Emerging Cyber Risks Threatening Insurance Companies’ Policyholders

Cyber risk is evolving at a rapid pace, leading to a crucial need for companies to protect their key assets – data and people. Insurance coverage is a critical piece of a protective strategy, but cyber claims executives must consider education a key aspect of an effective program.

Cybersecurity is an area in which the risks are constantly changing. Policyholders need to be knowledgeable about the dangers and understand how to proactively mitigate any impact – this can be the difference between a business returning to operation in days vs. months vs. not recovering at all.

For decades, Auriemma Roundtables has connected consumer finance companies with the right people and data to navigate industry complexity. Auriemma Roundtables is offering Cyber Claims executives the opportunity to participate in an industry business intelligence network that addresses the challenges facing insurers offering cyber coverage.

To kickstart this community, Auriemma Roundtables is collaborating with Patricia Harman, Editor-in-Chief, ALM PC360 Group. Harman will be facilitating its first (Re)Insurance Cyber Risk Claims Roundtable meeting, which will be held on October 26, 2022 in New York City.

To preview the discussions we’ll be hosting with industry leaders, we sat down with Harman to discuss the key issues facing the industry, and how collaboration can improve operations and policyholder outcomes.

What are some of the emerging cyber risk threats?

Cyber threats are constantly changing, and insurers are always monitoring these emerging and evolving risks. The primary goal for any attack is a significant payday and one of the trends the industry is seeing now involves a greater focus on small and medium-sized businesses because they frequently don’t have the safety infrastructure in place to protect their data. There can be a perception that a cyberattack will never happen to them. These businesses can also provide access to the networks of larger targets that they work with such as accounting firms, law firms, hospitals and retailers.

Phishing attacks are still an easy and successful way to access a company’s information. With so many remote workers, phishing attacks have increased significantly and account for 41% of the claims reported, according to Coalition. It’s still too easy to get people to “click on a link” and unwittingly provide access to company information and networks, download a virus or provide login credentials.

Some attacks are more likely to occur during certain times of the year, such as an uptick in attacks during the holiday season when people are shopping online or away for the holidays.

Fraudsters are increasingly exploiting weaknesses in third parties’ infrastructure to gain access to the policyholders’ systems. How should insurance companies be more proactive in ensuring policyholders have robust risk management programs in place?

Insurers and their clients must remain vigilant with constant training and sharing of information. Effective cyber training and risk management requires insurers to be proactive in training their clients and helping them implement risk mitigation strategies to minimize the impact of attacks when they occur. It’s very much a matter of not “if” an attack occurs but “when,” and being well prepared can help limit some of the impacts of an attack.

Many clients also may not understand the benefits that come with a cyber policy. The education process begins with the initial risk assessment, continues through the underwriting process and encompasses a strong risk management program. This can be through software and hardware recommendations, employee training, phishing exercises and helping clients create a strong culture of safety.

 What are the challenges in effectively partnering with policyholders more broadly in fighting cyber risk?

Helping them to understand the risks is the first step. There are companies that think it will never happen to them, and they are usually the most vulnerable.

Walking a client through what an attack can look like, how it will disrupt a business, the various areas where they are vulnerable such as customer files, financial information, not changing their logins or not using dual-factor authentication can help them better understand what’s at stake.

Explaining in-depth what comes as part of a cyber policy is also an important part of the education process. Insurers can help identify the extent of the breach, help navigate the regulatory requirements involved, assist with public relations issues and communicating with affected parties, recommend vendors and basically walk a client through the aftermath of an attack.

How can insurance companies best keep up with how fraudsters are hitting the industry?

Education and sharing information are the best defense against these types of attacks. Carriers are tracking multiple cyber risks and sharing the trends they’re seeing in terms of attacks and claims can be helpful in identifying emerging threats and developing strategies to mitigate them. However, it can be challenging to find opportunities to discuss these concerns in an environment that allows for an honest exchange of information.

About the Auriemma (Re)Insurance Cyber Risk Claims Roundtable

For more than 30 years, Auriemma Roundtables has partnered with our member companies to use collaboration, data, and research to unlock insights and standards that improve industry performance.

Auriemma Roundtables’ new (Re)Insurance Cyber Risk Claims Roundtable group focuses on best-in-class cyber risk management strategies, technology developments, and key industry developments impacting cyber risk (re)insurance.

Membership includes:

• Meetings for claims executives
• Industry-leading operational benchmarking
• Custom peer group surveys

To learn more, contact Phylip Jones, Senior Director of Business, Auriemma Roundtables at (646) 343-4415 or (pjones@roundtables.us)