Report any receipt of fraudulent emails: You can report them to the Federal Bureau of Investigation’s Internet Crime Center (IC3).
If there has been a security breach, act quickly: As soon as you know there has been a breach, contact your bank or financial institution. Report the security breach to the FBI IC3. Contact your insurance agent to report a claim.
We’re here to help our agents
The SVB collapse reminds us how vital D&O coverage is for American businesses. The fallout from this situation may lead to carriers requiring heightened due diligence of insureds before securing coverage. It’s also possible that getting D&O insurance for startups or first-time buyers might be a little more challenging.
For more information, get in touch.