How insurers work with cyber experts to help prevent attacks

How insurers work with cyber experts to help prevent attacks | Insurance Business

How insurers work with cyber experts to help prevent attacks

Although insurance is commonly seen as something that only comes into play after a loss, an increasing emphasis is being placed on pre-loss and prevention strategies – especially when it comes to issues like cybersecurity.

According to John Moore, senior underwriter & financial lines manager at Delta Insurance, New Zealand insurers are increasingly looking to emulate overseas strategies and work with IT security vendors, bringing experts into their organisations and training them to work within insurance. This allows them to build a solid foundation of cybersecurity expertise within their organisation, and develop prevention and management strategies that constantly evolve with the risks.

“Insurers are not IT security experts, that’s not our forte,” Moore told Insurance Business. “Overseas, we see insurers hiring cybersecurity experts to work within their organisations, because it’s actually easier to do that than to teach an insurer about cybersecurity.”

“From our side, it’s also about working with vendors to help insureds at the pre-loss stage,” he explained.

“Insurers are now finding vendors who can help businesses with things like continuity plans, and who can share their products, conduct cybersecurity audits and help with the e-learning side of things. That really helps people spot things like phishing attacks, and understand and manage passwords.”

“You’ll see much more of an emphasis on the pre-loss side of things, rather than just being the ambulance at the bottom of the hill,” Moore said. “You also get a much better view of the risk.”

Moore says that one vendor Delta is looking to work with has software that can scan the deep web – the part of the web not indexed by search engines -  and can find out if your emails or credentials have been involved in any kind of data breach. It can also provide real-time updates if any major social media sites have experienced a breach, and inform clients if their information has been affected.

“Russia experienced a data breach recently where there were lots of records released, and a family using the software were informed the very next day that their email addresses had been compromised in that breach,” Moore said.

“It’s very effective monitoring. These are some of the things we are looking at for our clients, and it’s a constantly evolving area.

“A lot of our job is simply keeping in touch with the cybersecurity industry and seeing what the best solutions are.”