February ITL Focus: Cyber

ITL FOCUS is a monthly initiative featuring topics related to innovation in risk management and insurance.

Padlock on the left, and to the right the ITL Focus logo, along with Cyber, February 2025, Sponsored by Boxx Insurance

 

 

FROM THE EDITOR 

Watching cyber insurance mature over the past decade has been fascinating, with attacks and counterattacks reminiscent of the old Spy vs. Spy cartoons in Mad magazine – just at high speed, with serious stakes and with a clear delineation between the good guys and the bad guys. 

Cyber insurance began with a stark realization – not just that it was needed but that existing policies might cover a major risk that insurers very much didn’t want to be covering. At the same time that carriers started offering cyber policies, they were rewriting general liability policies to make very clear that cyber attacks weren’t covered.

Early attacks focused on stealing Social Security numbers, credit card information and other data that the bad guys could use to impersonate people. But credit card companies responded with, among other measures, faster response to fraudulent purchases and with secure chips in credit cards. 

So hackers went to a new level, hacking into corporate systems, stealing and encrypting data necessary for running a business and demanding ransom in return for tools that would decrypt the data. But then the good guys responded by not just improving their defenses but by creating backups that they would use if their main systems were compromised. 

Now we’re on to the new battle. Hackers are using AI to quickly sift through corporate systems once they’ve wormed their way in and are being much more strategic about the information they’re after. Once they have it, they may threaten to make it public and extort payment in return for silence. AI also keeps lowering the cost of doing business for hackers. They can, for instance, come up with a general template for an attack, then have AI replicate it and go after orders of magnitude more targets than were reachable in the past. The AI can even translate the attacks into other languages and do custom coding to facilitate the hacking attempts. 

But the amped-up attacks are hardly the end of it. As Vishal Kundi, co-founder and CEO of Boxx, explains in this month’s interview, the good guys can use the same tools that hackers use to scan corporate systems, to spot vulnerabilities and to fix them before hackers can exploit them. Boxx monitors conversations on the dark web to see what information is being offered for sale, so it can warn any clients who’ve been compromised. Boxx is also increasingly providing modules of cyber insurance that merchants or platforms can buy and embed into digital commerce to cover individual transactions and make customers feel safer. 

What comes next? We’ll just have to keep our eyes and ears open. Spy vs. Spy battles are often surprising. 

In the meantime, I think you’ll find the interview with Vishal enlightening – dare I say, even encouraging. 

Cheers, 

Paul

 
Banner Headline reading "An Interview with Vishal Kundi", next to a headshot of Vishal

 

 
"Cybercriminals are constantly looking for new ways to extract money, and they’ve realized that the ability to rebuild data no longer holds the same weight. What truly gets a company’s attention now is the threat to its reputation, particularly when it comes to customers. If a hacker can threaten to publicly expose sensitive customer data, that becomes a far more effective tool for extortion. "

Read the Full Interview

"Cybercriminals are constantly looking for new ways to extract money, and they’ve realized that the ability to rebuild data no longer holds the same weight. What truly gets a company’s attention now is the threat to its reputation, particularly when it comes to customers. If a hacker can threaten to publicly expose sensitive customer data, that becomes a far more effective tool for extortion."


— Vishal Kundi

Read the Full Interview
 

READ MORE