Tag Archives: cyber insurance

How CISOs Are Responding to COVID

Since the stay-at-home orders first started in March, chief information security officers (CISOs) have been sharing both their horror stories and how they’ve shifted priorities to keep their companies safe. These CISOs work in a wide variety of companies, and the anecdotes we’ve been hearing run the gamut. 

Changes are happening in how CISOs make decisions, so, in line with Arceo’s mission of driving comprehensive cybersecurity management, we wanted to look at how the rapid expansion of remote work is affecting cybersecurity business decisions directly.

We collected one of the first sets of quantitative data on how CISOs’ priorities have changed since many businesses started moving to work from home. With our research partner, Wakefield, we surveyed 250 CISOs at companies with $250 million to $2 billion in annual revenue. We asked them about their current and changing approach to cybersecurity risk management. Below is a synopsis of some of the results we found most interesting; the full report is available on our website.

Many CISOs say they need more options and coverage for cybersecurity insurance. However, they aren’t getting the coverage they need or the post-breach services required to recover from certain incidents. Almost four-in-five (77%) reported that there are incidents they feel they need coverage for, but that they are unable to get it. 

Additionally, nearly all (96%) of the CISOs surveyed want additional coverage for the increased vulnerabilities resulting from the work-from-home surge. This means that almost every CISO out there is worried — likely because the security practices followed when working remotely are laxer than those followed in the office, leading to a higher risk of attack. In fact, over 40% of CISOs said that cloud usage (49%), personal devices usage (45%) and unvetted apps or platforms (41%) usage posed the biggest threats during this work-from-home period.

The overwhelming majority (88%) of CISOs are not completely satisfied with the performance of their company’s primary insurance brokerage. Additionally, CISOs want more help when they need it most. Nearly all CISOs (98%) want additional support from their cyber insurance provider after a serious incident. 

Nearly half of all CISOs (48%) report they have experienced a security breach. Insurers and brokers need to step up and are likely in a position to play a bigger role in the prevention and the aftermath of a breach because nine in 10 CISOs are open to purchasing cybersecurity tools along with cyber insurance from the same company. 

See also: COVID-19: The Long Slog Ahead

Now more than ever it seems CISOs seem to be concerned about disruption to continuity, which is a greater risk as staff works from home. More than half of CISOs want cyber insurance to cover business email compromise (56%), loss of electronic data (55%), cyber extortion (53%) and ransomware (52%). 

CISOs recognize they need more influence, and nearly all CISOs (97%) agree that the opportunity to interact with the board is crucial to their success as a CISO. 

Check out the full “Quantitative Analysis of Unmet Insurance Needs and Cyber Security Tools Among CISOs” report to find out more about how CISOs view the changing landscape and how cyber insurance needs to adjust to fit their needs.

The Missing Tool for Cyber Resilience

Cyber attacks have been on the rise for years, but many organizations are unaware of just how costly cyber incidents can be and what protective measures are most effective in mitigating loss not “if” an attack will happen, but “when.” In fact, a report by Cybersecurity Ventures estimates that global ransomware damage, which includes loss of data, lost productivity, reputation damage and more, will cost organizations $20 billion by 2021.  

Many companies are still skeptical of what cyber insurance actually covers and are oftentimes unsure of which policy best suits their needs. According to Advisen’s 2019 Cyber Insurance: The Market’s View survey, “not understanding exposures” (73%), “not understanding coverage” (63%) and “cost” (46%) remain the top three identified obstacles to writing and issuing cyber insurance.

But thanks to recent developments, including the use of AI to assess cyber risk for an organization’s cyber posture, cyber insurance no longer has to be a long, drawn-out and complicated process. In other words, we can treat cyber insurance like another important tool in an organization’s cyber resilience toolkit, alongside endpoint security, securing networks and the like. 

See also: 5 Things Here to Stay, Post-Pandemic

Here is how business owners can ensure they are purchasing a comprehensive cyber insurance policy, unique to their business: 

Choose a Carrier With Expertise in Technology

While many in the cybersecurity sector argue that cyber insurance isn’t effective and that prevention is the only solution, when executed correctly cyber insurance can save organizations big money and repair reputational damage. Insurance providers with expertise in cybersecurity know that policies should be specifically designed for cyber risk exposure — not associated with other lines of coverage. The most thorough policies to safeguard against cyber threats take into consideration security, cloud, compliance and other security best practices. 

As the digital landscape evolves and malicious cyber criminals find new ways to wreak havoc, cyber insurers must go beyond data breach coverage and offer policies that cover all forms of cyber incidents — ransomware, cyber extortion, social engineering,  business interruption due to distributed denial of service (DDoS) attacks and more. Ransomware-as-a-Service, for example, is now a business in itself, with bounties doubling or tripling during 2019 and forcing the insurance industry to rethink how it approaches coverage and limits. 

Prioritize Education and Analysis

When selecting a cyber insurance policy, organizations should not only want to protect themselves but also educate themselves. The ideal policy offers dynamic, automated, insurable cyber risk assessments, providing businesses with real-time insights into insurable risks. There should be full transparency for all stakeholders: Policyholders, brokers, agents, insurers and reinsurers should have the same access and visibility to risk data.

Manage Risk Aggressively

An effective cyber insurance policy should cover the cost of a security team in the midst of a cyber attack as part of the breach response. The security team would then determine how to upgrade systems to ensure maximum privacy. From a technology standpoint, cyber insurers must anticipate possible threats and continuously evaluate underwriting practices. Another key element in risk management is evaluating the time and cost of recovery. Companies with precise plans on how to get back on their feet after a cyber catastrophe will, without a doubt, be most prepared.

See also: An Inconvenient Sales Truth

When purchasing a cyber insurance policy, you are not just paying for cyber insurance but also all of the services that go along with it. Outside of paying claims, cyber insurers must focus on providing customers with tools that empower them to learn more about the cyber landscape and better protect their businesses.

With many organizations looking to cut costs during COVID-19, some may be quick to axe security spending. Defending against cyber threats that have the power to damage entire corporations and livelihoods, however, is not an area to skimp on. Other assets in our lives are no-brainers to protect,  such as our homes, health and vehicles; there’s insurance for that. There’s no reason that companies shouldn’t add cyber insurance to their resiliency plans to prevent financial and reputational ruin.

Ransomware Grows More Pernicious

Ransomware attacks and ransom payments for data continue to spike, with The New York Times reporting a 40% increase between 2018 and 2019.

As cyber threats go, ransomware is especially insidious, because these attacks, hitting everything from municipalities to banks to small businesses, often go unreported. That means less shared information and fewer actionable insights for insurers or insureds trying to arm against an ever-morphing enemy.

We saw a gap — leading incident response experts who work with the cyber insurance industry didn’t have a forum to exchange information about what was happening on the front lines of these attacks.

We needed a way to get our arms around this problem to better support our cyber insurance carrier partners, a way to keep up to date and better understand the data trends from the expert’s vantage point at ground level.

Enter the Cyber Insurance Ransomware Advisory Group, which NetDiligence assembled in early 2020. Featuring 20 members from leading breach incident response service providers — consisting of Arete, Charles River Associates, Crowdstrike, Kroll, Kivu, Tracepoint, MOXFIVE, Tetra Defense and others.

The group meets quarterly and at select NetDiligence Cyber Risk Summit conferences to discuss emerging trends and best practices and make these insights available to the cyber insurance industry.

The Emergence of the Maze Variant

One of the key takeaways from the inaugural meeting was the emergence of the Maze variant and a “new normal” of data exfiltration, often including stolen private customer information.

Whereas previous generations of ransomware have been designed by threat actors to encrypt data and extort an organization for bitcoin in exchange for the decryption key, Maze significantly increases the pressure on the victimized organization and threatens to make the stolen data public by releasing it on the internet.

This has magnified the potential loss exposure and has led to a host of new privacy data breach risks for insureds — with accompanying notification requirements.

Even clients capable of restoring files from secure backups may find themselves subject to privacy data breach impacts, such as the need to comply with state breach notification laws that include attorneys general and the victimized population, which significantly increases claim costs.

See also: 5 Questions That Thwart Ransomware  

Ryuk Is Still Ever-Present

Another dangerous variant, Ryuk, continues to plague organizations with its tendency to attack both servers and workstations.

Experts expressed concern about organizations responding to Ryuk attacks with complete network shutdowns rather than impact isolation.

When assisting small to medium-sized enterprises (SMEs), experts often find it challenging to convince management of the necessity of deploying automated malware eradication and remediation tools and to ultimately convince these organizations to keep endpoint protection in place once the immediate incident is resolved.

What Other Ransomware Concerns Are Out There?

Other specific ransomware types encountered include DopplePaymer, Sodinokibi, Revel and Netwalker, as well as the continued rise of ransomware as a service (RaaS).

During the COVID-19 global pandemic, the impact of ransomware could prove devastating to an organization that may already be struggling.

Many of the widely held notions about ransomware are changing, we found. After paying the ransom, some organizations may never receive the promised decryption key (in the past, certain threat actors were believed to be reliable).

Even with reliable threat actors, experienced negotiation can be critical.

Threat actors are also extorting organizations to pay for their encrypted administrator-level credentials. And, increasingly, ransomware affects the backup files, as well, encrypting or otherwise making them unusable for data recovery.

The experts reported that more than 50% of the time backups had already been exploited.

To Pay or Not to Pay

Nevertheless, recovering from a viable and segmented backup repository is still the preferred method of the majority of experts rather than paying the bad guys.

In fact, reported time for business interruption is much longer for cases where the ransom is paid — lasting from three to 15 days. If backup is used, business interruption typically spans one to 10 days, experts say.

This was a bit of a surprising finding. Members advised that the negotiation process itself, as well as problems encountered with the unreliable decryption keys, have contributed to delays with the bitcoin payment path and extended the business interruption.

A Need for a Cyber-Ready Team

A continuing concern for handling ransomware remediation is the difficulty for SMEs to respond in a timely manner toward the essential task of paying larger amounts of bitcoin — or authorizing a third party to pay — for the ransom demand (averaging $100,000, but based on severity ranging from $400,000 to $8 million, according to group members) within the given timeline for response.

SME clients often don’t have the liquidity for these significant payments, even if their cyber insurer will reimburse them.

What’s more, SME-sized IT departments are often unprepared to deal with this type of business interruption and may at times lack a functional understanding of cyber policy coverages and the supporting claims process, which forces them to learn on the fly during the crisis — underscoring that preparation is key.

Finally, the expert group reported that leading cyber security deficiencies that continue to haunt organizations include the usual suspects: lack of multifactor authentication, lack of next generation anti-malware endpoint protections, open remote desktop protocols, unsegmented backups and lack of employee training.

One thing is certain: The ransomware scourge is no fleeting trend. Experts believe that it’s here to stay, inflicting damage as long as companies are willing to pay.

With the onset of COVID-19, ransomware attacks continue apace. While the nature of the attacks has altered slightly, their frequency has not, said Winston Krone, global managing director of Kivu Consulting.

See also: A Dangerous New Form of Ransomware  

The Ransomware Advisory Group will continue to stay on top of these threats so that carriers and their policyholders can defend against them.

Quick Takeaways for Cyber Carriers and Covered Entities:

  • Ensure that policyholders’ management has in place an actionable data breach incident response plan that can be accessed at a moment’s notice and includes vital third-party experts known to their cyber insurer.
  • Offer a loss control checklist for SMEs of some baseline must-have cyber security measures to mitigate ransomware, such as multifactor authentication (especially in O365), endpoint protections (example Crowdstrike’s Falcon Prevent), close remote desktop protocols, cloud-based backups and employee training.

You can find this article originally published here on riskandinsurance.com

How to Fight Rise in Cyber Criminals

Coronavirus is changing how people work and interact every day. Many companies have needed to expand their remote working capacity as a result of the outbreak – and usually at very short notice. To provide as many employees as possible with easy access to operating software and systems quickly, in some cases IT security standards have had to be lowered or suspended, resulting in potential cyber security exposures for companies.

One consequence of potentially laxer security may be that cybercriminals and hackers may find it easier to penetrate previously protected corporate systems, causing data breaches, cyber blackmail intrusions and IT system failures.

According to the Allianz Risk Barometer, an annual survey of more than 2,700 risk management experts around the globe, cyber risk already ranked as the number one threat for businesses in 2020 before the coronavirus outbreak, driven by concerns about data breaches becoming larger and more expensive; ransomware incidents bringing increasing losses and business email compromise (BEC) or spoofing attacks, which typically involve social engineering and phishing emails to dupe employees into revealing confidential or valuable information. BEC attacks have resulted in fraudulent losses in excess of $20 billion since 2016.

Unfortunately, the significant increase in home workers accessing the corporate network with a virtual private network (VPN) connection because of the coronavirus pandemic only exacerbates these risks, providing a perfect opportunity for cyber criminals, as recent events demonstrate only too well.

It is estimated that anywhere between 50% and 90% of data breaches are caused or abetted by employees, be it by simple error or by falling victim of phishing or social engineering. Recent events demonstrate the vulnerability only too well. In April, Google detected and blocked more than 18 million malware and phishing emails and 240 million daily spam messages related to the coronavirus pandemic in a single week. In total, Google blocks more than 100 million phishing emails each day.

See also: Coronavirus Boosts Cyber Risk  

If remote workers fall victim to a cyberattack, it puts their work network at risk. There are several effective security measures businesses can apply to help remote employees combat internet attacks.

Keep Software Up to Date

Check whether you can use current versions of operating systems and installed programs. If possible, use the automatic update feature, which is often the default setting. Otherwise, immediately install security updates for your software, especially for your web browser and operating system.

Use Virus Protection and Firewalls

Check activation of virus protection and firewalls, but keep in mind that this measure can only be effective as an accompanying measure with other security procedures. Its application does not reduce the importance of the other tips in this article.

Create Different User Accounts

Malicious programs have the same rights on the PC as the user account through which they entered the computer. You should, therefore, only work with administrator rights if absolutely necessary.

Be Cautious About Sharing Personal Data

Online fraudsters increase their success rates by addressing their victims individually: Previously spied-on data, such as surfing habits or personal names, are used to inspire confidence. Today, personal data is considered a currency on the internet and is traded in this way. If possible, use a VPN connected to your home network in public wireless local area network (WLAN) hotspots.

Otherwise, unencrypted transmitted data can be read by third parties. At the same time, a VPN also protects against a number of other attacks on the PC and the data stored on it.

Use Up-to-Date Web Browsers

Check whether to disable components and plug-ins in your browser settings. First, enter the addresses for security-critical websites, such as for online banking, manually in the address line of the browser and save the address entered in this way as a bookmark, which you can then use for secure access.

Two-Factor Authentication

Where two-factor authentication is offered, use it to secure access to your account. A password manager can facilitate the handling of different passwords. Do not share your passwords with third parties.

Protect Your Data Through Encryption

Protect your confidential emails with encryption. If a WLAN is used, subject to the information security guidance of your entity, pay attention to the encryption of the wireless network. Subject to higher standards as per individual guidance of the respective individual security officer (ISO), in your router, select the WPA3 encryption standard or, if this is not yet supported, WPA2, until further notice. Choose a complex password of at least 20 characters.

Identify All Participants in Online Sessions

It is particularly easy for unauthorized persons who have obtained the dial-in data to join large online meetings with many participants. That’s why everyone who appears in the meeting needs to briefly identify themselves, especially when discussing sensitive topics and sharing presentations on screen.

Be Extremely Careful With Suspicious E-mails or Attachments, Especially if the Sender Is Unknown

Especially in the familiar environment of your home office, you must be wary of suspicious e-mails. Take your time and check each email thoroughly before you open it.

Please see  CORONAVIRUS: STAYING CYBER-SECURE THROUGH THE PANDEMIC for a complete list of IT security measures.

See also: New Enhancements for Cyber Coverage  

COVID-19 is one of the many crises that hackers and scammers leveraged to exploit vulnerable businesses, and they will find more innovative ways in the future. More than ever, it is vital for organizations to protect themselves from malicious cyberattacks by educating employees about how to identify and prevent cyberattacks and implementing home security policies for remote workers.

10 Tips for Moving Online in COVID World

In the retail industry, O2O “online-to-offline” signifies an online trigger, such as an ad, that prompts consumers to go to a physical location to complete their purchases, but it can also occur in the opposite order.

In the insurance sector, over 100,000 independent agents in the U.S. depend on high-value networking, customer references and direct carrier relationships. For insurance professionals, interacting with customers face-to-face has been vital.  But in the wake of the coronavirus, it is critical to move insurance agencies from an offline to an online model, O2O, where almost all tasks that agents were accustomed to on a day-to-day basis need to be done completely remotely.

This change can offer considerable benefits if executed correctly: higher productivity, greater scale and a high degree of accuracy that allows agents to continue to build trusted relationships. As risk management advisers, agents are responsible now more than ever for equipping policyholders with unbeatable risk transfer strategies. As cyberattacks on small to mid-size businesses (SMBs) continue to escalate, cyber insurance presents an opportunity to rebuild an agency book of business when done right. 

Here are 10 tips on jumpstarting your O2O transformation:

1. Focus your efforts on insurance lines with growth opportunity

Cyber insurance is relatively new, with substantial opportunities for adoption in the SMBs market as cybercriminals exploit people’s vulnerabilities using sophisticated social engineering attacks during COVID-19. In fact, phishing has increased by over 600% since the end of February, according to security provider Barracuda Networks.

2. Prioritize industries for which cyber insurance is vital

Organizations have begun using SaaS applications and operations in an effort to digitize online but will likely be left vulnerable to cyber incidents. Recognize which industries are either required to obtain cyber insurance or are paving the way for digital transformation.

See also: Will COVID-19 Be Digital Tipping Point?

3. Select partners that operate exclusively online

Now is the perfect time to reassess the insurance carriers and programs that you’re working with for capacity to shift online. Today’s technology allows businesses to deliver a vertically integrated insurance solution that ties together insurance requests, risk assessment, underwriting and policy and claims management in one system enabled by a common, relevant dataset. 

4. Search for admitted, standalone programs

This is directly related to your carrier of choice. The shift toward standalone cyber insurance programs is occurring because cyber insurance provided as an endorsement to other intricate coverages only creates more complexity. Standalone cyber programs outline what incidents are and are not covered, and the policy’s aggregate limit and sub-limits for each coverage, along with precise cyber criteria. 

5. Align risk to coverage, as your go-to sales pitch 

Cybersecurity aims to safeguard a business’ use of technology and the web. Each business uses different applications and operates in its own way. In turn, each business has drastically different risks that should be recognized by policies. Policyholders must be able to account for the coverages, aggregate limit, sub-limits and deductibles that best fit their risk assessment. 

6. Learn as much as the customer about the risk, if not more

Cyber risk exposures and attacks are constantly evolving. Evaluating an organization for cyber risk yearly is a risky and obsolete cyber strategy. Being able to regularly reevaluate risks and coverage on a continuing basis is necessary for cyber and shields all parties from coverage gaps.

7. Collaborate with carriers on prospecting

Transform your website to a producing site, not just a lead generation platform. API integration of your website into the carrier’s quoting and underwriting platform is instrumental in delivering a constant stream of potential cyber insurance consumers.

8. Educate policyholders on claims experience and loss control

Your customers should be equipped with security awareness training, generally administered by the carrier. Phishing simulation and basic InfoSec training are key education tools. Regular updates to policyholders on providing their risk insights and remediation guidance provide effective risk mitigation and loss control.

9. Educate yourself on what events activate which coverage

Outline for your policyholders what exactly is covered by the carrier’s insurance program by sharing your claim scenarios. Demand a list of cases for each incident that would activate specific coverage paired with concrete use cases.

See also: COVID-19: Implications for Business Models  

10. Don’t spend more than a few minutes on a submission, application or binding

Moving to an online operation can feel unsettling at first but, if done correctly, will produce real results:

  • Faster and more precise applications
  • Quicker turnaround time on quote and bind when working with a program that is also deployed online
  • Ability to offer additional services to policyholders as part of the online experience – risk assessment, training, notification of critical updates. Consistent communication online boosts customer satisfaction and opens the door to lasting relationships