Businesses need help cutting through the cybersecurity “noise”, a senior cyber insurance professional has told Insurance Business.
“They’re getting a lot of different alerts,” said Lauren Winchester, Corvus SVP, risk and response. “They’re getting pulled in a lot of directions [when it comes to] what should they spend their cyber money on.”
Corvus has revealed what it’s described as an “industry leading” cyber loss ratio of 36%. Speaking to Insurance Business at cyber summit NetDiligence in Philadelphia in June, Winchester shared how the business had achieved this – and what it’s developing going forwards.
“We’re very proud of what we’ve been able to accomplish,” Winchester said. “We have a 36% loss ratio, which we view as industry leading, and that’s a testament to our underwriting acumen, the tools that we’re using, the scan that we have, and then also our outreach to policyholders and engagement that we have.”
Corvus recently launched its policyholder prevention service, known as Corvus Signal. The proposition is intended to prevent claims, and Corvus has found that clients that engage are 20% less likely to have a cyberattack, according to Winchester.
Corvus wraps in risk insights from threat intelligence and policyholder alerts, in addition to risk advisory services, with cybersecurity advisors, instant response advisors, and an outreach team. There’s also the risk dashboard, which Winchester described as taking “that human intelligence and trying to pour it into a tool”.
“We want to lean into that,” Winchester said.
Corvus is confident that it can shrink its loss ratio even further, according to Winchester.
“Our data is telling us that this engagement is working, and so now we want to say: ‘How do we lean into that more?’” Winchester said. “‘What are ways that we can drive further engagement with our team and with our tech so that policyholders are best positioned against attacks?’”
The business has looked to vulnerability alerting, wherein software is used to scan for policyholder vulnerabilities. This has helped it cut through that cyber “noise” and focus on insureds that are at risk, rather than bombarding them with blanket warnings.
“If we have a new VPN vulnerability, for example, we’re able to pinpoint which policyholders actually utilize those VPNs,” Winchester said. “Instead of sending an alert to all of our policyholders, we’re going to narrow it down and make it more meaningful, and then when they have follow-up questions about it, we’re there to respond.”
Given an influx of cyber-related contact, as well as malicious scam attempts, businesses can sometimes be wary when they receive notice of a threat.
“We have worked with policyholders to figure out what’s the best way to frame and phrase our alerts,” Winchester said. “Because sometimes they could be met with some skepticism, which is good, right?”
Corvus runs a monthly newsletter and looks to additional means of outreach, as well as making sure insureds know what an alert from them will look like, to help reassure clients that any contact from them is valid.
“Sometimes it can be met with healthy skepticism, and we’re glad for that – hopefully it means [insureds] are not clicking on as many phishing emails,” Winchester said.
The SVP also shared insight on ransomware threats, which cyber insurance experts have told Insurance Business are back on the rise. A 2022 slowdown in activity was attributed in part to the impact of Russia’s Ukraine war by cyber insurance professionals who spoke to Insurance Business at NetDiligence.
Corvus has seen a “pretty low frequency” of ransomware within its own claims data, Winchester said, but she acknowledged that the business could be “bucking the trend”, particularly given leak site activity.
“Ransomware threat actors have their leak sites where they post who their victims are, and because that’s become such a prevalent practice, we’re able to analyze that leak site data and look at the trends over time for victims over time,” Winchester said. “That went up quite a bit in in March, and it stayed pretty high in April and has gone back up in May a bit as well.”
By analyzing these dark web sites and tracking activity, insurers can better predict likely claims activity across the board.
“You can tell the activity is up, which means, from an insurance standpoint, many of those victims are likely insured companies, and so ultimately claims will come up as a result – we fortunately are not seeing that, and [it’s not] reflected in our book, and hopefully, that’s a testament to the underwriting and outreach that we’re doing,” Winchester said.
“But I do expect it’s going to continue on this trend, and it suggests that the threat actors have regrouped, they’ve rebuilt their infrastructure, and they’re up and running.”
How well do your cyber clients understand different threats? Let us know by leaving a comment below.