P&C

CyberCube/Advisen Team Up On Cyber Threats

Panel offers timely advice on cyber risk landscape and cyber risk assessment.
By Zach West Posted on November 25, 2019

“Cybercrime is the #1 crime globally in terms of risk-to-payoff ratio,” said Charlotte Anderson, cyber risk analyst at CyberCube Analytics, during a recent panel hosted by Advisen and CyberCube, highlighting the importance of cybersecurity awareness and competency for brokerages. Joining her in discussing how brokers (and the rest of the industry) can quantify cyber risk and assist their clients in hardening their electronic systems were Christopher Keegan, senior managing director of Executive Liability at Beecher Carlson, and Oren Schetrit, director of Product Management at CyberCube Analytics. We’ve distilled their conversation down into a few key points brokers should keep in mind when working with their clients to develop cyber risk programs.

While ransomware attacks may seem to be the most relevant for insurance companies and brokers, it is crucial to also keep in mind the wider threat surface many organizations have as a result of third-party services. Now that so many new devices, systems and infrastructures have internet connection capabilities or rely on the internet/cloud services to function, it’s more important than ever to be aware of vendors’ and cloud service providers’ security practices. After all, according to Aon’s 2019 Cyber Risk Report, 59% of companies in the U.K. and the U.S. said they experienced a data breach via a third party.

Please review the table below for some of the most important takeaways from the panel: the most common cyber threats for each industry.

INDUSTRY COMMON THREATS ADDRESSING THREATS
Healthcare Ransomware attacks, business interruption, data loss, regulatory fines Employee training, email filtering, consistent system backups, antivirus/firewall, content scanning and filtering, up-to-date patches
Retail PCI theft, payment system vulnerabilities, web app breaches Vet vendors to ensure they employ robust security practices, validate payment software, use approved PIN entry devices
Tech Supply chain attacks, nation-state espionage Vulnerability management, vet vendors and third parties, ensure defenses are hardened, up-to-date patches
Education DDOS attacks, phishing attacks Employee training, email filtering, consistent system backups, antivirus/firewall, content scanning and filtering, up-to-date patches
Finance (including insurance) Ransomware attacks Employee training, email filtering, consistent system backups, up-to-date patches, encryption and virtual private networks (VPNs)
Service industry Exposure to businesses through third-party services: phishing, account compromise, and credit theft Employee training, vet vendors to ensure they employ robust security practices, up-to-date patches, antivirus/firewall, content scanning and filtering

Oren Schetrit of CyberCube also explained the difference in how both carriers and brokers should approach cyber risk. Carriers, he said, should be concerned with frequency, “but brokers should be talking about severity, not frequency—especially in the context of cyber risk, which is a low-frequency, high-severity event.”

We see this in the outsized impact of the WannaCry and Petya attacks in 2017, as well as the Capital One, Marriott and Equifax breaches, among others. Contextualizing the severity of a possible claim or a company’s financial exposure as a result of cyber risk can help clients make better decisions when it comes to cyber insurance, and also position the broker as the “trusted advisor” when it comes to this niche.

But how could a broker convey this information without introducing too much friction into the sales process? Schetrit proposed breaking an organization’s potential cyber threat into three different factors: the “likely offender,” the “suitable target,” and if there’s an “absence of a suitable guardian.” On top of that, he also suggested breaking down threats into a “few different categories,” like “asset exposure, liability exposure, threat exposure, security exposure,” which would “allow you to organize an efficient way to address your different vulnerabilities.”

“Not only is cyber risk complex,” said Christopher Keegan of Beecher Carlson. “[But] it changes all the time.” That’s why it’s critical for brokers to understand how to break down cyber risk and cyber threats in order to guide their clients, especially in today’s digital age.

Zach West Market Intelligence & Insights Associate Read More

More in P&C

Ransomware…It Doesn’t Have to Be This Hard
P&C Ransomware…It Doesn’t Have to Be This Hard
Criminals are cashing in at the bank because companies are not allocating necess...
P&C If It Ain’t Broke, Don’t Fix It?
Congress has begun TRIA reauthorization discussions. Our best hope lies with a c...
Big Data, IoT Demand Cyber-Risk Focus
P&C Big Data, IoT Demand Cyber-Risk Focus
Systems are too connected and risks are too great to address cyber security in s...
Private D&O Market Ripe for Opportunity
P&C Private D&O Market Ripe for Opportunity
Brokers play a critical role in helping clients understand the coverage and bene...
Sponsored By The Hartford
Ready? Set. Flood.
P&C Ready? Set. Flood.
Homeowners need mitigation before the storm, and insurance i...
Risk Assessments Are the Best Checkup
P&C Risk Assessments Are the Best Checkup
Are you adequately tracking the health of your cyber-securit...