MAY ISSUE 5.02
INSURANCE BUSINESS UK PRESENTS…
THE UK CYBER INSURANCE SPECIAL REPORT Discover the answers to all your most pressing cyber insurance queries
Is remote working exposing your business to cyber threats? Many businesses are now either planning for or actively implementing a business model that involves an increasing level of remote working. In the rush to keep businesses working there is a risk that good cyber security practices may not be properly applied. For advice from our cyber experts to help protect your organisation visit axaxl.com/fast-fast-forward
AXA XL is a division of AXA Group providing products and services through three business groups: AXA XL Insurance, AXA XL Reinsurance and AXA XL Risk Consulting AXA, the AXA and XL logos are trademarks of AXA SA or its affiliates. Š 2020.
SPECIAL REPORT
CYBER INSURANCE
FOREWORD Mia Wallace News editor Insurance Business
months. This rate of change has led to cyber insurance registering at the forefront of the corporate risk agenda but there is still substantial room for this market to continue its impressive growth trajectory.
The shape of the cyber insurance sector CYBER INSURANCE – a product that has been around for decades, and yet one that is still seen as the (relatively) new kid on the block. Despite dating back to the 1990s, it is only in the last decade that it has steadily grown in recognition and uptake in markets across the globe. In more recent times, however, there has been a surge in uptake due to the frequency of cyber security threats, as highlighted by The Cyber Security Breaches Survey 2020, recently released by the Department for Digital, Culture, Media & Sport (DCMS). That report revealed that almost half of all businesses in the UK have reported cyber security breaches or attacks in the last 12
The UK cyber market has made significant strides in the last two years and cyber development leader at CFC, Lindsey Nelson, stated in an interview with Insurance Business that this change in the UK market’s perspective has been driven by several factors. One of the essential changes has been the shift in focus away from privacyrelated incidents and a refocus on the capacity of cyber insurance to cover topics such as business interruption and cyber crime. The UK market is widely understood to be behind that of the US in terms of penetration and purchasing rates with the ABI reporting that just 11% of businesses are
thought to have a specific cyber insurance policy in place, while the DCMS revealed that only 32% of UK businesses are thought to be insured against cyber risks in some way. For James Tuplin, the head of cyber and TMT, international financial lines at AXA XL, the cyber insurance sector is in a slightly different stage in every market in the world. This is dictated by several factors including the law, claims and buying habits of each country. While the UK is still within the first purchaser stage when it comes to cyber insurance, Tuplin believes that the move to a flusher stage has begun with more mediumsized accounts now increasing their uptake.
How might the COVID-19 pandemic impact the development of this sector? The outbreak of the COVID-19 pandemic has shone a renewed spotlight on the cyber security capabilities of each f the businesses that have rolled out work from home policies. Cyber exposure has dramatically increased,
www.insurancebusinessmag.com/uk
1
SPECIAL REPORT
CYBER INSURANCE especially with the speed at which this change to working practices has been implemented. The head of cyber for Travelers Europe, Davis Kessler, noted that with the increased strain on IT systems, the weakened security infrastructure of most remote working setups and the increased activity of cyber criminals using the pandemic to their advantage, this crisis is something of a perfect storm for cybercrime. Information from the National Cyber Security Centre has shown an uptick in cybercrime activity, while a report issued by the cyber analytics provider, CyberCube, highlighted that C-suite executives may increasingly be targeted by ransomware attacks, and that insurers need to take a forward-looking view of such cyber threats.
around cyber insurance are often strongly influenced by insurance brokers. Speaking with Insurance Business, Kessler detailed how responding to what brokers are asking for from their insurer partners is a critical element of developing a successful cyber insurance product. The most pressing demands that he has noted so far have been the request for access to more cyber security staff training, and for more assistance in proving the benefit that a cyber policy can have for the insured. By relaying the queries, demands and concerns of their clients to their insurer partners, brokers can capitalise on their unique position as those with the most direct access to the insured - not simply to highlight the value of a cyber insurance policy but also to shape this offering itself.
The role that brokers play in the evolution of the cyber insurance sector
Understanding the cyber insurance sector To build this report, Insurance Business
Operating on the front-line of the commercial insurance sector means that brokers play a pivotal role in communicating the needs of their clients. One of the key qualitative insights gained by the DCMS was that decisions made
reached out to a panel of experts, each of whom can lend unique insight into the complex and ever-changing cyber insurance sector. Five key questions on the tip of the tongues of brokers were analysed.
These questions were: • What are the biggest cyber risks/issues that have emerged in 2020? • The coronavirus pandemic has sparked an increase in remote work. What advice should brokers be passing to clients about mitigating cyber risks among work-from-home employees? • Are there any specific markets that you would highlight as being particularly at risk of cyber-related issues and that brokers should be targeting with their policies? • If brokers are looking to sell cyber insurance to a client for the first time, what are the key points they should stress? • What separates the ‘best’ cyber policies from the rest – how can brokers ensure their clients are getting the appropriate cover for their needs? Through the insight provided, it is hoped that this report will provide the reader with an enhanced understanding of the current status of the market and what brokers should be looking for from a cyber insurance policy.
MEET OUR PANEL OF EXPERTS James Tuplin Head of IFL cyber & TMT AXA XL
James Tuplin is head of cyber and TMT, international financial lines, at AXA XL and is responsible for cyber and technology PI written anywhere outside the US. James has nearly 15 years’ experience in the insurance industry. He joined AXA XL from QBE, where he spent three years as cyber & TMT portfolio manager, with responsibility for growing the cyber portfolio in Europe. He previously held the role of senior technology PI and cyber underwriter at Allianz Insurance Plc, where he was instrumental in launching a technology PI solution. Prior to this, he spent 10 years at Zurich Global Corporate, where he held various underwriting positions specialising in errors & omissions and professional indemnity insurance in the UK and Canada.
2 www.insurancebusinessmag.com/uk
Lindsey Nelson Cyber development leader CFC Underwriting
As cyber development leader, Nelson oversees the global business development strategy across CFC’s cyber portfolio, and is responsible for key account management, participation in industry events as well as being heavily involved in providing in-depth education within the business line. Having nearly a decade of experience underwriting cyber and technology risks previously at Chubb and overseeing the international cyber team at CFC, Nelson’s expertise in cyber has put her in demand for a wide range of conferences across Europe and North America, while continuing to play an active role in underwriting. Among other awards, Nelson was voted in Insurance Business UK’s “Young Guns” as one of the 27 rising stars in the insurance industry.
Tom Draper Head of cyber Gallagher
Tom Draper is head of cyber at Gallagher, having set up the practice in 2012. The team is responsible for supporting Gallagher partners and clients globally on cyber risk products and services, including professional services liability, cyber liability, privacy & network security liability and media liability and patent liability. Prior to joining Gallagher, Tom held senior positions at Lockton Companies LLP, where he worked predominantly on US-focused exposure and at Willis Group Holdings LLP, where he focused on major European technology and cyber risks.
THE TOP FIVE CYBER SECURITY THREATS FOR SMALL BUSINESSES 1
Phishing attacks
2
Malware attacks
3
Ransomware
4
Weak passwords
5
Insider threats Source: Expert Insights (2020)
What are the biggest cyber risks/issues that have emerged in 2020? James Tuplin, AXA XL: The current COVID-19 pandemic is already creating new opportunities for cyber criminals. However, prior to the current lockdown, we weren’t seeing any recent new trends or attacks taking the market by storm; it was more a case of advancements in what we’ve already seen. Ransomware is becoming wider and more prevalent and the size of demands has increased hugely. Where these attacks had historically targeted individuals at home for smaller ransoms, attackers have moved to targeting businesses with ransom demands
worth several million pounds. New strains of ransomware are continually being developed and delivery is becoming more focused. Today, cyber criminals look for systemically weak, but vitally important systems – those needed to either keep a company afloat or support the general public – and they are now using AI to discover how best to target specific groups. Businesses such as banks, which are frequently targeted by cyber criminals, have spent fortunes on tracking credit card information so they can quickly identify the source of an attack and cancel all compromised credit cards faster. As a result, credit cards are less valuable to cyber criminals as they have a much shorter time to sell them. This has led to a change in the
focus of the cyber criminals, and a huge increase in phishing emails. Tom Draper, Gallagher: The threat of ransomware - a malicious software that locks and encrypts a victim’s computer data and demands ransom payment in order to regain access - is rising year after year, and shows no sign of slowing down. The costs associated with system failures or downtime following a ransomware cyberattack can be hugely detrimental to organisations – affecting their bottom line and often causing them significant reputational and operational damage too. As our reliance on technology grows, the likelihood of operational errors causing significant cyber incidents, including ransomware attacks, increases dramatically. There is no easy win in the war against ransomware, but an important weapon for all organisations is putting a robust cybersecurity strategy in place. Best cybersecurity practices - such as ensuring employees have strong passwords in place, conducting regular system and software updates, and turning on multiple-factor authentication - cannot completely destroy the threat of a ransomware attack, but can significantly reduce it. Although these are all practical steps that businesses can take to help protect them against cyberattacks, companies are leaving themselves exposed to financial and reputational damage if they don’t also consider having specialist cyber insurance in place.
www.insurancebusinessmag.com/uk
3
SPECIAL REPORT
CYBER INSURANCE Lindsey Nelson, CFC Underwriting: Ransomware has evolved significantly over the last several years, but 2020 is showing us the emergence of one worrying trend when it comes to these attacks. As part of these events, we’re increasingly seeing criminals steal confidential information – and then threaten to release it – if ransomware demands aren’t paid. They’re also conducting more due diligence to determine the maximum amount an organisation can afford to pay to determine how much they try to extort. So, where ransomware was typically associated as being a business interruption or system damage concern, it’s now increasingly becoming a privacy concern, triggering notification obligations to customers and key stakeholders.
The coronavirus pandemic has sparked an increase in remote work. What advice should brokers be passing to clients about mitigating cyber risks among workfrom-home employees? Tom Draper, Gallagher: With much of the UK workforce working from home, organisations of all sizes have seen a marked increase in phishing attacks in particular, with cybercriminals exploiting the pandemic to try and trick victims into opening infected attachments and links, or to enter their credentials via email. The emails can be very deceptive, and may appear to be sent from a trusted source or familiar brand – often asking recipients to open a link to a new company policy related to the COVID-19 pandemic. Additionally, the increase in videoconferencing, remote access, and virtual private network (VPN) services in the home are also expanding the attack surface that cyber criminals can exploit to gain entry into a corporate network. To minimise the risks of employees falling victim to cyberattacks when working remotely, brokers should emphasise to their clients the importance of prioritising security protocols. A good starting point for businesses
4 www.insurancebusinessmag.com/uk
is to create a remote working policy to manage the risks, including guidance on storing devices securely and creating and maintaining strong passwords. They should also provide guidance on how to spot unusual or potentially malicious email activity – including emails asking recipients to transfer money. When in doubt, it’s always best to pick up the phone and speak to the sender directly, rather than conducting all correspondence over email, to verify the requests are authentic. Lindsey Nelson, CFC Underwriting: This new era of home-working couldn’t be a better situation for cybercriminals. Employees are working on potentially insecure devices and businesses may not have implemented any additional training to help them spot potential scams. With that in mind, there are three main areas that brokers should look to cover when speaking to clients about cyber during this time: remote log-in capabilities and security
(like multi-factor authentication (MFA)), employee training on phishing scams and securing personal devices, and incident preparedness. A few questions might be: was the client able to switch to working remotely with minimum disruption, or were they having to implement new and untested methods to access the office remotely? Are most software and services being used cloud-based, or are they having to look at a potential migration? Do they still have any legacy systems in the office? Do they have an incident response or business continuity plan, and have they discussed how they would carry out that plan remotely? The rapid increase in cyber claims is by no means just a COVID-19 issue – claims were already well on the rise prior to the current landscape. However, since countries around the world went into lockdown, the types of incidents that our cyber claims team is dealing with shows that while there hasn’t yet
Cyber claims specialists Serving over 50,000 customers worldwide
Large, dedicated cyber incident response team
3,000 claims handled in the last two years
Less than 15 minutes average response time
As a specialist insurance provider and pioneer in emerging risk, CFC boasts the largest dedicated in-house cyber claims team in London. With backgrounds ranging from ethical hacking and law enforcement to digital forensics and privacy law, our cyber incident responders and specialist claims handlers harness a range of skills which allow them to provide remarkable service before, during and after a cyber event.
Visit cfcunderwriting.com/claims for more information
SPECIAL REPORT
CYBER INSURANCE TOP CYBER SECURITY TIPS FOR WORKING REMOTELY
Keep close contact with your employer
Use what’s in your company’s tech toolbox
Control the impulse to improvise
Stay current on software updates and patches
Keep your VPN turned on
Beware of coronavirus-themed phishing emails
Develop a new routine Source: Norton – Emerging Threats (2020)
been a disproportionate change in frequency of attacks, the likelihood of companies falling victim to these scams in a vulnerable and remote working scenario is greater in comparison to what we were experiencing pre-COVID-19. And with employees now based in a remote environment, getting back up and running after a crippling cyber event becomes all the more complicated and leads to more severe claims. James Tuplin, AXA XL: With such a huge percentage of the global workforce working from home as a result of COVID-19, it’s unsurprising that phishing attacks are on the rise – with a significant amount targeted
6 www.insurancebusinessmag.com/uk
around the pandemic itself. Clients need to ensure that their employees are doing everything they can to prevent a breach. A tested business continuity plan is the most effective response to handling a cyberattack, and it should cover both prevention and responding to an attack. This plan should also include incident response planning and table-top exercises to help the crisis management team identify any weak areas. Employee education is also key. Clients should already be taking steps to help employees identify phishing attempts and follow the appropriate reporting methods if they suspect something’s wrong. Something as simple as keeping software up-to-date can fix and detect security flaws and should be regularly evaluated. Employees should also be encouraged to change their password several times a year and not to use familiar or meaningful data within these. Above all, mitigating cyber risks is about being prepared and understanding how these risks change and evolve. By strengthening both employees’ training and system readiness, clients can strengthen their security posture and help to decrease the chance of a breach.
Are there any specific markets that you would highlight as being particularly at risk of cyberrelated issues and that brokers should be targeting with their policies? Lindsey Nelson, CFC Underwriting: Cyber risk was, for a long time, synonymous with privacy risk; this class of insurance grew in large part as a way of managing the risk associated with growing privacy legislation. However, while privacy is still an important part of cyber policies today, it would be very misleading to say that only companies with a privacy exposure have a need for cyber. In fact, the nearly ubiquitous use of technology to run businesses today – whether using wire transfers when dealing with suppliers, storing valuable IP on computer systems, or using technology to fulfil business-critical functions – means that nearly all businesses in all industries have some form of cyber exposure and therefore a need for affirmative coverage. Ironically, the businesses that are
probably most at risk are those that don’t think they have an exposure because they think they are too small, too secure, or too unlikely of a target. These businesses are less likely to have adequate security or train their employees, making them a prime target for cybercriminals on the lookout for low-hanging fruit. James Tuplin, AXA XL: The three most targeted industries in the last six to nine months are manufacturers, government councils and government entities and hospitals. Manufacturers are now running their businesses online and remote working is becoming more prevalent. IT and network access to plants and products is becoming the norm. However, these industries still think of themselves as a physically controlled environment and that’s what makes them vulnerable. In the past, these industries were never targeted for data breaches because they don’t hold data, however, ransomware has changed that. Due to the way they view themselves, they generally have old systems and dated security. In addition, workers in these environments aren’t trained to the same level as employees in technology companies. For these types of industries, their products
and plants are all controlled by IT and systems that have been built over many years, but haven’t had the IT servicing that other businesses have. Managing IT systems has a significant cost attached to it and some companies simply don’t have the funds allocated for this. Tom Draper, Gallagher: As businesses of all shapes and sizes become more reliant on the digital world, their risk exposures increase. The reality is that all organisations are vulnerable, and the impact of an attack can be huge. However, if an organisation handles sensitive customer data such as names, addresses, or banking information, or if they are reliant on computer systems to conduct their business, they need to be particularly mindful of their cyber risk exposures, as there is a high risk of customer data being compromised in the event of a security breach. We’re seeing a rise in attacks against healthcare providers, local councils in the UK and government agencies in the US, and the hospitality sector – all organisations which have access to large volumes of customer data. Additionally, the manufacturing sector including automotive, electronics and pharmaceutical companies – is particularly
TOP FIVE CYBER SECURITY THREATS FOR SMALL BUSINESSES
Phishing attacks
Malware attacks
Ransomware
Weak passwords
Insider threats Source: Expert Insights (2020)
vulnerable, because attackers can often demand a high amount of money from these businesses as well as sell information to competitors, and severely disrupt supply chains.
www.insurancebusinessmag.com/uk
7
SPECIAL REPORT
CYBER INSURANCE AXA XL is committed to being a trusted partner in helping our clients. We have the in-house improve their cyber security. expertise and a network of leading partners to help companies minimise the possibility of an attack—and minimise damage from cyber breaches. We offer: • Flexible coverage - Our flexible cyber products cover privacy, network, media, errors & omissions, and more. We can also offer solutions for unique risks. • Proactive risk management - As part of our cyber insurance policies, we offer clients proactive tools, services and resources to identify, mitigate and respond to cyber threats. • Customer-focused claims - Our dedicated claims team is ready to help. They partner with clients to navigate a cybersecurity breach, respond quickly, recover, and keep clients’ businesses moving forward. Claims can be reported 24 hours a day, seven days a week.
CYBER PROFILE
AXA XL Head of IFL cyber & TMT: James Tuplin
Tell us about AXA XL. Who are you, and what do you do? AXA XL is the P&C and specialty risk division of AXA, known for solving even the most complex risks. For mid-sized companies to the world’s largest multinationals, we offer traditional and innovative insurance solutions and services in more than 200 countries and territories. It starts with a strong and efficient capital
8 www.insurancebusinessmag.com/uk
platform, data-driven insights, leading technology and a flexible approach. Driven by a culture of superior service, our talented and recognised teams are empowered to create relevant solutions across all our lines of business − property, casualty, professional, financial lines and specialty. What’s your key area of focus in the insurance ecosystem? P&C and specialty risk for mid-sized companies to large multinationals. How does your product work? As a leader in the cyber insurance market,
What problem are you solving in the cyber insurance space? In today’s technology and data-driven world, businesses need to stay ahead of growing cyber risks. We offer a full suite of cyber insurance solutions to protect clients’ business operations, using our global cybersecurity expertise to help strengthen their cyber capabilities and combat and recover from cyberattacks. Accenture’s global cybersecurity capabilities, including its iDefense threat intelligence team, help AXA XL’s clients to gain a deeper understanding of their cyber risks and provides them with actionable bespoke reports on cyber threats. Partnering with service providers like Accenture, we offer actionable bespoke reports on cyber threats to improve companies’ cyber resiliency and give them a deeper understanding of their cyber risks. In addition, we provide post-breach security services, including crisis management
If brokers are looking to sell cyber insurance to a client for the first time, what are the key points they should stress? James Tuplin, AXA XL: The first question to ask is ‘what are the client’s key exposures?’. Identifying whether the client is vulnerable to IT software not being available – for example, can their employees do their job if their computer doesn’t turn on – is very important. If so, there’s a significant business interruption risk there. The second element to consider is data and the company’s exposure to data breaches. The EU General Data Protection Regulation (GDPR) means companies have a legal requirement to protect customer data. Therefore, understanding the cost of a data breach is very important. There might be fines to pay, there could be a cost involved in communicating the breach to those targeted, and potentially legal costs, given that requirements for who is told when and how differs between countries. Under GDPR, companies must notify the regulator of a breach within three days and they may be expected to contact everyone that had information stolen, and this is not always easy to do. A key consideration for businesses should be whether they can fix their systems in the event of ransomware causing a business interruption event, or can they determine what data has been breached if they have been hacked. This is where cyber insurance comes in. Most policies will include pre-, during and post-breach services to support clients throughout the process. Tom Draper, Gallagher: It is important for brokers to educate their clients and properly illustrate what may or may not be covered in their cyber insurance policy. Not paying attention to the small print can lead to confusion or misunderstanding about coverage for cyber risks later down the line. In any case, businesses need to familiarise themselves with the specifics of what a particular policy entails before buying
– especially regarding the extent of the coverage provided and any exclusions, and the claims process they need to follow in the case of an incident. As new types of cyberattacks continue to emerge, it has become critical for brokers to keep abreast of the current climate and tailor their advice and solutions accordingly. Failing to do so could see clients missing out and suffering at the hands of cyber-criminals - a situation that could easily be prevented by a thorough analysis of the risk landscape ahead. As well as putting adequate insurance in place, it is important for clients to manage their own cyber risks as an organisation. This includes evaluating first and third party risks associated with the IT systems and networks, assessing the potential events that could cause risks to materialise, and analysing the controls that are currently in place and whether they need further improvement. Checking the suitability of firewalls, updating malware protection and briefing staff on cybersecurity best practice are all good first steps. Lindsey Nelson, CFC Underwriting: Our experience has taught us that before any specific coverage is discussed, clients first need to understand that they have a real exposure, and it needs to make sense for their business as
KEY FINDINGS FROM THE UK CYBER SECURITY SECTOR
32%
of businesses report being insured against cyber risks in some way
46%
of businesses reported having a cyber security breach or attack in the last 12 months
26%
of charities reported having a cyber security breach or attack in the last 12 months
19%
of attacked businesses experienced a material outcome, losing money or data
80%
of businesses says cyber security is a high priority for their senior management boards Source: Department for Digital, Culture, Media & Sport - Cyber Security Breaches Survey 2020
www.insurancebusinessmag.com/uk
9
SPECIAL REPORT
CYBER INSURANCE these exposures vary by industry. For example, if they hold a lot of sensitive data, then the conversation might focus on their privacy obligations; if they send or receive a lot of wire transfer payments, the conversation might centre around cybercrime; or if computer systems are critical to their day-to-day operations, then brokers should be talking about business interruption. When moving on to discussing the coverage that is available to address these risks, it’s also useful to relate cyber to lines of insurance that novice buyers are more familiar with. With K&R policies, for example, you’re buying to get someone with expert negotiation skills on the phone to negotiate a ransom – cyber operates the same way, so you want to make sure the person picking up the phone is best in class. There are also several parallels with property and crime policies with cyber in many ways
10 www.insurancebusinessmag.com/uk
being a modern-day crime policy addressing the electronic rather than the physical.
What separates the ‘best’ cyber policies from the rest – how can brokers ensure their clients are getting the appropriate cover for their needs? Lindsey Nelson, CFC Underwriting: Cyber wordings are incredibly broad across the board right now and are becoming more uniform over time. This means that the real differentiator in this class in terms of strength of the product and longevity of a cyber insurer is quickly becoming the claims service behind the policy. A well-staffed, in-house cyber incident team with ample experience dealing with
these threats is a must. These will be the experts on the other end of a call who bring a well-rounded wealth of expertise from technical to legal assistance, and who will know the most about ransomware variants and ransom demands, recovery from compromised business email accounts, and privacy obligations. And this knowledge and experience ultimately leads to quicker recovery and less material impact to the business. When trying to find out whether a cyber insurer has the capability to handle the wide range of cyber threats now emerging, here are a few questions you can ask: • Is the insurer established in the class and do they have global reach? • Does the insurer have internal cyber claims capabilities, or is everything outsourced to a third party vendor or law firm to triage? • Is cryptocurrency kept on hand in order to
Protecting Protecting Protecting a client’s a client’s a client’s business business business in the in the incyber the cyber cyber sphere sphere sphere means means means reacting reacting reacting fast fast to fast to a constantly atoconstantly a constantly changing changing changing landscape. landscape. landscape. First, First, know First, know what’s know what’s coming. what’s coming. coming. From From claim From claim scenarios claim scenarios scenarios to emerging to emerging to emerging threats, threats, threats, simplified simplified simplified wordings wordings wordings to suites to suites toofsuites tools, of tools, of tools, we have we have we a wealth have a wealth a of wealth information of information of information for brokers for brokers for brokers andand clients and clients alike. clients alike.alike. Second, Second, Second, know know the know the rightright the people. right people. people. Cyber Cyber risk Cyber risk isn’trisk isn’t a simple isn’t a simple asubject, simple subject, subject, but but it’s simple but it’s simple it’senough simple enough enough to get to get intotouch in gettouch inwith touch with thewith the the experts. experts. experts. Make Make sure Make sure your sure your clients your clients are clients are covered covered are covered andand prepared and prepared prepared for every for every forstage every stage ofstage an of anof an incident incident incident – before, – before, – before, during, during, during, andand after and after – with after – with Travelers’ – with Travelers’ Travelers’ expert expert partnerships, expert partnerships, partnerships, including including including Symantec, Symantec, Symantec, Pinsent Pinsent Pinsent Masons Masons Masons andand Netand Net Diligence. Net Diligence. Diligence. Third, Third, know Third, know what know what they what they need. they need. need. Businesses Businesses Businesses of allofshapes allofshapes all and shapes and sizes and sizes need sizes need cyber need cyber coverage, cyber coverage, coverage, andand we and cater we cater wetocater the to the range. to range. the range. From From unique From unique betterment unique betterment betterment improvements, improvements, improvements, indemnity indemnity indemnity for 1st for and 1st forand 3rd 1st and 3rd party party 3rdlosses, party losses, losses, across across data across data anddata and regulatory, and regulatory, regulatory, to extortion, to extortion, to extortion, work work interruption, work interruption, interruption, finesfines and fines and penalties. and penalties. penalties. We’re We’re here We’re here to here help to help to your help your clients your clients safeguard clients safeguard safeguard theirtheir business their business business andand celebrate and celebrate celebrate its power. its power. its power. AreAre youAre you ready? you ready? ready?
SeeSee what’s See what’s what’s new new and new and download and download download ourour appetite our appetite appetite now now now
Insuring Insuring Insuring Ambit Ambit Ambit ionionion
@Travelers Europe Europe Europe travelers.co.uk/cyber travelers.co.uk/cyber travelers.co.uk/cyber | | @Travelers | @Travelers Travelers Travelers operates Travelers operates through operates through several through several underwriting several underwriting underwriting entities entities through entities through the through UKthe andUKacross the andUK across Europe. and across Europe. Europe. PleasePlease consult Please consult yourconsult policy your policy documentation your policy documentation documentation or visitorthe visit websites or the visit websites the below websites below for fullbelow for information. fullfor information. full information. travelers.co.uk travelers.co.uk travelers.co.uk | travelers.ie | travelers.ie | travelers.ie
www.insurancebusinessmag.com/uk
11
SPECIAL REPORT
CYBER INSURANCE WHAT DO CYBER INSURANCE POLICIES USUALLY COVER FOR BUSINESSES?
73%
Legal support following a breach
68%
Insurance against lost earnings or profit
67%
Insurance against lost data
46%
Help with incident response following a breach
28%
Help with forensic breach analysis
27%
Help with reputation management following a breach Source: Department for Digital, Culture, Media & Sport - Cyber Security Breaches Survey 2020
ensure a timely ransom can be paid if the insured has made that decision? • What process do you have in place for checking sanctions to determine whether the insured is paying a sanctioned entity? Tom Draper, Gallagher: As cyber risk exposures can vary greatly from one organisation to the next, brokers can support their clients by arranging a policy that is tailored to the risks faced by their industry. While wordings can vary, there are common coverages that are found in the majority of comprehensive cyber insurance policies, including cyber extortion, business interruption and crisis management, which may be especially helpful in transferring financial and reputational losses as a result of a cyberattack. The first step in insuring clients against
12 www.insurancebusinessmag.com/uk
potential threats is to assess the specific risks faced by them as an organisation, and then determining what type of coverage is appropriate in the wider sector, and designing a cyber protection programme that meets their specific needs. Cyber insurance can normally be bought as a stand-alone policy or as part of a wider blended policy such as professional indemnity insurance with cyber extensions. In many cases, however, a standalone cyber policy may be the best solution to ensure comprehensive cover. A specialist solution will contain a range of support measures, including help with developing cyber risk management procedures, and access to breach response teams, legal advice and forensic IT consultants in the event of an attack - helping organisations respond to an event quickly and effectively, should the worst happen. James Tuplin, AXA XL: The first thing to understand is that cyber policies aren’t indemnity polices, but a guarantee of service. Today, there is heavy emphasis on providing an end-to-end service, meaning clients are protected both financially, but also given access to expertise and services to help them handle a claim from start to end. In September, AXA XL partnered with
Accenture to offer global cybersecurity expertise, providing advice and resources to help clients better understand their cyber risks and how best to mitigate and/or transfer those risks. The service also covers post-breach recovery. If a client becomes aware of a cyberattack against their business outside of working hours, they might not know who to call and could end up waiting a whole day or more before they’re able to start enquiring about how to handle the situation. Our clients, for example, have access to a 24/7 incident management and IT forensics team in the event of a breach. It’s also very important that clients focus on the prevention aspect of cybersecurity. A tested business continuity plan is vital, with basic and easy-to-implement preventative measures. Reasonable password controls, backing up systems to third-party locations, two-factor authentication and segregation of networks should be put in place across all businesses wanting to protect themselves from the repercussions of a cyberattack. The segregation of networks between different locations, in particular, should be high on a company’s list of priorities. It’s about stopping the cyberattack within your own business, which could have catastrophic reputational damage as a result.
CYBER PROFILE
CFC UNDERWRITING Founded: 1999 Headquarters: City of London President/CEO: Dave Walsh, founder and CEO
Tell us about CFC – who are you, what do you do? CFC is a specialist insurance provider and a pioneer in emerging risk. We offer a broad range of commercial insurance products that are purpose-built for today’s risks, and we aim to give our customers everything they need in one easy-to-understand policy. With a track record for disrupting inefficient insurance markets, we build technology that helps us deliver high-quality products to market faster than our peers, and makes it easier for brokers to do business. What’s your key area of focus in the insurance ecosystem? Our focus is on emerging risk and the modern exposures brought on by the intersection of business and technology – from cyber security to intellectual property, telemedicine to online banking. What problem are you solving in the cyber insurance space? We’re one of the pioneers of the cyber market and are proud to be considered as one of the leading underwriters of this class. Backed by 20 years’ cyber underwriting experience, our award-winning cyber insurance products are trusted by over 50,000 businesses in more than 65 countries. We’re passionate about simplifying the way cyber insurance is bought and sold. Our newly released cyber insurance platform has revolutionised the online quote and bind process for SME cyber business. Using a single piece of client data, brokers can generate a comprehensive cyber insurance quote tailored to their client’s unique risk profile. Helping our broker partners improve their understanding of cyber risk and how to articulate the benefits of cyber insurance to their clients is also a vital part of achieving our goal. We’re providing a level of practical information and support that is second to none
– from case studies detailing real-life cyber insurance claims that we have managed and paid to regular webinars and events taking brokers through the basics, busting myths and going into detail of the more complex areas of cyber cover. Why should insurance brokers use your service/product? Setting the market standard in cyber insurance is not simply about offering the best product. As the frequency and severity of cyber incidents continues to grow, we’ve become the most technically skilled cyber claims and incident response team in the market - this means we get our customers back up and running faster, and more cost effectively, than any of our peers. Our team, CFC Response, is staffed by specialists from a range of backgrounds from ethical hacking and law enforcement to digital forensics and privacy law. They form the frontline response to any client cyber event, whether a data breach, malicious cyberattack or system outage. Traditional claims teams, which are liability-focused and lawyer-led, are not equipped to manage the technical challenges that arise from a cyber claim.
Unlike third party incident response teams, this function does not sit in a silo. Their threat intelligence and data gathering are fed back to our underwriting teams and to our clients by way of advisories on the latest threats and how to avoid them. And by investing in proprietary technology, our team has automated some of the most common technical incident response processes required for the most frequent cyber claims types. This allows for swifter identification and remediation, providing customers with even faster resolution to their cyber events as well as reducing business downtime and overall costs. What’s next for CFC? We continue to invest in technology to keep us nimble, whether to improve our underwriting, or the speed with which we can bring products to market. We recently enhanced our data enrichment capabilities by acquiring technology which helps insurers better understand customers’ exposures. With this and our own technology, we can streamline and improve the underwriting process as well as uncover patterns in claims data.
www.insurancebusinessmag.com/uk
13
