October was Cybersecurity Awareness Month, and for businesses across Florida, it was a timely reminder that no company is immune from cyber threats.
What was once an issue primarily for large corporations with extensive data has now become a concern for businesses of all sizes. As hackers grow more sophisticated, even small companies find themselves vulnerable to costly attacks.
The insurance industry — particularly the surplus lines sector — has had to respond rapidly to this evolving landscape. Surplus lines insurers specialize in covering complex risks, stepping in when traditional carriers cannot. Cybersecurity is one of those areas where expertise and adaptability are critical.
In recent years, cybercriminals have moved beyond targeting companies in high-risk industries like healthcare and finance. Now, they use increasingly cunning tactics, such as social engineering and cyber extortion, to prey on businesses across all sectors.
Social engineering scams have become particularly prevalent. These attacks involve hackers infiltrating a company’s system, often sitting behind firewalls for months undetected, watching and learning. Then, they strike by impersonating a trusted team member and sending fraudulent emails to employees, convincing them to transfer funds or share sensitive information. These scams can be devastating, and the victim often doesn’t realize they’ve been duped until it’s too late.
Cyber extortion is another growing concern. In these attacks, hackers breach a company’s system and deploy malware that encrypts essential data, shutting down operations. They demand payment—sometimes in cryptocurrency—in exchange for unencrypting the system. Unfortunately, not all hackers keep their word. Even after businesses pay the ransom, some find their data still locked or corrupted.
These tactics have evolved to infiltrate platforms like Microsoft Teams, where bad actors mimic legitimate work environments, impersonating colleagues and gaining remote access to plant malware. They’ll often use email addresses that look almost identical to those of trusted employees to slip under the radar.
With cybercriminals continuously adapting, the pressure is on business owners to be more vigilant than ever. One key strategy is to implement a “zero trust” policy within your organization. This means employees must verify any request for access or action, no matter how legitimate it appears. If someone contacts you claiming to be from IT and asks for access to your system, pause before complying. Say, “Let me call you right back,” and verify their identity through your usual channels.
Businesses should also include warnings on all emails, reminding employees to be cautious when clicking on links or sharing information. The harsh reality is that your company’s security is only as strong as your weakest link, which is often the person who clicks a malicious link without thinking twice.
Cyber liability insurance has become an essential tool for businesses looking to protect themselves. But it’s not just about coverage after an attack—it’s about being prepared before something happens. Many surplus lines carriers offer preemptive services, such as risk assessments and cybersecurity education, to help businesses strengthen their defenses.
When an attack does occur, these policies provide immediate assistance. Cyber liability policies often include 24/7 access to breach response teams, who are ready to take swift action. This can include investigating the breach, notifying affected customers, and covering the costs of providing credit monitoring services. Cyber policies can also offer coverage for business interruptions caused by a cyberattack, as well as for ransom payments and data recovery.
Thousands of Florida businesses rely on surplus lines insurers to protect them from the financial and operational fallout of a cyber incident. In 2023, that total came to 12,049 policies and $296,519,496 in premium, according to data from the Florida Surplus Lines Service Office.
For Florida’s business community, cybersecurity is not a problem to be ignored or deferred. It’s a pressing issue that requires proactive measures, not just reactive responses. From phishing scams to ransomware attacks, the risks are numerous and evolving, but with the right protections in place, they can be managed.
I encourage all business owners to take stock of their current cybersecurity practices and explore the resources available to them.
You don’t have to face these threats alone. But remember, your company’s security is only as strong as its weakest link. Stay vigilant, educate your team, and take steps today to protect your business from tomorrow’s threats.
Shea is Executive Director of Underwriting Operations for Bass Underwriters and is a member of the Florida Surplus Lines Association.