Zurich takes ‘different approach’ to cyber risk

Zurich takes ‘different approach’ to cyber risk | Insurance Business

Zurich takes ‘different approach’ to cyber risk
Zurich is taking “a different approach,” to the cyber insurance market with the launch of its DigitalResolve solution.

DigitalResolve is an additional solution to the stand-alone cyber product offered by Zurich that will give businesses access to an incident response plan and a centralised incident manager in a bid to help businesses after a cyber attack.

Kym Beazleigh, national underwriting manager for Corporate Institutions for Zurich in Australia, told Insurance Business that the use of a project manager, in partnership with global loss adjustor Crawford is “a different approach” to the risk and will help attacked businesses stay up-to-date.

“I think in these incidents, they happen very quickly and a data breach can escalate very quickly,” Beazleigh said.

“A typical sort of attack would be an email threatening to release confidential information that has been obtained through access to an insured system and therefore time is of the essence. Normally, it contains an extortion threat, please pay us a certain amount of money within a certain time frame, and usually those time frames are quite restrictive so from our perspective having that centralised incident manager to help you set up a plan as to how you deal with the breach and have a single point of contact in that first instance, in those first 24 to 48 hours, we think that is the right way to go.

“That incident manager will then put a clear solution plan in place under DigitalResolve within 48 hours and then that plan may involve the clients or the customers dealing directly with the vendors but in that first instance it is that first port of call to help understand what when wrong and agree an action plan to move it forward.”

Beazleigh noted that, over the first half of 2016, on threat trend has emerged in the cyber industry which needs to be monitored by clients and brokers alike.

“The biggest trend we have seen in the first six months of this year is the social engineering type fraud,” Beazleigh continued.

“There is a bit of terminology going round at the moment in the industry referring to it as whaling. We had phishing and now we have whaling.

“Phishing, obviously just sort of targeting random individuals, but whaling and this social engineering is generally targeted at extorting executives or using executives as part of the extortion attempt.

“Effectively it involves you sitting at your desk potentially working in accounts and you receive an correspondence in your email or a call from someone pertaining to be a senior executive, either a CFO or a CSO, managing director, asking for an emergency transfer of funds because a certain customer has not been paid on time and is very upset and is about to cancel their contract with your business.

“That is certainly an area that we have seen developing and probably the biggest one from that perspective over the first six months of this year.

“Absolutely I think people need to be aware of those trends and again, as always with these things, revisit their risk management framework and make sure they have those controls in place to trigger someone just doing those checks and balances in the event that they receive a communication like that.”

Related stories:
DigitalResolve launched in Australia
10 facts that sell cyber insurance
Internet terror enters new phase, cyber expert