 |
The cyber market has been in flux for about as long as it’s been around. New hackers use new techniques to exploit new vulnerabilities and use new methods of collecting ransoms. Meanwhile, victims and their insurers scramble to try to stay one step ahead of the bad guys, as rates rise – then rise some more. To sort through the latest trends, we sat down this month with Emma Werth Fekkas, RVP of underwriting at Cowbell Cyber. She offers any number of insights, including that those constant rate rises are likely a thing of the past. |
ITL:
Let me start by asking you what you think the two or three biggest issues are that are facing cyber market at the moment.
Emma Werth Fekkas:
One of them is around clarity of coverage, what it does, where it applies and how it fits into other policies and overall risk management. Cyber is such a new product and new coverage that I think we're all still trying to find our bearings and find where this is really the best fit.
ITL:
Are there particular areas of confusion?
Werth Fekkas:
There are a couple of hot buttons. One is around war. There are a lot of cyber terrorism carvebacks and a lot of debate around what was the intention of a cyber policy. Does it apply to cyber terror terrorism—and how do you define cyber terrorism? Should government come in and define it? There's been a lot of movement to define kinetic war differently from cyber terrorism. There's a lot of debate, and currently, different insurers are handling that differently.
ITL:
Quick aside. I think the term “kinetic war” is just a crazy euphemism. I mean, people are firing guns, artillery and missiles at each other, and we use a cute little word, “kinetic,” to describe that.
Werth Fekkas:
Right?
ITL:
I didn’t mean to sidetrack you.
Werth Fekkas:
The other piece is what we call infrastructure exclusions, or named perils, things like that. Prior to COVID, cyber started covering things like business interruption, and the wording kind of broadened to make coverage more appealing and meet the needs of our policyholders. But the wording sometimes can take on something it wasn't intended to and start to look more like a property or GL [general liability] coverage. So there is some pullback, defining when business interruption for a cyber policy would fit in and when it goes under more of your standard property and casualty coverage.
ITL:
Is there a big issue related to rates? Insurers have typically really wanted to push rates up because this is potentially really expensive stuff, but clients have often balked.
Werth Fekkas:
I think you're going to see rates coming down. It depends a bit on where you are in revenue. Rate declines will be slower for larger companies, I think, than for smaller companies. But I do think we're coming into a softer market now. And so we are going to see more competition and more price adjustments.
ITL:
That’s interesting. How quickly do you think that can happen? This year? Next year?
Werth Fekkas:
I would say throughout this year. You're probably going to see a significant difference between January and December, for sure, moving faster in the smaller and middle market space than in the larger space.
ITL:
A thesis I’ve had for a while is that insurance needs to move to what people are calling a “predict and prevent” model, away from “repair replace,” and cyber seems like a perfect spot for the transition. The more secure you are, the less you need to worry about insurance and the less the insurers need to worry about the risks. Are you seeing a shift?
Werth Fekkas:
I am. At Cowbell, we're able to continuously scan our policyholders and notify them of any vulnerabilities that are coming up. A little while ago, Log4J was a big one. We were able to get an idea of how many clients were potentially affected and notify our insureds and their brokers of how to mitigate the problem. We're going to have more and more of that.
There's going to be more and more partnership between cyber insurers and technology vendors to help companies see what they can do up-front to mitigate certain exposures.
ITL:
Is it a big deal, medium deal or small deal that law enforcement has managed to recover ransom payments made in cryptocurrencies, which were long thought to be untraceable?
Werth Fekkas:
It's a fairly big deal. It's certainly helpful for us to have some protection, to be able to mitigate what we're paying and to know we're getting to the root cause of some of these attacks. On the other hand, there have been frustrations among clients about having assets frozen and other measures taken, even though they know those measures protect them, in the end. To clients, it can look like investigators aren’t helping, that they’re part of the problem.
ITL:
How about trends in attacks?
Werth Fekkas:
Business email compromise is still the main way in. If it ends up in ransomware, of course, it's higher-severity. Overall, the main issue is higher frequency.
ITL:
What about countermeasures companies are taking?
Werth Fekkas:
We always stress training, but, of course, not all training is created equal. MFA [multi-factor authentication] is a big one. But if you just have MFA for email, it’s not as effective as if you have MFA across your entire system. Another one is EDR and MDR. EDR is endpoint detection and response. It checks each computer as an endpoint and notifies you when there's a threat there. MDR is more toward monitoring. We’ve learned in the past couple of years that a lot of threat actors are kind of dormant in your system. They’re monitoring your activity so they can make it look a lot more natural when they send you a phishing email. So, MDR seems very helpful, as well.
ITL:
You can monitor what might be monitoring you.
That really covers it from my end. Any thoughts you want to leave us with?
Werth Fekkas:
There’s definitely lively conversation in cyber right now, coming out of the hard market. Now is the time to do a post mortem, of what was working and what wasn’t? What can we now do as the market softens?
ITL:
Thanks, Emma.
