What happens if Berkovich has cyber insurance?
This week it was reported that the Instagram account of the legendary former footballer, Eyal Berkovic, was hacked and blocked. It was also reported that the hackers asked Berkovich for a ransom payment of $2,000 to be paid through Bitcoin, in order to release the account, which Berkovich refused to pay. In doing so, Berkovich joined a distinguished list of international celebrities such as Robert Downey Jr. and Selena Gomez who had their Instagram account hacked.
Today, social networks are used as a main tool for generating income by many people in the world. Models, influencers, athletes, singers, actors, and the list goes on. In fact, social network accounts have become a significant asset whose loss may result in significant financial losses, and may even lead to claims from third parties (for example due to offensive advertising or the distribution of harmful (malware)).
So what happens if Berkowitz and the various celebrities have cyber insurance?
Cyber insurance is used as a financial tool during a cyber incident. Cyber insurance covers expenses for extortion and ransom incidents, including ransom payments, loss of income, expenses incurred for data recovery, financing expenses for regulatory investigations (GDPR / Privacy Protection Authority) and even provides an initial response team for incident management (IRT) that includes information security and forensics experts, a team Legal and PR consultant. In addition, the insurance also covers claims from third parties and financing of legal expenses as a result of a cyber incident.
All this only if they occurred in the course of the insured’s occupation. That is, during the underwriting phase with the insurance company and filling out the forms, it is necessary to expand the description of the activity as much as possible. This is in order to prevent a situation where the insurance company claims that the incident did not happen during the occupation and is therefore not covered. The issue takes effect when we want the policy to cover incidents of hacking into the social network, when naturally there may be an overlap between private use and commercial use.
So if Berkovich does have commercial cyber insurance, which as part of the business as defined in the underwriting process, also included activity through social networks, the policy would indeed have covered the damages as a result of the incident.
Although it is important to remember, cyber insurance is not a be-all-end-all. In order to avoid such incidents, it is first and foremost necessary to maintain a high level of information security discipline. Mainly by frequently changing the passwords, using complex passwords, and using multi-factor authentication (MFA). In addition, in view of the fact that social network accounts are usually synchronized with the email address, a password different from that of the email account must be used. Also, of course, one must be vigilant and avoid opening files and messages from unidentified sources.