EXECUTIVE INSIGHTS SERIES
CYBER 2021 What cyber trends and threats do brokers need to be on top of this year? IBA finds out
00_Insert OFC IFC IBC OBC-SUBBED.indd 1
09/04/2021 4:50:06 am
MAKING CYBER SIMPLE. REALLY.
MAKING CYBER SIMPLE. REALLY.
Looking for a way to differentiate your client in the cyber market?
INSUREtrust’s Cyber Secure Platform offers our exclusive group of agents discounted or free access to risk management and analytical tools that can improve your client’s defenses to ransomware and limit insurance rate increases. In April 1997, INSUREtrust pioneered the Cyber Insurance Industry by manuscripting a unique policy form designed to explicitly cover exposures associated with the internet’s emerging, digital risks. For the past 24 years, INSUREtrust has continued to lead the insurance industry with their unique innovation and expertise focused heavily in cyber insurance and related risk management. info@insuretrust.com | 770-200-8000 | INSUREtrust.com Insure Trust Insurance Services, LLC. d/b/a INSUREtrust.com doing business in CA as IT Insurance Agency #6003516
00_Insert OFC IFC IBC OBC-SUBBED.indd 2
09/04/2021 4:50:16 am
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE
CYBER INSIGHTS 2021 IBA takes a closer look at some of the most complex cyber issues to emerge so far in 2021, with expert insight from CFC Underwriting, Coalition, INSUREtrust and Tokio Marine HCC – Cyber & Professional Lines Group CYBER RISK is everywhere. It’s an enterprise problem that can trigger a string of losses well beyond the technology or systems that were initially compromised. Cyber events can result in business interruption (both primary and contingent), productivity loss, reputational damage, physical damage, and significant legal repercussions and recovery expenses. It’s no wonder the scale and frequency of cyber insurance losses continue to soar. Ransomware is arguably the most pressing issue the cyber insurance community is dealing with today. This variation of malware allows hackers to lock businesses out of their systems until they pay a ransom, usually in cryptocurrency. In recent years, there has been a significant uptick in the frequency and severity of ransomware attacks, impacting businesses of all sizes and in all sectors. Hackers have grown more sophisticated and targeted in their attacks, aiming for larger organizations that can afford bigger ransoms. In the past five years, the average ransom demand has shot up from $15,000 to $175,000 – an almost twelve-fold increase – according to the NetDiligence 2021 Ransomware Spotlight Report. Furthermore, total ransom demands crossed the $1 million threshold in 2018, the $3 million threshold in 2019, and publicly available data indicates that they surpassed $50 million in 2020, although this was likely negotiated down. The ransomware headache doesn’t stop there. In 2020, a new wave of ransomware attacks known as ‘double extortion’ hit the market. With these attacks, threat actors
are maximizing their chance of making a profit by threatening the victim with an additional abuse of the information they’ve encrypted, such as selling or auctioning it. In this fast-paced and ever-changing risk landscape, cyber insurers have reacted by seeking more rate and shoring up their underwriting guidelines to control their costs and protect their books. Some have even started sublimiting ransomware and applying co-insurance provisions, forcing insureds to share more of the risk. “The cyber market is undergoing significant volatility due to the unprecedented level of dangerous and damaging cyber attacks being successfully launched against American companies,” says Ari Giller, vice president of cyber & tech underwriting at Tokio Marine HCC – Cyber & Professional Lines Group. “Based on our claims data, ransomware frequency increased by over 100% compared to 2018, and the average ransom demand increased by 700%. The cyber landscape is constantly evolving.” The firming of the market is having a big impact on brokers and agents. Not only do they have to work harder to secure adequate coverage for their clients, but they also have to educate themselves and continue to develop technical skills around cybersecurity controls and best-practice cyber risk mitigation. “If you can’t carry the messaging to your clients around what multi-factor authentication [MFA] is and how to implement it, you are going to struggle to put the best cyber insurance program in front of them,” says Christiaan Durdaller, president and CEO of INSUREtrust. “If a broker cannot
explain how to put remote desktop protocol [RDP] behind a VPN with everyone working from home, [they] will not be successful in this market.” Shannon Groeber, executive vice president at CFC Underwriting, adds that “companies of all sizes benefit from a layered and dynamic approach to cyber risk management that incorporates tools, products and services. From a proactive perspective, tools such as MFA, segmentation of networks and sensitive information, consistent backups of data, and employee training and awareness are foundational and put companies in a better position to define and minimize threats.” Proactive cybersecurity controls are absolutely essential in today’s evolving threat landscape. Many would argue that cyber insurance should not be seen simply as a financial risk transfer product; rather, it is a holistic risk management solution that protects not only insureds, but also the cyber insurance market itself. As rates rise, coverage constricts and cyber threats boom, we will only succeed with an ‘all in this together’ approach. With that in mind, IBA reached out to four experts in the space to explore the key themes and questions in the sector, from best practices for risk mitigation to upand-coming cyber threats. Through their insights, we hope to provide brokers with an enhanced understanding of the current state of the US cyber insurance market. Bethan Moorcraft Senior editor Insurance Business America
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 1
1
09/04/2021 5:20:42 am
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE MEET THE EXPERTS A highly respected and influential figure in the Shannon Groeber cyber insurance Executive vice president market, Shannon Groeber is responsible CFC Underwriting for leading CFC Underwriting’s strategy for its admitted cyber proposition. Based in New York, Groeber joined the team in early 2020 from Marsh JLT Specialty, where she was cyber innovation leader. Her nearly 20-year insurance career also includes five years at JLT Specialty as cyber and E&O practice leader. Before becoming head of insurance at Shawn Ram Coalition, a leading provider of cyber Head of insurance insurance and security, Coalition Shawn Ram was managing director and national technology practice leader at Aon, responsible for the growth, brokerage, product development and service of the firm’s technology customers. He also served as executive managing director and Western regional manager for Crystal & Company. He was named one of Business Insurance’s 40 Under 40 Brokers in 2013. As president and CEO of INSUREtrust, Christiaan Durdaller Christiaan Durdaller focuses on the President and CEO company’s Cyber INSUREtrust Secure platform, its products, strategy, and its enterprise cyber and technology clients. He also strategizes to help ensure INSUREtrust’s products, services and solutions stay ahead of the market and competition. Durdaller’s team has been Advisen’s Cyber Brokering Team of the Year three times, and in 2018, Durdaller was named Cyber Risk Industry Person of the Year – USA by Advisen. Ari Giller joined the Tokio Marine HCC Cyber & Professional Lines Group in 2011 and most recently served as director of cyber & tech underwriting for the Midwest. Currently, as vice president of cyber & tech underwriting, Giller leads product development, manages new business production and oversees the cyber & tech underwriting team.
Ari Giller Vice president of cyber & tech underwriting Tokio Marine HCC – Cyber & Professional Lines Group
2
How would you describe the state of the US cyber insurance market? Shannon Groeber: There has been a real shakeup as a result of both the frequency and severity of ransomware attacks, resulting in market-wide recognition of the need for a readjustment in price, even among newer cyber MGAs building books of business for the first time. Previously a checklist item, risk management tools should now be considered the most crucial part of a cyber insurer’s proposition for genuine loss control. Markets in the class for the long term are those that have built long-term portfolios and an extensive in-house security team. Even in a hard market with shrinking capacity,
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 2
09/04/2021 5:20:50 am
realized they needed to file a claim. Christiaan Durdaller: We haven’t seen every market act the same, but there is a substantially heavier focus on risk management and controls directly correlated to ransomware exposure. While there are a lot of underwriting factors that are driving rate change, if I had to provide a blanket statement, for an above-average control-based risk, we are seeing 20% to 30% rate increases. For a below-average control-based risk, depending on how far below average it is, we are seeing 50%+ rate increases, doubling of retentions, co-insurance, reduction of limits or non-renewals altogether. Capacity in the reinsurance market is constricting because of increasing loss ratios. The ripple effect is forcing cyber insurers to minimize their total limits exposed or take increases that are well above 50%. As a result, we are seeing, in certain pockets of the market, $10 million primary limits being reduced to $5 million, some $5 million primaries reduced to $2 million or $3 million and, in some cases, a requirement of risk management implementation to stay on risk at all. Shawn Ram: There’s been a tremendous amount of dislocation in the marketplace due to historical claims that are starting to impact carriers’ profitability. This has resulted in reinsurance rate increases and pricing increases, which brokers still have more choice than ever before as to where they place their client’s business – and there is a growing delta between insurers who provide security guidance and risk management services and those sticking solely to insurance, outsourcing the claims functionality. We think the former is vital for long-term partnerships with our broker partners. The Microsoft Exchange vulnerability is a great case study as to CFC’s approach. Where we detected which policyholders had vulnerability and were compromised, we delivered threat alerts directly to those clients through our incident response mobile app. This brings enterprise-grade security to small businesses, delivering it in
“The cyber market is undergoing significant volatility due to the unprecedented level of dangerous and damaging cyberattacks being successfully launched against American companies” Ari Giller, Tokio Marine HCC – Cyber & Professional Lines Group a simple, actionable way, and it represents the future of insurance. We’ve now got countless examples of clients that we’ve identified as being compromised, contacted and remediated, all before they’ve even
has caused carriers to limit the amount of capacity they are deploying and increase their underwriting scrutiny. Some carriers have elected to reduce coverage, notably for ransomware coverage. We’ve also seen
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 3
3
09/04/2021 5:21:01 am
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE
p pricing increase substantially as a result. Despite changing market conditions, Coalition has held strong and remains an industry leader, with lower claims frequency and loss ratio when compared to other carriers. Our in-house security, incident response and claims teams, alongside our differentiated approach to underwriting and ongoing risk management services, have enabled us to maintain pricing and coverage while balancing market conditions. A recent example is the Microsoft Exchange vulnerability that hit the market. Many carriers still underwrite and insure compromised companies because they do not have the technical acumen to solve the problem. At Coalition, we were able to notify all affected policyholders and their brokers within 24 hours of the announcement and have helped over 85% of the affected organizations patch their vulnerability. Ari Giller: The cyber market is undergoing significant volatility due to the unprecedented level of dangerous and
4
damaging cyberattacks being successfully launched against American companies. Based on our claims data, ransomware frequency increased by over 100% compared to 2018, and the average ransom demand increased by 700%. The cyber landscape is constantly evolving, and although we at Tokio Marine HCC – CPLG have been able to help our insureds navigate the changing threat environment, the increase of cyberattacks and growth of ransom demands have been a challenge for our industry, forcing many carriers to reduce limits, increase deductibles and increase rates to improve underwriting performance.
Which industries are the most exposed to cyber risk, and are these industries buying cyber insurance? Christiaan Durdaller: I wouldn’t classify them as the most exposed, as exposure is defined by controls, but I’d say top targets for data exfiltration still tend to be healthcare, retail, hospitality and others
“With the rise of ransomware in the last two to three years, there are no longer industries that are immune or not targets” Christiaan Durdaller, INSUREtrust with heavy consumer information databases. With the rise of ransomware in the last two to three years, there are no longer industries that are immune or not targets. We have seen a continued uptick in ransomware attacks on managed service providers [MSPs], public entities, manufacturing, contractors, construction and other less historically targeted industries.
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 4
09/04/2021 5:21:10 am
*
So prepared Don’t get burned by a cyberattack. Our in-house cyber claims team is on call 24/7 to put out your digital fires.
*Not an actual CFC cyber claims handler
01-16_Cyber Report 2021-SUBBED.indd 5
09/04/2021 5:21:09 am
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE TOP 10 CYBER INSURANCE TRENDS 1
Cyber claims are growing in number and complexity
2
External attacks are causing the most expensive losses, but internal accidents are occurring more frequently
3
Business interruption is becoming the main cost driver behind claims
4
Remote work and COVID-19 are heightening exposures
5
Ransomware incidents are becoming more frequent and financially damaging
6
Business compromise email attacks are surging
7
Regulatory exposure is increasing around the globe
8
Class action litigation is rising
9
M&As are introducing cyber risk
10
Nation state-sponsored attacks are increasing
in their own business models. Ari Giller: Certain industries that have been historically categorized as ‘lower risk’ have been hit especially hard. For example, manufacturers and industrial companies typically do not store large volumes of personal information and thus did not have very much privacy exposure. These industries are now being actively targeted by ransomware groups because their approach to security is often inadequate for the current environment. Small to mid-sized businesses [SMBs] are also at a higher risk for cyber losses, as they are less likely to have cyber insurance coverage in place. We have seen an
increase in losses for SMBs over the past couple years, and we believe businesses of all sizes need the experience of our seasoned underwriters, claims adjusters and risk management professionals. SMBs typically do not have a team of security and technology professionals to protect their systems and networks, and have a hard time responding when a crisis occurs. As an experienced cyber insurance carrier, our coverage and risk management expertise can help prepare and protect companies of all sizes. Shawn Ram: All industries are exposed to cyber risk, and we think more about the technologies that companies use
“Organizations should consider what they’re willing to invest in preventative measures and technology alongside their insurance program” Shawn Ram, Coalition
Source: Trends in Cyber Risk 2020, Allianz Global Corporate & Specialty
At INSUREtrust, our claims frequency volume across all industries has increased by 166% in the last two years over what it was the two years prior. Shannon Groeber: The simple answer is every industry. The previous threat landscape was framed by the opportunity to lift reams of personally identifiable information and protected health information for the sake of monetizing the actual records, which meant that certain industries were far more susceptible – the obvious being retail, financial institutions and healthcare. As the value of those records has decreased and the business opportunity for ransomware attacks has increased, nearly all businesses in all industries can fall victim to these attacks. There has been an awakening of late among a number of industry groups that had previously not recognized the risk
6
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 6
09/04/2021 5:21:14 am
than the industry they operate in. Cyber risk has become more acute in the past year as companies have accelerated their adoption of technology to facilitate remote work during the pandemic. Among larger enterprises, certain industries tend to be targeted more frequently because they have compelling user or customer data, or are known to have weaker technology infrastructure. This includes financial institutions, healthcare, retail and municipalities. Among smaller entities, we tend to see targets of opportunity far more based on technology infrastructure and how they implemented technology rather than industry. For organizations across all industries and sizes, this becomes more of a risk management consideration rather than a cyber insurance purchasing decision. Organizations should consider what they’re willing to invest in preventative measures and technology alongside their insurance program, and they should be aware of all the additional value that insurers
“What is different in today’s market is [brokers] must also have developed the technical skill set around controlbased implementation” Christiaan Durdaller, INSUREtrust can provide them, including ongoing risk management tools and services.
How does the hardening cyber market impact insurance brokers and agents? What must they do to navigate this market successfully? Ari Giller: The firming of the market is impacting brokers and agents in several capacities. Rates are rising to address the increase in claims trends, deductibles are increasing, and limits are decreasing. We are continuously monitoring the current loss environment in order to
protect our clients. To navigate this market successfully, ensure you are working with a company like Tokio Marine HCC – CPLG that has the institutional knowledge necessary to take on a hardening market. It is important to recognize that newer market entrants are often inexperienced and may not be able to handle an influx of claims or be priced for the long term. We view the insurer and insured relationship as a risk management partnership and are working hard to provide guidance and services that help reduce their risk.
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 7
7
09/04/2021 5:21:25 am
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE THE GROWING COST OF RANSOMWARE Average ransom amount
Average incident cost
$280,000 $260,000 $240,000 $220,000 $200,000 $180,000 $160,000 $140,000 $120,000 $100,000 $80,000 $60,000 $40,000 $20,000 $0
2015
2016
2017
2018
2019
Source: 2021 Ransomware Spotlight Report, NetDiligence
“Brokers need to be able to demonstrate that a cyber policy is an investment into a company’s overall IT security, so they should ensure they know and can articulate the services their client will receive” Shannon Groeber, CFC Underwriting Christiaan Durdaller: In order for brokers to navigate this market successfully, they must obviously continue to excel in their contract language expertise. What is different in today’s market, though, is you must also have developed the technical skill set around control-based implementation. If you can’t carry the messaging to your clients around what multi-factor authentication [MFA] is and how to implement it, you are going to struggle to put the best cyber insurance program in front of them.
8
If a broker cannot explain how to put remote desktop protocol [RDP] behind a VPN with everyone working from home, or even things as simple how to locate an indicator of compromise [IOC] that could have spawned from the SolarWinds or Microsoft Exchange exploits, brokers will not be successful in this market. The days of poorly controlled risks just figuring it out before their renewal next year are over. Shannon Groeber: Shifting market conditions introduce new ways of engaging
for all players in the cyber ecosystem – especially when market dynamics are shifting so rapidly. While companies of all sizes are still working to embrace cyber insurance as an essential commoditizing control within their insurance portfolio, brokers are in a difficult position to prepare clients for these changing dynamics and can no longer rely on competitive premiums to entice skeptical buyers. There’s also the challenge of keeping pace with the shift in coverage and appetite among all players within cyber markets, and advising clients on those markets able to successfully sustain the influx of claims and events over the longer term, even when attractive premiums from less established markets remain enticing against a thoughtful proposal from a carrier that offers more stability at a higher premium. Brokers need to be able to demonstrate that a cyber policy is an investment into a company’s overall IT security, so they should ensure they know and can articu-
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 8
09/04/2021 5:21:30 am
“Attack vectors are highly concentrated, with phishing, remote access and social engineering attacks accounting for 89% of all known attack techniques” Shawn Ram, Coalition
late the services their client will receive. For example, a CFC policy provides clients with access to over 90 technically led security professionals, who are there to enhance the security posture of the client’s business before a loss. They not only act as a sounding board for technical advice, but will be the same people to respond should the worst happen – whether negotiating to get the client’s data back, determining whether funds can be recovered following a social engineering scam or navigating them through the legalities of a privacy event. This is the value that investment in a cyber policy should represent. Shawn Ram: As pricing increases and as coverage and limits reduce, the need for brokers to market accounts more broadly and seek additional capacity will increase. As a result, brokers will spend significantly more time on a given account than they historically have. In addition, brokers need to understand the nuances of coverage, policy language, and terms and conditions that are required by their clients. It is critical for brokers to find capacity providers who take a sophisticated, long-term approach to underwriting and who have capacity to meet the needs of their clients. Beyond policy placement, brokers have an opportunity to aid their clients in holistic risk management, rather than solely focusing on cyber insurance purchasing. Brokers can be a true partner to help clients understand where cyber insurance fits in their risk management strategy.
MOST COMMON CYBERATTACK TECHNIQUES 60% 50%
54%
40% 30%
29%
20%
6%
10% 0%
Email/phishing
Remote access
Other social engineering
3%
3%
3%
Third-party compromise
Brute force (authentication)
Other Source: H1 2020 Cyber Insurance Claims Report, Coalition
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 9
9
09/04/2021 5:21:35 am
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE AVERAGE CYBER INCIDENT COST BY SECTOR $500,000 $450,000 $400,000 $350,000 $300,000 $250,000 $200,000 $150,000 $100,000 $50,000 $0
Manufac- Entertain- Technology Education Restaurants Public turing ment entities
Transportation
Retail
Healthcare Nonprofits Telecommu- Professional Financial nications services services
Energy
Hospitality
Media
Source: 2021 Ransomware Spotlight Report, NetDiligence
What are the most common cybersecurity attack vectors and breach methods? Christiaan Durdaller: Open ports, phishing and supply chain risk. Data exfiltration frequency is increasing at an exponential rate, and so are the demands and payments that come with it. Shannon Groeber: Without a doubt, threat actors are capitalizing on a growing remote workforce as a result of COVID-19 – one that may become the new norm – and the susceptibility of employee and human error to enable them to override any IT security solutions that do work in practice. This has been dominating claims activity, both from a frequency and severity perspective, and is true across all industries. While ransomware undoubtedly remains a significant threat to businesses and continues to dominate the headlines, it’s important that brokers remind their clients that cybercrime such as theft of funds and business email compromise has not gone away. The common thread is that threat actors are taking advantage of the technology employed to allow for remote
10
“While companies need to identify and protect all entry points, threat actors only need one. Tools such as threat intelligence feeds and dark web monitoring allow for a swift and nimble response” Shannon Groeber, CFC Underwriting working, as well as sophisticated schemes that replicate behavioral norms in order to render employees complicit without their awareness. Ari Giller: In our experience, ransomware attacks occur either when an attacker uses compromised credentials to log into a VPN or remote desktop protocol [RDP] or the attacker enters via a back door created by a malware infection like Emotet, which can bypass a firewall and two-factor authentication protected by VPN. Oftentimes, individuals will get convincing phishing emails to their work accounts, requesting them to click on a
link or provide credentials. Once that link is opened or login information is acquired, a hacker can move laterally through an organization, gaining access to more and more valuable information. Shawn Ram: In Coalition’s 2020 Claims Report, we shared unique insight into the attack techniques criminal actors used to target our policyholders. These attack vectors are highly concentrated, with phishing, remote access and social engineering attacks accounting for 89% of all known attack techniques. Sixty percent of claims resulted from human error, including phishing and social engi-
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 10
09/04/2021 5:21:36 am
IBA Hous
Subscribe to the leading business magazine for Specialty Brokers and Industry Experts
MONTHLY PUBLICATION Delivered right to your doorstep or office every month
REAL-TIME WEB SERVICE Breaking news, features, webinars, special reports, IB Talk and more
DAILY E-NEWSLETTER Daily news service delivered straight to your inbox every morning
SCAN TO LEARN MORE
IBA01-16_Cyber House ad - Subscriptions.indd Report 2021-SUBBED.indd 1 11
09/04/2021 07/11/2020 5:21:41 am 2:17:34 pm
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE neering, and 29% of attacks were the result of exploiting remote access. These findings reinforce the need for secure remote access and cybersecurity training, which we address in our 2021 Cybersecurity Guide.
In the growing threat landscape, what are some best-practice cyber risk mitigation tactics that all companies should implement? Shannon Groeber: From a general perspective, companies of all sizes benefit from a layered and dynamic approach that incorporates tools, products and services. From a proactive perspective, tools such as multi-factor authentication, segmentation of networks and sensitive information, consistent backups of data, and employee training and awareness are foundational and put companies in a better position to define and minimize threats. At the same time, constant detection allows them to act quickly when threat actors find an entry point. While companies need to identify and protect all entry points,
12
threat actors only need one. Tools such as threat intelligence feeds and dark web monitoring allow for a swift and nimble response, which can help to reduce the impacts of cyber events and attacks. Finally, a sophisticated and proven response team is essential to emerge from an event in a manner that contains reputational harm and other long-term impacts. Most companies are not, and should not be, experts in how to negotiate with cybercriminals who are holding their data hostage or how to interpret notification requirements in any relevant jurisdictions, but the speed with which they navigate all of the potential impacts is critical. Working with a team that has a proven track record and has the company’s best interests in mind is crucial. That’s why CFC has built one of the largest in-house incident response teams – to guarantee that our clients are top priority among all of the companies in need of expert guidance. It’s also a reflection of the shared investment and interest in minimizing losses and allowing our insureds to
get back to business as quickly as possible. Christiaan Durdaller: Every client is different, but a good starting point for all clients, large or small, is to be going through security posture assessments, ransomware readiness assessments and an Office 365 email assessment. From there, it’s a simple roadmap to what’s next. For some, step two is implementing MFA across their platform. For others, it is implementing a more robust endpoint detection and response program or threat-hunting solution. All companies need to be doing employee training, having proper patch cadence and building the right defense in-depth to be better protected. It all depends on what checks and balances exist today, which would be defined in the assessment process. Ari Giller: Many insureds do not know how to safeguard themselves from cyber incidents. We have been underwriting cyber for many years, which allows us to collect data and see a clear pattern of cyber trends over an extended amount of time.
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 12
09/04/2021 5:21:49 am
WHAT ORGANIZATIONS CAN DO TO PROTECT THEMSELVES FROM A CYBERATTACK Increase email security
Implement multi-factor authentication
Maintain good data backups
Enable secure remote access
Update software
Use a password manager
Scan for malicious software
Encrypt data
Implement a security awareness training program
Purchase cyber insurance Source: 2021 Cybersecurity Guide, Coalition
For small businesses, this data is crucial to their protection because they do not have the means to assemble and analyze how they can be impacted. It is our mission to provide both risk mitigation tools and education opportunities to help our insureds manage their risks. From the data we’ve collected and analyzed, the adoption of multi-factor authentication, business continuity and disaster recovery plans, and nextgeneration antivirus and endpoint detection and response tools is critical for businesses to protect themselves. We have teamed up with Cisco’s Duo, Datto and CrowdStrike to give our insureds access to
“The insurance industry has come a long way in the last few years. It is much more common today that traditional insurance policies are explicitly covering or excluding cyber” Christiaan Durdaller, INSUREtrust these first-class threat prevention controls at a discounted rate.
The COVID-19 pandemic has once again brought attention to the issue of clarity and intention in policy language. How far has the industry come in addressing silent cyber risk? What else needs to be done? Ari Giller: The cyber industry is consis-
tently developing as the world changes. Prior to the pandemic, carriers were beginning to think about explicit exclusions to cyber-related coverages on general liability, BOP and professional liability policies, obligating insureds to purchase stand-alone coverage. The pandemic hastened the need to really take a hard-line approach with the many lawsuits, policy changes and claim developments. As a result, markets have
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 13
13
09/04/2021 5:21:57 am
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE
“There is no shortage of events that can affect us all, but it is important to make sure you have the right coverage and partner who can anticipate the next wave” Ari Giller, Tokio Marine HCC – Cyber & Professional Lines Group been expressly excluding cyber coverage altogether from many products, including kidnap & ransom and event cancellation. Christiaan Durdaller: The insurance industry has come a long way in the last few years. It is much more common today that traditional insurance policies are explicitly covering or excluding cyber. There are some pockets that historically would’ve been considered ‘silent cyber’ within business interruption – contingent bodily injury & property damage and several others – that
14
are now being picked up by cyber or property policies and other various difference-inconditions solutions in the marketplace that weren’t here even as recently as a year ago. Shawn Ram: Many carriers have engaged in exhaustive efforts to remove perceptions of cyber coverage on other policies. It is a best practice to purchase a cyber insurance policy to mitigate cyber risk. Even some of the historical difficulties of covering physical damages from a cyber event – such as bodily injury, prop-
erty damage and pollution – can now be resolved in the cyber marketplace. Shannon Groeber: Non-affirmative cyber became a speaking point in the market because significant losses were accumulating and clients were seeking clarity of cover to address these losses. There is rightly an argument to be made that the growing frequency and severitydriven losses that clients were experiencing were impacting the market long before exclusionary cyber language on other policies. Ultimately, the crux of silent cyber mandates has been behind insurer intent of never having underwritten these risks or priced them in the first instance. That’s why cyber as a peril properly resides in an affirmative stand-alone policy that gives clients not only clarity, but more importantly, access to cyber specialists who can properly help them navigate their way
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 14
09/04/2021 5:22:05 am
M
PROUDLY BROUGHT TO YOU BY THE BUSINESS PUBLISHING COMPANY OF THE YEAR
PRINT Examining safety professionals’ mental health • Safety in a gig economy • Terminations for OHS infractions
Q4
JANUARY/FEBRUARY 2020 • WWW.THESAFETYMAG.COM
NOVEMBER 2019 | LEXPERT.CA | $16.95
THE BUSINESS QUARTERLY FOR LAWYERS
WWW.CANADIANLAWYERMAG.COM ISSUE 43.10 | $11.95
WWW.CANADIANLAWYERMAG.COM/INHOUSE ISSUE 14.06
SAFETY LEADER YEAR
THE END OF AN
?
Companies and products that prevailed among their competitors
CROSS EXAMINED
Kirsten Thompson on going from technical to creative in advising on data strategies
IP IN M&A
KEEP BLOGGING
Times have changed and blogs must change with them, writes Steve Szentesi
1
01_Cover-SUBBED3.indd 2
PM#41261516
AUGUST/SEPTEMBER 2019
RISING STARS
negotiations with multi-jurisdictional parties
READERS’ CHOICE AWARDS
PM#41261516
PM# 41261516
Mike Doyle excels at promoting safety both at work and in his community
LEADING LAWYERS UNDER 40
FOREIGN INVESTORS HEAD TO CANADA How general counsel are leading strategic
The customs of the legal profession are feeling the weight of 21st-century stresses
OF THE
Due diligence is key when acquiring intellectual property and there are pitfalls to avoid
TOP 10 BOUTIQUES Corporate and Immigration boutiques offer personalized service
ADDING VALUE
Two systems and languages leads to better problemsolving tools, write lawyers at CMHC PM# 41261516
29/10/2019 3:17:55 AM
DIGITAL
EVENTS
FIND OUT MORE ABOUT US AT WWW.KEYMEDIA.COM
MPAS
PUBLISH AWARDS
TABBIES
AZBEES
THE BIG 95
COPA
APEX
MAGGIES
EXCELLENCE AWARDS
BELL AWARDS
NMA: B2B
SYDNEY | AUCKLAND | DENVER | LONDON | MANILA | SINGAPORE | TORONTO
01-16_Cyber Report 2021-SUBBED.indd 15
09/04/2021 5:22:08 am
EXECUTIVE INSIGHTS SERIES
CYBER INSURANCE through a cyber event. In fact, what all other non-affirmative cyber policies have in common is the lack of specialized claims expertise behind them. Is the property market the best equipped to negotiate a ransom payment? Is the crime market best positioned to conduct forensics over the insured’s network in the event of a business email compromise? Is a PI department best placed to provide dark web monitoring for clients? The answer here is largely no, and this has turned the attention of brokers and clients alike toward standalone cyber policies that adequately address and respond to cyber perils in a rapidly changing threat landscape.
What cyber risks are lurking on the horizon? Ari Giller: We can’t say, because we don’t want to tip any black hats. What we can tell you is that it depends on the technology and policy. There is no shortage of events that can affect us all, as the recent Solar Winds and MS Exchange server hack illustrated, but it is important to make sure you have the right coverage and partner who can anticipate the next wave. We are laser-focused on continuing to improve our product and service offering to protect our clients and prepare for what looms on the horizon. Christiaan Durdaller: I wouldn’t say there are risks in terms of attack vectors – that will always be a moving target. The cyber ‘risks’ lie in whether client adoption of cyber-related risk management will increase quickly enough to satisfy the needs of the marketplace. As brokers at INSUREtrust, we are continuing to do the best job that we can to speed up the adoption rate. Shawn Ram: All of the most significant recent cyberattacks have targeted core infrastructure technologies used by large numbers of entities, also known as supply chain attacks. The mass-scale usage of software, which may contain critical vulnerabilities, exposes organizations to risk from a centralized attack. Recent examples include the SolarWinds breach, Microsoft Exchange vulnerability
16
“I wouldn’t say there are risks in terms of attack vectors – that will always be a moving target. The cyber ‘risks’ lie in whether client adoption of cyber-related risk management will increase quickly enough to satisfy the needs of the marketplace” Christiaan Durdaller, INSUREtrust and Mimecast hack. These types of attacks require that organizations are able to act quickly to remediate the incident; otherwise, they may face significant disruption and claims activity. Shannon Groeber: Cyberattacks have been a growing business for the last several years, and the shift to a digitized world only increases the value of intangible assets – precisely the risk that is prevalent to any company. At the same time, technology is outpacing controls and tools that can help minimize attacks, while the concept of privacy is being diluted through cultural norms, as can be
seen through social media channels and a shared services ecosystem. The comforting news for companies is that the cyber insurance marketplace is incredibly adaptive and nimble – not only in crafting insurance policy language that will respond to emerging threats, but in creating tools that supplement the insured’s own approach through proactive risk management services and additional intelligence tools. It’s a fundamental reason why purchasing a cyber insurance policy should be viewed as an essential tool in the toolkit, as opposed to an expense item with questionable returns.
www.ibamag.com
01-16_Cyber Report 2021-SUBBED.indd 16
09/04/2021 5:22:13 am
Be Cyber Strong.
Our coverage helps you prevent, cover Our coverage helps you prevent, cover and control your cyber exposure. and control your cyber exposure. Visit us at tmhcc.com/cyber Visit us at tmhcc.com/cyber
Be Cyber Strong. Be Cyber Strong.
00_Insert OFC IFC IBC OBC-SUBBED.indd 4
09/04/2021 4:50:35 am