Keeping up with Technology: The Importance of Cyber Insurance

Keeping up with Technology: The Importance of Cyber Insurance

By Sara Ametrano

 

The more we rely on technology in both our professional and personal lives, the more at risk we, as individuals and companies, are to be targeted by hackers.

Cyber-attacks can come in a variety of forms and steal all kinds of information if successful. Through panel discussions and presentations, April’s NetDiligence conference explored what the evolving nature of cyber can mean for the specialty insurance industry.

A peril:

When cyber coverage first emerged, it centered around liability. As time passed, the cyber risk area expanded, and it included possible scenarios such as social engineering and extortion. And today, clients are at a higher risk than ever before.

Where property and casualty policies are created based on hundreds of years’ worth of information, cyber threats are new in comparison. Creating a sustainable cyber policy plan is proving to be a challenge for underwriters today due to the lack of data available and the ever-evolving nature of the industry.

Ransomware:

One of the cyber areas seeing an increase in attack frequency and severity is ransomware. Beazley Breach Response Services reported that, in 2018, average ransomware demands were $116,000, compared to $15,000 just the year before. The report also revealed that the main targets of ransomware attacks are small to medium-sized business, absorbing 71% of the crimes.

These numbers stress the importance of the need of expertise in the field. Hackers have sharpened their skills to learn their target’s financial position so that they may determine the sum they will demand.

Silent cyber:

Where standalone cyber coverage does not exist, cyber and data breaches may fall under other policies, unbeknownst to insurers. This is what the industry refers to as “silent cyber.” Companies might not take these types of exposures into consideration, which can potentially expose their other policies that do not specifically exclude cyber/data breaches. At a glance, only 10% of silent cyber situations are clearly priced and defined, 40% have definitions but are not priced and the remaining 50% are neither defined nor priced.

So, now what?

The growing nature of technology and lack of data surrounding cyber makes it difficult to create a plan in the event an attack occurs. The conference provided tips on how to mitigate risk and minimize the confusion non-affirmative risk management can bring:

  • Analyze policy language and claims;
  • Collaborate with ethical hackers (the good guys) to better understand the motives behind these attacks and how they might appear in different scenarios;
  • Continue to update policy wording as need be.

 

 

If you have any questions or would like to request a quote, please contact Trisura’s underwriting specialists.

Is your business protected against fraud?

Is your business protected against fraud?

By Sara Ametrano

 

Fraud isn’t a crime that only targets individuals. Some scammers set their sights on businesses. Is yours prepared for a potential attack?

Is your business protected against fraud?As technology continues to evolve and our reliance on it grows, so does our vulnerability to being hacked. In fact, the FBI reports that there are roughly 4000 cyber-attack attempts in the US every day.

On a global scale, 2018 saw the creation of 245 million new viruses, with over 680,000 created each day. The Ponemom Institute reported that 54 per cent of companies experienced one or more successful attack last year. The year before, the Canadian economy took a hit of 3.1 billion, as recorded by the Canadian Chamber of Commerce.

To truly grasp the magnitude of cyber fraud, Trisura Guarantee spoke with IT Weapons’ director of marketing and communications, Jeremy MacBean.

We asked MacBean what the most common error leading to these costly attacks is. “It’s in between the keyboard and chair – the people,” he revealed. “User awareness is the primary threat vector. That represents the biggest risks. It’s safe to say the majority of cyber-attacks begin with people clicking things they shouldn’t.”

Let’s take a look at some of the main types of scams that can impact businesses:

 

CEO scams:

Who’s at risk? Employees who work closely with a CEO or whose jobs include financial responsibilities are most at risk.

In this type of scam, someone is impersonating the CEO through email. These messages typically have a sense of urgency to them and are labelled “confidential.”

A CEO scam can cost businesses anywhere from tens of thousands to millions of dollars.

 

Business scams:

Who’s at risk? Company size doesn’t matter; any organization can find itself on the receiving end of a potential scam.

For these scams, there are a few different approaches the fraudster can take.

Directory: Here, the attacker sends your company a proposal for an advertising opportunity. First, the fraudster gathers the details needed to execute the crime. Then, he or she sends an invoice to the accounting department, who are unaware that the service was never approved.

Health and safety products: In this type of scam, you may receive a telephone call from the scammer. He or she impersonates a government official, informing you to quickly update your first-aid kits and health and safety training.

Office supplies: For this scam, the attacker will send over items the company didn’t order and then bill the business for them.

 

Phishing and smishing scams:

Who’s at risk? All employees. Phishing emails and smishing text messages appear to be sent from an authorized organization. They often use a similar tone and the logo of organizations you trust to trick you into providing personal information.

Fraud is an ongoing issue with new cyber viruses created and spreading daily, and different angles for attack. MacBean offers some helpful tips for individuals and businesses to protect themselves and their company as much as possible:

 

Individual:
  • Identifying the sender of an email is critical. To do this, hover your mouse over an email or URL to see what it links to;
  • Think before you click;
  • Do not click any attachments;
  • Installing antivirus and antimalware can help pre-scan.
Businesses:
  • Regular user awareness training;
  • Regularly reminding staff to be vigilant;
  • Regular training and possibly issuing a test phishing email quarterly or bi-annually.

 

To learn more about protecting your business against cyber fraud, click here.

Looking ahead: The future of E&O

Looking ahead: The future of E&O

In an interview with Canadian Underwriter, Trisura’s vice-president of specialty insurance solutions, Marilyn vanGansewinkel, highlighted what the future of errors and omissions insurance might look like. She believes, because “society [has] become more service-oriented,” we will see the following three new areas of growth for E&O:

 

Marilyn vanGansewinkel, vice-president, specialty insurance solutions, Trisura Guarantee Insurance Company

Technology:

As IT continues to develop, and we rely more on artificial intelligence and insurtechs, vanGansewinkel explains, “you are going to see a lot of professionals who are required to do the programming behind the scenes, and fix things when they don’t work out well.” Within this area, she also anticipates there will be more emphasis placed on system database management.

 

Health care:

“I think we are going to have a lot of opportunity in the aging population’s health care,” vanGansewinkel explained. Due to the significantly large number of seniors (in 2016, Statistics Canada reported there were 5.9 million Canadians older than 65 years of age and 5.8 million Canadians aged 14 and under), vanGansewinkel expects to see an enhancement in health care service offerings in specialized care facilities and home care.

 

Environment:

The growing concerns around the effects of climate change and other environmental events are stressing a need for E&O to focus on the environment. As we look to experts to advise us on key factors, such as recycling and water shortages, the underwriter’s role will be to analyze an environmental professional’s credentials.

 

For the original article, click here.