FEBRUARY 2023
 
 
Article 1 Image

Cybercrime Keeps Rising, PDRMA Offers Members Resources to Meet Requirements

  
 

Article 2 Image

ILEAP into Accreditation

  
 
Article 3 Image

Risk Management Review Update

  

Article 4 Image

Get in gear, live and in person!
Threat actor in a hoodie at computer terminal

Cybercrime Keeps Rising, PDRMA Offers Members Resources to Meet Requirements

Threat actor trying to push through a virtual security wallHow secure is your computer network? According to the 2022 Hiscox Cyber Readiness Report, a single attack — data breach, malware, ransomware or DDoS attack — cost companies in the U.S. a median of $18,000 in 2022, up from $10,000 in 2021. And last year, nearly 47 percent of all United States business suffered a cyberattack of some form. This growing threat, combined with our expectation of more stringent renewal requirements for cybersecurity coverage, means we’re focused on helping members improve their cybersecurity solutions. 

Hardening Market, New Process

“Unfortunately, several member agencies have experienced firsthand the damage cyber intrusions and ransomware can do to their operations,” says Tim Conlon, PDRMA Property/Casualty Program Director. “The increasing frequency of cybercrime is exactly why the insurance market has hardened. If we have to shop within the cyber insurance market for coverage this year and/or next, each agency will have to qualify individually for coverage. Because of that requirement, we want to have completed applications on hand from each member agency, so we can move quickly to secure cyber coverage, if deemed necessary.” 

Security shieldOne of the minimum requirements will be having multi-factor authentication (MFA), which secures data and applications by requiring users to provide two or more credentials to verify their identity for login.
 
But MFA will not be the only requirement, Conlon notes. “Members will also have to complete annual employee training and additional training for their accounting staff. All employees who use or have access to your agency’s email, network and/or managed mobile devices — even part-time and seasonal employees who access your network or use member managed devices — must receive training each year.” There also are other coverage-renewal requirements, such as software patching and updates, end-of-life software, remote desktop protocols and more. Visit PDRMA’s Cyber Coverage Renewal website page for more information about renewal requirements.

Sample Plan Template

Together with Beazley Group, we worked with Polsinelli, LLC, a privacy and cyber law firm, to create two templates — Sample Information Security Incident Response Plan for Park Districts (4035) and Sample Information Security Incident Response Plan for Special Recreation Associations (4036) — to help your agency develop a customized Cyber Incident Response Plan. Having a plan and Incident Response Team in place before a cyberattack occurs can make a huge difference in mitigating damage. This is also a renewal requirement underwriters will look for when reviewing applications.

If your agency would like help customizing its Incident Response Plan, Polsinelli will work with you for a flat fee of $1,800 per agency. Contact Alex Boyd at Polsinelli at aboyd@polsinelli.com and tell him you are a PDRMA member agency. We also recommend reviewing Beazley Information Security Incident Response Guide 2018 as you draft your plan.

Online Learning Center Training

We also added two new cyber courses to our Online Learning Center (OLC). Cyber Security Fundamentals fulfills the training requirement for most agency employees, and Avoiding Spear Phishing Threats meets the requirement for your accounting/finance employees.

  • Hooded threat actor at laptop with a broken lock demonstrating password accessCyber Security Fundamentals
    Intended for all employees, this 30-minute course aims to mitigate human error by teaching you how to classify data, secure mobile devices, secure remote and home offices, avoid social engineering scams like pretexting and phishing, and create strong passwords.
  • Avoiding Spear Phishing Threats
    This course teaches how spear phishing works and how to protect your online presence — especially on social media — to avoid becoming the target of a spear phishing scam. It is seven minutes long and a requirement for all finance employees.

NOTE: We also removed the original Cybersecurity course from the OLC. If you started but did not complete it, you have until Feb. 28 to do so. As of March 1, it will no longer be available.

Video, Poster and Handout Resources

You can find cyber resources on our Cyber Coverage Renewal website page in the navigation bar on the right under Videos, Posters and Handouts. Below are the latest offerings:

  • Image of PDRMA poster for creating strong and secure passwordsCreate Strong and Secure Passwords Poster — Small and Large.
  • Prevent Ransomware Poster — Small and Large.
  • Spot Phishing Emails Poster — Small and Large.
  • Cybersecurity: Business Email Compromise Attacks — Video.
  • Cybersecurity: Individual Responsibility — Video.
  • Cybersecurity: Mobile Devices and Public Wi-Fi — Video.
  • Cybersecurity: Passwords — Video.
  • Cybersecurity: Phishing — Video.
  • Cybersecurity: Working at Home — Video.

Discounted MFA Products Still Available

As a PDRMA member, you can get a discount on MFA products through RSA/Secure ID. Contact Senior Account Executive Jawad Koraiban at RSA and mention your agency is part of the PDRMA/Beazley Group to receive the discount. If you have questions about this subsidy or the new cyber coverage requirements, please email them to cybercoverage@pdrma.org.