This article was produced in partnership with Travelers Europe
Mia Wallace, of Insurance Business, sat down with Chris McMurray, cyber lead at Travelers Europe. and James Doswell, senior cyber risk management consultant at Travelers Europe, to discuss combining a best-in-class pre-breach and post-breach proposition.
There’s a consistent inconsistency to the spectre of cyber risk which plays out against an ever-shifting backdrop, leaving SMEs continually reevaluating how they can mitigate the challenges associated with this operational threat. And so it is little surprise that the role of insurance and risk management in providing thought leadership and proactive solutions to those doing business in our increasingly digital-first world has shone in recent years.
Discover more about Travelers’ best-in-class cyber offering today
Providing insight into the current roster of cyber threats impacting the SME market, Chris McMurray (pictured above), cyber lead at Travelers Europe, highlighted how the variable nature of cyber risk can be seen from recent evolutions in the ransomware space. The last few months saw ransomware claims drop off a little, he said, which was considered to be linked to certain threat actors changing focus amid the Russia-Ukraine conflict.
“I don’t think anybody expected that to hold for long,” he said. “Indeed, as we leave the summer, we’re seeing ransomware activity creeping back up. And that’s still the number one area where we see a lot of activity, and it really is across the board – whether you’re a small SME or a large global client. We’ve been banging that drum for quite a number of years now but I like to think we’re making some headway and getting the message out there – that everybody is impacted by this.”
Cybersecurity is not a once-and-done approach, McMurray said, but rather requires constant reviewing to ensure that elements such as patching and market intelligence are kept up to date. Leaning into some of the insights yielded by this intelligence, he highlighted that threat actors have become more aware of the growth of the cyber insurance market, which is being reflected in the ransoms demanded.
In the past, he said, cyberattacks tended to be more of a volume play where a threat actor would demand relatively small ransoms from SMEs and quickly move on to the next victim.
“They’ve now realised, it seems, that a lot of these smaller businesses have cyber insurance policies in place and they’re getting hold of that information and asking for payments up to the policy limit,” he said. “That’s something that we weren’t seeing even six months ago, so again, it’s just a good example of the threats in this space and how they’re continuing to change.”
On the flip side, noted James Doswell (pictured below), senior cyber risk management consultant at Travelers Europe, it seems that some companies which have obtained cyber insurance and bolstered their cybersecurity, are now mistakenly feeling secure. That complacency is a real concern across the market, he said, and it’s precipitated by a lack of education around cybersecurity.
“In some cases, they are just not aware of [the exposures they face],” he said. “They don’t have the security knowledge and understanding of how some of the attack chains happen, and how the attackers actually get in and compromise networks.
“And some of these networks do have relatively comprehensive security, as we’ve seen from some of the bigger organisations where attackers have still managed to gain a foothold somewhere. Quite often, it’s a question of the weakest link and it could be as simple as a phishing email.”
For Travelers Europe, the key to removing that false sense of security has been the creation of a truly proactive cyber insurance offering that works across the entire lifecycle of the policy. This keeps insureds cognizant of the changing nature of cyber risk, and builds recognition of the idea that having an insurance policy or certain security controls in place doesn’t mean you can relax your approach to cybersecurity.
Travelers is well-regarded for how stringent it is with regards to the implementation and attestation of MFA controls, Doswell said. This is largely due to its insight into the exposures that partial implementation of MFA can bring – particularly in the wake of COVID and the move to remote working. At that time, many businesses missed the fact that an attack can happen from within the network as well, as in the case of phishing attempts. And if an attack vector gains a foothold on an individual’s machine, it can spread internally across a network – causing widespread damage.
That’s where elements such as employee training really come into their own, McMurray said, as these exercises are critical to communicating to employees what they should be looking for when it comes to phishing attempts etc. That should be an ongoing process, he said, and Travelers is leading by example on this by creating training modules that require active participation and encourage a proactive stance on cybersecurity.
“From a product perspective, we absolutely continue to review what we put out there,” he said. “And it’s not just the actual product itself but also additional sides to that. First are our pre-breach services, where we’re trying to mitigate the risk to the clients and we have various things in place such as our eRiskHub, and access to Symantec (now HCL). These can try and prepare our clients a bit better, and that’s where we’re trying to reduce something going wrong in the first part.
“But obviously, you can’t eliminate that risk completely. So, the second part is what we do when something does go wrong – our breach response. Again, that’s somewhere where we’re constantly evolving our panel to make sure we have the right vendors, and to make sure those vendors have the capacity to manage an incident should something go wrong.”
Travelers Europe prides itself on working closely with its vendors and its claims department to make sure its offering evolves alongside the cyber risk environment and is fit for purpose, he added.
“In the same way that we would say to our client that their cybersecurity is not a once-and-done approach, that equally applies to us,” he said. “We need to make sure that what we’re offering both pre-loss and breach response following a loss is more than adequate, and is going to be the best solution for the client at that time.”
Combining a best-in-class pre-breach and post-breach proposition is an offering that is resonating well across the market, he said, particularly where it’s bringing previously unconsidered exposures to the attention of clients. McMurray emphasised how bringing on board risk control experts, such as Doswell, has really rounded out Travelers’ full-service cyber insurance offering and how it presents a significant advantage both to his team and the wider market.
“Being able to utilise James’ [insights] in real-time when we might have a question around client security, or when we have a more complex client and we’d like to involve James in that client meeting is all something that just adds to our proposition,” he said. “And that’s just another great example of the evolution, not just of this product but of the services we offer around that.”
To find out more about Travelers’ cyber offering, visit http://www.travelers.co.uk/cyber
Chris McMurray is cyber lead at Travelers Europe and James Doswell is senior cyber risk management consultant at Travelers Europe.