Performance Thinking

Expert information and solutions for your business.

Trends in Cyber Risk Prevention

Cyber Risk Prevention

In today’s climate, cyber risk is top of mind for business leaders.  Unfortunately, many still fail to understand the complexities involved and unknowingly leave their businesses vulnerable.

High-profile data breaches grab our attention on a regular basis – like the hack of Under Armour’s MyFitnessPal app earlier this year that was called “one of the biggest hacks in history,” compromising 150 million accounts.  When these incidents occur, businesses should turn the fear of “what if?” into action by evaluating their exposures and ensuring they are properly protected and prepared to deal with a breach should it occur.  

Earlier this year, Scott held an educational event in Raleigh featuring a panel discussion on the emerging trends surrounding cyber fraud and techniques for prevention.  One of the panelists at our event was Jeremy Gilbert, IT Advisory Manager at Dixon Hughes Goodman LLP.  Jeremy’s insights regarding this important topic are valuable, and the following Q&A can help your business as you work to build a strategy to combat the cyber risks that face your organization.

What are the main cyber risk threats facing mid-market businesses today?

GilbertMore sophisticated hacking tools continue to become available to lower-level cyber criminals.  In some ways, these tools have exceeded the defensive capabilities of typical mid-market businesses; however, they are not often employed because they are expensive and difficult to use.  Less sophisticated attacks, usually requiring a user to click a link or open an attachment, are far more common.

Attacks are typically aimed at one of three things:

1. Extortion; typically done with ransomware, a type of software that encrypts files. Following encryption, the criminals offer to sell the decryption key to the business.

2. Stealing valuable PII (personally identifiable information) such as name, date of birth, account numbers, and addresses of your business, your customers, or your employees. This type of attack is often referred to as a data breach and is usually the most financially damaging that a business can suffer.

3. Securing a jumping-off point for attacks against other targets. This typically takes the form of a compromised web server.

What can businesses do to prevent a breach or minimize their exposures?

Gilbert:  Mitigating the risk of a breach and the impact if/when a breach occurs requires frequent monitoring and examination of the threat landscape and your IT environment.  Establish a breach response team and hold periodic meetings to ensure new threats are mitigated and changes to your IT environment are analyzed from a security perspective.  This team should consist of representatives from IT, upper management, public relations and legal.  If you don’t already have a breach response team in place, this can seem a daunting task.  If you carry cyber insurance, and you should, your insurance broker can be a great resource to help you establish and manage this team.

What are some lessons we can learn from previous/recent events?

Gilbert:  Common attacks usually require action from an authorized user to become a successful attack.  This action could be opening a malicious attachment or link in an e-mail, downloading a malicious file, visiting a compromised web page, or answering a phishing e-mail.  Training your employees in good IT security practices is the most effective way to protect your business.

Typical IT security controls like firewalls, intrusion detection systems, encryption and password policies are important and necessary for good IT security, but the users in your IT environment are the weak link that cyber criminals will try to exploit.

Also, if you outsource any IT support, be particularly vigilant about clearly establishing who is responsible for IT security.  We have seen multiple companies breached that thought their managed service provider (MSP) was handling security while the MSP thought the company’s IT staff were handling security.

What resources are available to help business executives better understand the complexities of cyber risk?

Gilbert:  If you have cyber insurance, your first stop for resources to help you should be your insurance broker.  They have a vested interest in helping you secure your IT environment and they may have free or low-cost assistance available to you.  Also consider having an outside firm perform an independent assessment of your IT environment and systems to identify technical and operational vulnerabilities.

Many companies offer user training for IT security.  Dixon Hughes Goodman can offer customized, in-person training.  You might also consider the SANS Institute’s Security Awareness Training, which can be completed online.

When hiring for IT security positions, pay attention to which IT security certifications the candidate has earned.  There are many IT security certifications, so you can’t be familiar with all of them, but a quick search online should inform you as to whether a particular certification is valuable to your organization.

 At Scott, we understand the importance of developing a strategic approach to cyber risk, including making sure appropriate coverages are in place.  If you have questions about protecting your business from cyber risks, contact a Scott Risk Advisor to learn more.

Thanks to Jeremy Gilbert and Dixon Hughes Goodman LLP for their contribution to this blog.  Jeremy can be reached at

Written by Chad Duke

Chad is a Risk Advisor in Scott’s Raleigh office. He joined Scott in 2009 to assist in the growth of the Raleigh branch.

Call Chad at 919-341-0754 if you have any questions or need any additional assistance.

View Profile

Affordable Housing Practice Group Engagement

Our Affordable Housing Practice Group team members are continuously engaged in the industry, staying up-to-date on the important issues impacting the organizations serving in this sector and ensuring that our clients in this space are receiving the best guidance and highest level of service.

Performance Thinking Webinar

In late May, we offered a webinar to provide insightful and actionable information regarding risk management issues of interest to affordable housing organizations.  The webinar provided an overview of the current insurance market, practical guidance related to certificates of insurance and strategic guidance for claims management.

If you would like to view the webinar recording, please email me at

CAHEC Partners Conference

Members of our team attended the CAHEC Partners Conference in Greensboro, North Carolina.  This event provided opportunities for our team to connect with leaders in the industry and to learn about the current economic, legislative and regulatory issues impacting the tax credit industry. 

Jennifer Burchette, Senior Account Analyst for the Scott Affordable Housing Practice Group, had the opportunity to present on the topic of tax credit insurance. 

Jennifer Burchette and Rachel Bates at the CAHEC Partners Conference

HAND Annual Meeting & Housing Expo

The Housing Association of Nonprofit Developers held their Annual Meeting and Housing Expo in Washington, D.C. on June 12.  This is the largest convening of real estate and community development professionals in the region and was attended by 1,400+ practitioners. 

Congratulations to our client, Virginia Community Development Corporation, for receiving the Virginia Peters Nonprofit Friend Award for their Nonprofit Sustainability Challenge, an initiative helping nonprofit organizations across Virginia achieve long-term financial stability.

Virginia Housing Alliance Top 40 Network

Congratulations to Rachel Bates, Account Analyst, for her recent induction into the Virginia Housing Alliance’s Top 40 Network, a group of emerging professionals with demonstrated professional excellence and innovation in Virginia’s housing industry.  Rachel is a strong asset for our team and we are proud of her recognition and representation of Scott in this prestigious group.

Rachel Bates (center) at the Virginia Housing Alliance Awards Luncheon on June 14 with Monique Johnson from the Better Housing Coalition and Costa Canavos from Berkadia Commercial Mortgage who presented the award.

As Scott’s Affordable Housing Practice Group Leader, I am proud of our team of dedicated professionals serving this specialized industry.  We look forward to continued engagement and opportunities to utilize our expertise to help more organizations better understand and manage their unique risks. 

Property & Casualty Market Outlook for 2018-2019

Photo of graphs showing insurance trends.

At Scott, our clients often ask us for predictions on how their insurance costs will change year-over-year. While every company has unique characteristics that impact pricing, we can make some general observations and recommendations based on past and current market conditions that can help when preparing for the future. 

Read Full Story

Business Pollution Coverage & Potential Exposures

When it comes to determining which businesses need pollution coverage, most businesses think they know the answer. The manufacturing plant with its tall smoke stacks, the local gas station or the rock quarry down the road. In short: anyone but me.

What constitutes a pollution claim?

The misconception around pollution exposure and the need for coverage is based on the fact that most businesses believe that pollution claims arise from traditional environmental claims like oil spills or water contamination. The reality is that pollution claims can come in many unexpected ways. For example, a faulty HVAC unit in a commercial building that starts to release carbon monoxide fumes that can lead to injury to the tenants. Another example is a contractor excavating for the foundation of a building that hits a sewer pipe. Each of these situations arises from the normal operations of the business, but each results in a pollution claim.  

Read Full Story

New Tax Plan Impacts Affordable Housing

At the end of 2017, the U.S Senate and House of Representatives passed the Tax Cuts and Jobs Act, which reduced the corporate tax rate from 35% to 21%. The new tax rate, the lowest since 1938, went into effect on January 1, 2018.

While the full impact of the new plan is yet to be determined, it is expected that the changes will have a significant impact on the affordable housing industry and many of the clients we serve in that sector. The Low Income Housing Tax Credit (LIHTC) helps finance 90% of affordable rental units built across the country. Since these credits are tied to the corporate tax rate, the credits are worth less to investors when the expected tax burden decreases.  

Read Full Story