18 minute read
Insider threats
probably most at risk are those that don’t think they have an exposure because they think they are too small, too secure, or too unlikely of a target. These businesses are less likely to have adequate security or train their employees, making them a prime target for cybercriminals on the lookout for low-hanging fruit.
James Tuplin, AXA XL: The three most targeted industries in the last six to nine months are manufacturers, government councils and government entities and hospitals. Manufacturers are now running their businesses online and remote working is becoming more prevalent. IT and network access to plants and products is becoming the norm. However, these industries still think of themselves as a physically controlled environment and that’s what makes them vulnerable.
In the past, these industries were never targeted for data breaches because they don’t hold data, however, ransomware has changed that.
Due to the way they view themselves, they generally have old systems and dated security. In addition, workers in these environments aren’t trained to the same level as employees in technology companies. For these types of industries, their products
and plants are all controlled by IT and systems that have been built over many years, but haven’t had the IT servicing that other businesses have. Managing IT systems has a significant cost attached to it and some companies simply don’t have the funds allocated for this.
Tom Draper, Gallagher: As businesses of all shapes and sizes become more reliant on the digital world, their risk exposures increase. The reality is that all organisations are vulnerable, and the impact of an attack can be huge.
However, if an organisation handles sensitive customer data such as names, addresses, or banking information, or if they are reliant on computer systems to conduct their business, they need to be particularly mindful of their cyber risk exposures, as there is a high risk of customer data being compromised in the event of a security breach. We’re seeing a rise in attacks against healthcare providers, local councils in the UK and government agencies in the US, and the hospitality sector – all organisations which have access to large volumes of customer data.
Additionally, the manufacturing sector - including automotive, electronics and pharmaceutical companies – is particularly
TOP FIVE CYBER SECURITY THREATS FOR SMALL BUSINESSES
Phishing attacks
Malware attacks
Ransomware
Weak passwords
Insider threats
Source: Expert Insights (2020)
vulnerable, because attackers can often demand a high amount of money from these businesses as well as sell information to competitors, and severely disrupt supply chains.
CYBER PROFILE
AXA XL
Head of IFL cyber & TMT: James Tuplin
Tell us about AXA XL. Who are you, and what do you do?
AXA XL is the P&C and specialty risk division of AXA, known for solving even the most complex risks. For mid-sized companies to the world’s largest multinationals, we offer traditional and innovative insurance solutions and services in more than 200 countries and territories.
It starts with a strong and efficient capital AXA XL is committed to being a trusted partner in helping our clients. We have the in-house improve their cyber security. expertise and a network of leading partners to help companies minimise the possibility of an attack—and minimise damage from cyber breaches.
We offer: • Flexible coverage - Our flexible cyber products cover privacy, network, media, errors & omissions, and more. We can also offer solutions for unique risks.
platform, data-driven insights, leading technology and a flexible approach. Driven by a culture of superior service, our talented and recognised teams are empowered to create relevant solutions across all our lines of business − property, casualty, professional, financial lines and specialty.
What’s your key area of focus in the insurance ecosystem?
P&C and specialty risk for mid-sized companies to large multinationals.
How does your product work?
As a leader in the cyber insurance market,
• Proactive risk management - As part of our cyber insurance policies, we offer clients proactive tools, services and resources to identify, mitigate and respond to cyber threats.
• Customer-focused claims - Our dedicated claims team is ready to help. They partner with clients to navigate a cybersecurity breach, respond quickly, recover, and keep clients’ businesses moving forward. Claims can be reported 24 hours a day, seven days a week.
What problem are you solving in the cyber insurance space?
In today’s technology and data-driven world, businesses need to stay ahead of growing cyber risks. We offer a full suite of cyber insurance solutions to protect clients’ business operations, using our global cybersecurity expertise to help strengthen their cyber capabilities and combat and recover from cyberattacks.
Accenture’s global cybersecurity capabilities, including its iDefense threat intelligence team, help AXA XL’s clients to gain a deeper understanding of their cyber risks and provides them with actionable bespoke reports on cyber threats.
Partnering with service providers like Accenture, we offer actionable bespoke reports on cyber threats to improve companies’ cyber resiliency and give them a deeper understanding of their cyber risks. In addition, we provide post-breach security services, including crisis management
If brokers are looking to sell cyber insurance to a client for the first time, what are the key points they should stress?
James Tuplin, AXA XL: The first question to ask is ‘what are the client’s key exposures?’. Identifying whether the client is vulnerable to IT software not being available – for example, can their employees do their job if their computer doesn’t turn on – is very important. If so, there’s a significant business interruption risk there.
The second element to consider is data and the company’s exposure to data breaches. The EU General Data Protection Regulation (GDPR) means companies have a legal requirement to protect customer data. Therefore, understanding the cost of a data breach is very important. There might be fines to pay, there could be a cost involved in communicating the breach to those targeted, and potentially legal costs, given that requirements for who is told when and how differs between countries.
Under GDPR, companies must notify the regulator of a breach within three days and they may be expected to contact everyone that had information stolen, and this is not always easy to do.
A key consideration for businesses should be whether they can fix their systems in the event of ransomware causing a business interruption event, or can they determine what data has been breached if they have been hacked. This is where cyber insurance comes in. Most policies will include pre-, during and post-breach services to support clients throughout the process.
Tom Draper, Gallagher: It is important for brokers to educate their clients and properly illustrate what may or may not be covered in their cyber insurance policy. Not paying attention to the small print can lead to confusion or misunderstanding about coverage for cyber risks later down the line. In any case, businesses need to familiarise themselves with the specifics of what a particular policy entails before buying
– especially regarding the extent of the coverage provided and any exclusions, and the claims process they need to follow in the case of an incident.
As new types of cyberattacks continue to emerge, it has become critical for brokers to keep abreast of the current climate and tailor their advice and solutions accordingly. Failing to do so could see clients missing out and suffering at the hands of cyber-criminals - a situation that could easily be prevented by a thorough analysis of the risk landscape ahead.
As well as putting adequate insurance in place, it is important for clients to manage their own cyber risks as an organisation. This includes evaluating first and third party risks associated with the IT systems and networks, assessing the potential events that could cause risks to materialise, and analysing the controls that are currently in place and whether they need further improvement. Checking the suitability of firewalls, updating malware protection and briefing staff on cybersecurity best practice are all good first steps.
Lindsey Nelson, CFC Underwriting:
Our experience has taught us that before any specific coverage is discussed, clients first need to understand that they have a real exposure, and it needs to make sense for their business as
KEY FINDINGS FROM THE UK CYBER SECURITY SECTOR
32% of businesses report being insured against cyber risks in some way
19% of attacked businesses experienced a material outcome, losing money or data
80% of businesses says cyber security is a high priority for their senior management boards
these exposures vary by industry. For example, if they hold a lot of sensitive data, then the conversation might focus on their privacy obligations; if they send or receive a lot of wire transfer payments, the conversation might centre around cybercrime; or if computer systems are critical to their day-to-day operations, then brokers should be talking about business interruption.
When moving on to discussing the coverage that is available to address these risks, it’s also useful to relate cyber to lines of insurance that novice buyers are more familiar with. With K&R policies, for example, you’re buying to get someone with expert negotiation skills on the phone to negotiate a ransom – cyber operates the same way, so you want to make sure the person picking up the phone is best in class. There are also several parallels with property and crime policies with cyber in many ways being a modern-day crime policy addressing the electronic rather than the physical.
What separates the ‘best’ cyber policies from the rest – how can brokers ensure their clients are getting the appropriate cover for their needs?
Lindsey Nelson, CFC Underwriting: Cyber wordings are incredibly broad across the board right now and are becoming more uniform over time. This means that the real differentiator in this class in terms of strength of the product and longevity of a cyber insurer is quickly becoming the claims service behind the policy.
A well-staffed, in-house cyber incident team with ample experience dealing with
these threats is a must. These will be the experts on the other end of a call who bring a well-rounded wealth of expertise from technical to legal assistance, and who will know the most about ransomware variants and ransom demands, recovery from compromised business email accounts, and privacy obligations. And this knowledge and experience ultimately leads to quicker recovery and less material impact to the business.
When trying to find out whether a cyber insurer has the capability to handle the wide range of cyber threats now emerging, here are a few questions you can ask:
• Is the insurer established in the class and do they have global reach? • Does the insurer have internal cyber claims capabilities, or is everything outsourced to a third party vendor or law firm to triage? • Is cryptocurrency kept on hand in order to
Protecting a client’s business in the cyber sphere means reacting fast to a constantly changing landscape. Protecting a client’s business in the cyber sphere means reacting fast to a constantly changing landscape. Protecting a client’s business in the cyber sphere means reacting fast to a constantly changing landscape.
First, know what’s coming. From claim scenarios to emerging threats, simplified wordings to suites of tools, we have a wealth of information for brokers and clients alike. First, know what’s coming. From claim scenarios to emerging threats, simplified wordings to suites of tools, we have a wealth of information for brokers and clients alike. First, know what’s coming. From claim scenarios to emerging threats, simplified wordings to suites of tools, we have a wealth of information for brokers and clients alike.
Second, know the right people. Cyber risk isn’t a simple subject, but it’s simple enough to get in touch with the experts. Make sure your clients are covered and prepared for every stage of an incident – before, during, and after – with Travelers’ expert partnerships, including Symantec, Pinsent Masons and Net Diligence. Second, know the right people. Cyber risk isn’t a simple subject, but it’s simple enough to get in touch with the experts. Make sure your clients are covered and prepared for every stage of an incident – before, during, and after – with Travelers’ expert partnerships, including Symantec, Pinsent Masons and Net Diligence. Second, know the right people. Cyber risk isn’t a simple subject, but it’s simple enough to get in touch with the experts. Make sure your clients are covered and prepared for every stage of an incident – before, during, and after – with Travelers’ expert partnerships, including Symantec, Pinsent Masons and Net Diligence.
We’re here to help your clients safeguard their business and celebrate its power. Are you ready? We’re here to help your clients safeguard their business and celebrate its power. Are you ready? We’re here to help your clients safeguard their business and celebrate its power. Are you ready?
See what’s new and download our appetite now Insuring Ambit ion See what’s new and download our appetite now Insuring Ambit ion See what’s new and download our appetite now Insuring Ambit ion
travelers.co.uk/cyber | @Travelers Europe travelers.co.uk/cyber | @Travelers Europe travelers.co.uk/cyber | @Travelers Europe
WHAT DO CYBER INSURANCE POLICIES USUALLY COVER FOR BUSINESSES?
73% Legal support following a breach
68% Insurance against lost earnings or profit
67% Insurance against lost data
28% Help with forensic breach analysis
Source: Department for Digital, Culture, Media & Sport - Cyber Security Breaches Survey 2020
ensure a timely ransom can be paid if the insured has made that decision? • What process do you have in place for checking sanctions to determine whether the insured is paying a sanctioned entity?
Tom Draper, Gallagher: As cyber risk exposures can vary greatly from one organisation to the next, brokers can support their clients by arranging a policy that is tailored to the risks faced by their industry. While wordings can vary, there are common coverages that are found in the majority of comprehensive cyber insurance policies, including cyber extortion, business interruption and crisis management, which may be especially helpful in transferring financial and reputational losses as a result of a cyberattack.
The first step in insuring clients against potential threats is to assess the specific risks faced by them as an organisation, and then determining what type of coverage is appropriate in the wider sector, and designing a cyber protection programme that meets their specific needs.
Cyber insurance can normally be bought as a stand-alone policy or as part of a wider blended policy such as professional indemnity insurance with cyber extensions. In many cases, however, a standalone cyber policy may be the best solution to ensure comprehensive cover. A specialist solution will contain a range of support measures, including help with developing cyber risk management procedures, and access to breach response teams, legal advice and forensic IT consultants in the event of an attack - helping organisations respond to an event quickly and effectively, should the worst happen.
James Tuplin, AXA XL: The first thing to understand is that cyber policies aren’t indemnity polices, but a guarantee of service. Today, there is heavy emphasis on providing an end-to-end service, meaning clients are protected both financially, but also given access to expertise and services to help them handle a claim from start to end.
In September, AXA XL partnered with Accenture to offer global cybersecurity expertise, providing advice and resources to help clients better understand their cyber risks and how best to mitigate and/or transfer those risks. The service also covers post-breach recovery. If a client becomes aware of a cyberattack against their business outside of working hours, they might not know who to call and could end up waiting a whole day or more before they’re able to start enquiring about how to handle the situation. Our clients, for example, have access to a 24/7 incident management and IT forensics team in the event of a breach.
It’s also very important that clients focus on the prevention aspect of cybersecurity. A tested business continuity plan is vital, with basic and easy-to-implement preventative measures. Reasonable password controls, backing up systems to third-party locations, two-factor authentication and segregation of networks should be put in place across all businesses wanting to protect themselves from the repercussions of a cyberattack.
The segregation of networks between different locations, in particular, should be high on a company’s list of priorities. It’s about stopping the cyberattack within your own business, which could have catastrophic reputational damage as a result.
CYBER PROFILE
CFC UNDERWRITING Founded: 1999 Headquarters: City of London President/CEO: Dave Walsh, founder and CEO
Tell us about CFC – who are you, what do you do?
CFC is a specialist insurance provider and a pioneer in emerging risk. We offer a broad range of commercial insurance products that are purpose-built for today’s risks, and we aim to give our customers everything they need in one easy-to-understand policy.
With a track record for disrupting inefficient insurance markets, we build technology that helps us deliver high-quality products to market faster than our peers, and makes it easier for brokers to do business.
What’s your key area of focus in the insurance ecosystem?
Our focus is on emerging risk and the modern exposures brought on by the intersection of business and technology – from cyber security to intellectual property, telemedicine to online banking.
What problem are you solving in the cyber insurance space?
We’re one of the pioneers of the cyber market and are proud to be considered as one of the leading underwriters of this class. Backed by 20 years’ cyber underwriting experience, our award-winning cyber insurance products are trusted by over 50,000 businesses in more than 65 countries.
We’re passionate about simplifying the way cyber insurance is bought and sold.
Our newly released cyber insurance platform has revolutionised the online quote and bind process for SME cyber business. Using a single piece of client data, brokers can generate a comprehensive cyber insurance quote tailored to their client’s unique risk profile.
Helping our broker partners improve their understanding of cyber risk and how to articulate the benefits of cyber insurance to their clients is also a vital part of achieving our goal. We’re providing a level of practical information and support that is second to none – from case studies detailing real-life cyber insurance claims that we have managed and paid to regular webinars and events taking brokers through the basics, busting myths and going into detail of the more complex areas of cyber cover.
Why should insurance brokers use your service/product?
Setting the market standard in cyber insurance is not simply about offering the best product. As the frequency and severity of cyber incidents continues to grow, we’ve become the most technically skilled cyber claims and incident response team in the market - this means we get our customers back up and running faster, and more cost effectively, than any of our peers.
Our team, CFC Response, is staffed by specialists from a range of backgrounds from ethical hacking and law enforcement to digital forensics and privacy law. They form the frontline response to any client cyber event, whether a data breach, malicious cyberattack or system outage. Traditional claims teams, which are liability-focused and lawyer-led, are not equipped to manage the technical challenges that arise from a cyber claim.
Unlike third party incident response teams, this function does not sit in a silo. Their threat intelligence and data gathering are fed back to our underwriting teams and to our clients by way of advisories on the latest threats and how to avoid them.
And by investing in proprietary technology, our team has automated some of the most common technical incident response processes required for the most frequent cyber claims types. This allows for swifter identification and remediation, providing customers with even faster resolution to their cyber events as well as reducing business downtime and overall costs.
What’s next for CFC?
We continue to invest in technology to keep us nimble, whether to improve our underwriting, or the speed with which we can bring products to market.
We recently enhanced our data enrichment capabilities by acquiring technology which helps insurers better understand customers’ exposures. With this and our own technology, we can streamline and improve the underwriting process as well as uncover patterns in claims data.
