Cyber Insurance
Blog Home All Blogs
Cyber coverage is increasingly a "must have" for businesses, including insurance agencies. For an overview of all PIAK posts, visit our "Blog Post Library List" at "All Blogs"


Search all posts for:   


Top tags: cybersecurity  insurance  agent  coverage  cyber  cyber insurance  liability  mobile 

Top 5 Mobile Device Threats & How to Prevent Them

Posted By Michael Ogden, Wednesday, May 9, 2018


Security threats to mobile devices, which are an integral part of digital insurance and banking apps, are increasing daily, but many organizations remain oblivious to the risks.

Comodo Threat Research Labs, based in Clifton, New Jersey, detailed in a blog the top 5 mobile device security threats and ways to protect against them.

Comodo also provided four best practices to prevent those threats, including:

  1. Avoiding connecting to unsecured Wi-Fi networks, such as public Wi-Fi hotspots;
  2. Downloading apps from trusted sources, such as the Google Play Store and iOS App store, and not from unreliable third-party sources;
  3. Being wary of unsolicited calls or messages; and
  4. Mitigating mobile device attacks from penetrating the corporate environment, such as using the Comodo Mobile Device Management solution, which provides controls needed to secure, manage and monitor all the employe­e-owned mobile devices that access critical business data.

In a separate announcement, Comodo Cybersecurity presented its threat analysis for the first quarter of Q1 2018, which revealed cryptominers (who use a process in which transactions for various forms of cryptocurrency are verified and added to a blockchain digital ledger) surging to the top of detected malware incidents, displacing ransomware, which declined significantly in volume, as the number one threat.

“Malware, like cyberspace itself, is merely a reflection of traditional, ‘real-world’ human affairs, and malware is always written for a purpose, whether it’s crime, espionage, terrorism or war,” Dr. Kenneth Geers, chief research scientist at Comodo Cybersecurity, said. “Criminals’ proclivities to steal money more efficiently were evident with the surge in cryptomining. And the continued strong correlation of attack volume with current geopolitical events shows hackers of all motivations are well aware of the opportunities major breaking news provides them.”

Tags:  agent  cybersecurity  insurance  mobile 

Share |
PermalinkComments (0)

Cyber Liability Insurance Market: Equal Parts Promise and Peril

Posted By Shawn Moynihan, Thursday, January 11, 2018


from, January 1, 2018

When it comes to cyber threats and how they continue to evolve, Adam Cottini, managing director of Gallagher’s Cyber Liability practice, offers a chilling assessment: “You have the known, and the massive unknown."

The potential damages are at once serious and extensive: Physical loss. Financial loss, in myriad forms. Reputational loss. All of these perils are woven into a threat from which no insured is truly safe, regardless of their size or the industry in which they operate. As the digital frontier expands, every single client, to a greater or lesser degree, is exposed.

Acknowledging the intersection of cyber liability, business interruption and property policies is particularly important when determining how clients may — or may not — be covered for a cyber loss, and just which policy is triggered depending upon how the incident occurred. As Laura Rieben, director of privacy for Independence Blue Cross’ internal audit division, stated during a panel at ALM’s cyberSecure conference in New York City on Dec. 5, 2017, “The devil’s in the sublimits.”

Commercial property protection

Steve Anderson, vice president and product executive in Privacy & Network Security at QBE North America, points out that 2017 saw seven of the top 20 all-time largest breaches in terms of the number of records exposed world-wide. He notes that many cyber liability forms now have property elements that weren’t there a year ago; insureds are now asking for carriers to specifically include protections for commercial property in their cyber policies.

Similarly, he adds, property policies in many cases used to contain exclusions for digital threats; that’s no longer the case. Coverage for cyber-based physical damage can be added as an endorsement to a property policy, but depending on the extent of the client’s needs, more comprehensive limits might be available through a well-crafted standalone cyber policy.

Otherwise, the client — and the insurer — would be relying on what’s referred to as “silent” cyber coverage (in which such losses are not explicitly excluded as part of a property policy, for example), as opposed to affirmative, distinctly stated protections.

As is often the case with cyber coverage, one size does not fit all. It’s become incumbent on brokers to assure clients that all cyber-related potential losses are either covered by a specially tailored cyber policy or not specifically excluded in their other suite of policies — and even in the case of the latter, that the sublimits are adequate.

“Concurrent causes of loss may exist, but the direct cause is what triggers the policy” notes Shiraz Saeed, Starr Companies’ practice leader, Cyber Risk. “You need to look at the wording.”

Where property meets cyberspace

While perhaps not immediately apparent to some, the cyber-based threat to physical assets cannot be underestimated. Consider pharmaceutical giant Merck, which was dealt a serious blow by the Petya/NotPetya malware cyber attack in June 2017. NotPetya was a virus that spread across computer networks and encrypted hard drives so that machines could not run.

With its computer networks frozen, the drug manufacturer was unable to produce vaccines and medications in normal volumes while its production facilities were affected, and its delivery and distribution, back-office, research and sales operations also took a hit. When reporting its third-quarter financial results, Merck said its sales were down by $240 million after it had to borrow that amount of stores of its star HPV vaccine, Gardasil, from the Center for Disease Control’s stockpile just to fulfill orders. Merck reported an additional $135 million in lost sales that it claims related to the attack.

The result? An estimated $275 million hit for its insurers — and that’s just for the insured portion of the manufacturer's larger loss. “Merck has not yet fully quantified its losses, much less given any of its insurers an estimate of the total amount of those losses,” Merck spokeswoman Claire Gillespie said in a statement in October.

Yet a client doesn’t have to be a major drug company to suffer a crippling physical loss; the remote manipulation of a sprinkler system, for example, could destroy a manufacturer’s inventory. Temperature controls could be compromised and set high enough to ruin the entire in-house stock of a food company. A rogue nation could hack into a utility company and cause a shutdown of electricity or a power surge that fries a transmission line, or open up a dam and put a community under water.

While there haven’t been a great number of such cases reported in the U.S. yet, Cottini says that engenders a sense of complacency. “We’re sitting on a precipice of the next concern. We need to align policies to make sure the client is covered.” The insured’s General Liability or Property coverage might not respond in such cases.

Although some in the industry thought property underwriters would add appropriate limits to meet cyber threats, the aforementioned major ransomware events have made them seriously reconsider, says Cottini: “Now, the property market is looking at whether they want to provide current limits with regard to cyber, tailor it back, or not offer it at all.”

“The Property market has a major problem in that it carries a silent cyber exposure,” says Michael Palotay, chief underwriting officer for NAS Insurance Services in Encino, Calif. Clients, he notes, are “very concerned about what their potential loss is in the event of a [cyber] attack that causes property damage.”

Currently, insurers can offer property damage in the event of an attack, and “the cyber market is better equipped to manage the aggregates of that exposure,” Palotay explains. He’s concerned, however, that there hasn’t yet been a major event to make the threat of property damage “real” to insureds.

“There hasn’t been a lot of cyber aggregation until recently,” he notes, referencing Petya and the worldwide May 2017 WannaCry ransomware attack. “Those added fuel to the fire about how we’re going to manage aggregated risks.”

Business interruption ahead

Starra Companies’ Saeed says that when most people hear the phrase “cyber attack,” they think of thieves trying to steal information. But cyber events go far beyond that, and more often than not they mean a hard stop for an organization’s business.

“People think it’s about data,” he says, and the business-interruption aspect can get short shrift — yet the BI part is the most critical to small to midsize businesses, which can’t afford to have their operations shut down for a week.

Attention to the risks posed by ransomware becomes critical for these types of clients. Greg Vernaci, head of Cyber, U.S. & Canada, for AIG, says ransomware attacks (in which one’s systems are held for ransom by a perpetrator) have been trending steadily in last year or two. This includes cyber extortion, which from a claims-handling standpoint often gets tangled up with BI, he says, because the insured can’t access their assets and can suffer a business-income loss. “No industry is immune to it.”

What many insureds — and brokers — don’t immediately know is that unless your business is interrupted for at least 10–12 hours, you might not have a claim at all; that threshold of time is different for different insurers, but in some cases cyber losses covered under a Property policy can’t be triggered until 24 hours’ worth of interruption. (Again, analyzing one’s terms here becomes critical if you’re a policyholder.)

Matt Prevost, senior vice president of Financial Lines at Chubb, agrees that small business is and should be focused on business interruption, versus data breach exposure. Regardless of industry, he says, all have recognized the importance of security — and that creates positive momentum around clients wanting to make themselves better risks. “Those conversations are happening all over, which is a good sign,” he adds.

Vernaci adds, “Just because you’re small doesn’t mean that you’re going to be targeted. You are.”

“Those small business owners understand that to spend $5K to $10K on a $1 million policy is a smart move for them,” says Anderson. “That’s the space that has the largest potential for growth, and carriers are starting to give them applications that aren’t 20 pages long.”

In terms of the risk-management services offered, he adds, “it’s a no-brainer.”

Social engineering comes of age

Meanwhile, social engineering or “phishing” attacks continue to grow not just in number but also in polish. Palotay notes how perpetrators will now not simply hack into a company’s e-mail system and try to convince a subordinate to wire money to their boss, for example, but rather, first monitor that boss’ e-mails to better copy their writing style, in order to make the eventual request far more believable.

When in doubt, experts say, if it looks fishy, it’s probably phishing.

“Information is the new gold at all types of companies, and employees need to understand what that means,” says Christina Terplan, a partner at Clyde & Co. who practices in the areas of technology, intellectual property and privacy law, representing insurers in issues ranging from coverage evaluations and disputes to litigation management.

Terplan says she’s seeing a huge uptick in social engineering fraud, and an increase in the level of sophistication in the attacks: “It’s scary now, how much they know about their targets.” Law firms can be penetrated, their settlement funds wired to a different entity. In real estate transactions, one of the parties involved in the deal’s closing can be compromised and the money disappears.

“The best way to avoid litigation is to make sure you don’t have an incident, which boils down to practices and procedures,” says Terplan. In many cases, she adds, someone who ends up being negligent in unwittingly aiding a phishing scam could have saved a lot of heartache by simply calling the person requesting a funds transfer to verify the request.

“In those cases,” she says, “old-fashioned modes of verification work the best.”

Palotay says that many hackers have moved from trying to steal private information to more cyber extortion for two reasons: The payoffs are bigger, and the price of personal payment information has gone down on the black market with the advent of chip technology and more sophisticated encryptions. Credit card information now has a shorter shelf life than in recent years.

Previously, social engineering losses were in some cases considered a crime loss; now it could be a financial loss, depending on the insurer’s terms & conditions. Again, carriers are looking to make sure these gaps are being covered, or at least explicitly excluded.

In any case, Vernaci says in the event of a loss, policyholders should not wait to notify their carriers: “These types of incidents don’t age well, and it’s better to address them right away.”

“The fact that social engineering losses are common doesn’t change the level of damage that can be done,” Palotay adds. “If you’re looking down the barrel of a million-dollar loss when you’ve got only $5 million in total revenues, you’re really going to have a problem.”

Advice for brokers

“The broker with a team to actually dissect forms and not just beat someone else on price is the type that insurers want to work with,” says Saeed. Delving into the details of forms that can become highly complicated is a must for brokers wanting to do business in this sector.

“One of the difficulties we have in our space is that the policies can be very confusing,” says Anderson. “With cyber, we can have anywhere from two to 21 insuring agreements, broken down to first- and third-party liability risks.”

It helps, he says, that insurers now do a much better job now of offering risk management services on the front end — assessments, tools and other assistance to make sure guideposts are in place prior to a breach. The entire approach has become less reactionary and more proactive.

Midsize businesses in particular can be sold on the value of pre-incident services and education, such as employee-awareness training for no additional cost. Those services help to drive the conversation and articulate the insurer’s value proposition.

“Something as straightforward as a password manager is still foreign to [small businesses],” says Prevost. “Culturally, we do need to take this very seriously, but there are people out there still using ‘PASSWORD’ for their password. What are the best-in-class controls, and what mistakes have been made that we can learn from?”

He adds that brokers need to focus more on the impact of cyber risk across the client’s entire portfolio, how it crosses other coverage areas, “instead of focusing on one policy in their relationship.”

AIG’s Vernaci says that for new clients, “it needs to be an open-ended question. What does the client consider their greatest risk? Ask them what they believe their key exposure is. How do the client’s existing P&C policies respond to it? Are they silent, or affirmative?” From there, he adds, a standalone cyber policy can be thoughtfully crafted.

In terms of who’s driving the buy for cyber coverage, Anderson says that pattern has shifted. Three to five years ago, he explains, “it was a trickle-up from the broker to the risk manager to the CFO to the CEO, then to the Board. Now, that’s reversed. Now, the board is asking companies how well they’re protected.”

Vernaci likewise sees an increasing trend for the C Suite to be involved. When making the case for cyber protections to an organization’s top management, brokers can stress the availability of pre-incident services, which offer the client “far more value than just a risk-transfer solution.”

Cottini says that ultimately, it’s a question of how much revenue the client is willing to risk losing in a cyber incident versus what they think they could or should pay.

At the end of the day, “recognize your client’s risk and understand their exposures,” adds Saeed. “Think about hacking and where it can go — let your imagination run wild. Because it’s all possible.”

Tags:  cyber  insurance  liability 

Share |
PermalinkComments (0)

6 Ways Cybersecurity Will Impact Insurers in 2018

Posted By Dawn Illing, Thursday, December 28, 2017

by Dawn Illing,, December 14, 2017

Businesses Will Start to See Security as a Key Commercial Risk Rather than an IT Issue

While cyber attacks are deeply concerning, there's a silver lining for the insurance industry in 2018: opportunity. Here are several ways cyber risks will affect insurers in the coming year.

1. Businesses will start to get more serious about cyber insurance; premiums will inflate.

Cyber-insurance will continue to grow at a fairly steady pace as companies begin to adopt not an “if” but “when” mind set for attacks. A successful attack can cause major damage – not only to a company's bottom line, but to its reputation and consumer trust.

2. An increase in cyber attacks means more opportunities for insurers and advisors.

The variety of attacks and the technologies and processes deployed to prevent them will be noticeable in 2018, adding more confusion for companies. However, this will become an opportunity as businesses seek advice, and insurers become critical influencers in future buying decisions.

3. Moving insurance from risk protection to prevention.

Due to a growing awareness of cyber attacks, in 2018 businesses will start to see security as a key commercial risk rather than an IT issue that affects every facet of their business. A holistic process will begin to be adopted from the boardroom down to change cultures and take positive steps company-wide to protect digital systems.

4. The rate of security breaches will continue to increase.

Previously, a degree of blame has always been placed on the end-user when a breach occurred; however, companies will begin to adopt policies that make it easier to report breaches within the company. The focus will shift from how to respond to how to detect the breach. In turn, reinsurance support will grow in response to better data and tools, supporting the overall growth of the market.

These issues should also be considered for any portable device since 2018 is likely to see more breaches of these devices and the business data stored on them.

5. Fear of a breach builds business opportunity.

As regulation increases, banks and insurers will require systems that are quick to evolve and can keep up with changes. Therefore, buy-in to technology will increase as institutions find it increasingly difficult to stay ahead and readjust to ever-evolving risks and regulatory landscapes.

6. RegTech to the rescue?

Three major areas related to regulation will be the key focus for the next two years: Data security, data privacy and cyber security.

Insurers will continue improving their ability to harness data while also re-establishing trust with customers by offering a better customer experience. The benefits of a digitally transformed client lifecycle management process are very compelling such as:

  • Faster on-boarding
  • Efficient remediation
  • Digitalization of data management and integration.
If companies are able to cut their compliance costs by leveraging technology and overcoming these challenges, this will become an even bigger driver during marginal compression.

However, will technology hinder good judgement and human input on risk management decision-making processes? Only time will tell.

Tags:  coverage  cyber insurance  cybersecurity 

Share |
PermalinkComments (0)

PIA of Kentucky
107 Consumer Lane
Frankfort, KY 40601


Phone: 502-875-3888
Fax: 502-227-0839