“IBM came out recently and said that criminals are generally in a client system for approximately 200 days before a cyber breach actually occurs,” said Anthony Di Fiore (pictured above) from Adroit Insurance and Risk.
As specialty risks manager for his Geelong headquartered brokerage, Di Fiore has an expertise in cyber coverages. Insurance Business asked Di Fiore what’s important when it comes to choosing a cyber insurance provider.
One revelation from the discussion was the sheer length of time threat actors can spend in a victim’s computer system before they cause damage or ask for a ransom. The other revelation: how criminals leverage this waiting time.
“We’ve seen examples where the criminals have waited for the MD to be in hospital undergoing surgery before they approach the accounts department and say, impersonating the MD, ‘You know that I'm in surgery at the moment, can you please pay this invoice quickly?’”
Di Fiore used these examples to demonstrate that a broker should choose an insurer with a strong focus on attack prevention and mitigation.
“If you just think about that 200-day period before the cyber criminals actually encrypt the system or ask for a ransom,” he said. “That’s a lot of time for an insurer to be proactive and actually identify those threat actors for the clients.”
During that time, said Di Fiore, there’s ample opportunity to put a plan in place to prevent or mitigate any further loss – if you have an insurer that does that.
The better coverage offerings in the cyber market focus heavily on prevention. Di Fiore said this wasn’t always the case.
“Previously there were a lot of cyber products that were simply add-ons to existing products,” he said. “So you had a cyber extension to a professional indemnity (PI) policy or a cyber extension to a management liability policy.”
Di Fiore said that left “many holes” in the coverage.
“As claims rose there were a number of claims which were simply uninsured or partly insured and that damaged the reputation of the insurance industry in regard to cyber,” he said.
Di Fiore said he aims to offer customers the best possible protection – and he said that comes from the “broadest coverage possible.”
There are a number of cyber insurance offerings on the market and different ways for brokers to approach cyber risk management. In Di Fiore’s opinion, CFC Underwriting currently offers “the broadest policy in the market.”
CFC is a London-headquartered cyber specialist agency with a strong presence in Australia including an on-the-ground crisis response team. Di Fiore said one major reason he uses their coverages is because of their “innovative proactive approach” towards preventing cyber attacks.
“CFC have threat analysis specialists that are actually in-house and dedicated to monitoring our insureds,” he said. “They use proactive scanning, dark web monitoring, look for vulnerabilities and they share knowledge with private businesses and government organizations across the world to try and identify possible breaches, possible malware and possible criminal organizations.”
Di Fiore said the agency would then identify the clients who could be a target and notify them.
However, even the best prevention-focused cyber insurance may not stop all attacks. Di Fiore has some useful broker tips to help their clients navigate the situation when a threat actor makes it through the defences.
“Some clients make the mistake of having their incident response plan saved on their computer - which they then can't access when a breach occurs,” he said.
“Make sure that your backups are actually backing up correctly,” said Di Fiore. “Also, check your response plan to make sure that when an event occurs, that you actually are prepared, the right people are being contacted and that you can actually access the response plan itself.”
The client, he said, needs to understand that responding to a cyber attack involves more than communicating with the insurer.
“There's legal advice to determine whether or not there's been a privacy breach, there’s PR support to protect the brand and to update the policyholder’s clients,” said Di Fiore. “So there's a raft of services on top of the insurance and IT professionals who plug the hole and find out what happened.”
There are also forensic services, he said, to find out if there is any fraud.
Are you a broker offering cyber insurance? How do you choose your insurer?