Consumers want more insurance help with their cyber woes, and potential cyber woes. The why is easy. From automobiles to interconnected homes, just about every aspect of people’s lives are impacted by technology, and that technology is a sieve and easy for hackers to access.

Take automobiles for example. Asaf Ashkenazi of the software company Inside Secure said hackers can use connectivity to access private information and can even use it to steal the car. “The worst-case scenario is that they can completely take over and control anything in your car, from the brakes to the steering wheel,” he said. “The scariest scenario is that you're driving and they make your car crash.”

Then there’s the loss of personal records. The Identity Theft Resource Center’s 2018 End of Year Data Breach Report said 447 million consumers had their personal records compromised last year. That is a 126% increase from 2017.

What’s ironic is the total number of data breaches in 2018 fell by 23%.

Paul Robinson of GreyCastle Security said, “It’s very difficult now to avoid these attacks, even if you're taking the precautionary measures, such as managing your bank account and things of that nature. Now please do that, don't neglect watching your accounts and keeping an eye on your medical records, but the horse has left the barn per se.”

Assurant’s new study, The Connected Now says the connected lifestyle isn’t connecting with everybody. This is where insurance might be helpful. More on that in a bit.

The risk management firm said like it or not, nearly 40% of consumers identify themselves as technophobes. They own an average of 1.3 connected products. These range from smartphones and computers to equipment to manage things in the home.

Those same people — or 78% of them — worry about ID theft and the compromising of their personal information. They point that worried finger at interconnectivity — connectivity they are not that happy with.

Yet, 69% do admit this technology makes their lives easier. 

This is where insurance has an opportunity to shine. Parks Associates — an Internet of Things marketing and consulting company — said its research finds that 40% to 50% of households with access to broadband Internet want additional insurance services.

Parks Associates said this applies to those who own their homes and those renting.

Of those interested, 35% want insurance services that are proactive and that communicate the potential risk of the smart devices in their homes. They want to be updated and warned ahead of time.

Parks Associates spokesman Brad Russell said the insurance they want will take care of the restoration of those services and repair their home after the damage occurs.

“A restoration service that repairs damage is the most appealing service among insured households, but there is strong interest in proactive services, which would be enabled by smart home devices and AI capabilities to detect and prevent risk situations,” he said.

And he noted that advances in technology now let the insured and the insurer connect and interact more easily than ever. “Connected devices are reshaping the way consumers think about many traditional services and how they interact with their service providers,” he added. “These trends in consumer expectations, combined with the wealth of data derived from IoT solutions, are opening significant market opportunities for the insurance industry.”

Source links: PropertyCasualty360.com, USA Today, WHEC-TV, Insurance Business America

Scam artists used a variety of sophisticated schemes to separate Americans from their money in 2018. Those schemes resulted in the loss of a whopping $18 billion to consumers and individuals in the U.S. last year.

That information comes courtesy of Website Builder Expert (WBE). It is a website building and launching platform. WBE came to its conclusions from data produced by the FBI’s Internet Crime Report and from the Insurance Information Institute (I.I.I.).

WBE — as well as most of us — finds the the $18 billion lost shocking. It’s even more shocking when you consider the billions spent each year to combat cybercrime and make websites and other Internet sources safe.

Apparently — and obviously — those measures are not working all that well.

WBE used the statistics from the two reports that show individual complaints to determine which states are most vulnerable and which are the safest. Two PIA Western Alliance states — California and Washington — are on the list of the most vulnerable.

Vermont is the safest. California the least.

Here are the stats for the two PIA Western Alliance states in the top-15:

1. California

•  2018 complaints — 55,774

•  Average growth per year in reported crimes — +515

•  Average cost per incident — $5,900

15. Washington

•  2018 complaints — 9,011

•  Average growth per year in reported cybercrime — +351

•  Average cost per reported incident — $3,572

Ironically, WBE says California — unfortunately — will likely have more cyber complaints in 2019 than the bottom 27 states

Here’s the list of the 15 most vulnerable states:

1. California

2. Florida

3. Texas

4. Michigan

5. New York

6. Illinois

7. Pennsylvania

8. Georgia

9. Ohio

10. New Jersey

11. North Carolina

12. Virginia

13. Missouri

14. Maryland

15. Washington

The cybersecurity firm McAfee released a report late last year that says cybercriminals are putting out 480 new threats per minute. That frightening statistic comes from

McAfee Labs Threats Report: December 2018.

McAfee’s lead scientist Christiaan Beek said malware attacks were up 73% in the third quarter of 2018.

“Cybercriminals are eager to weaponize vulnerabilities both new and old, and the number of services now available on underground markets has dramatically increased their effectiveness,” he said. “As long as ransoms are paid and relatively easy attacks, such as phishing campaigns, are successful, bad actors will continue to use these techniques.”

Source links: PropertyCasualty360.com, Venture Beat

It’s been a year since the WannaCry ransomware struck. In a four-day period it attacked 300,000 computers, and cost businesses and individuals billions of dollars.

Gad Naveh of Check Point's Threat Intelligence and Research & Development team did some research on what’s happened in the past year. Since then hackers have created offshoots of the ransomware and they are creating more chaos. His research also points out that — in spite of the continuing threat — businesses still aren’t prepared.

•  77% of chief information security officers (CISO) say they are not equipped to handle these attacks

•  Staffing challenges are a problem

•  Security technology conflicting with business operation is another

•  Just 3% of businesses have the protection needed to repel an attack

•  79% are using security solutions from generations two and three

By the way, Naveh points out that we are now up to generation five — Gen V — of this kind of ransomware. The genesis of ransomware is pre-2000.

He is very critical of nations and businesses and says it’s time for the U.S. and other nations to put an end to this problem. He writes, “It does not really matter who launches an attack or why — countries and global business communities simply need to defend themselves better — because the large-scale, multi-vector nature of these attacks are several generations beyond the average enterprise’s security capabilities.

The reality is we’re spending trillions globally on military defense technologies, but investing only a fraction of that on defending businesses and infrastructure against cyber attacks.”

He suggests going back to the basics to start:

•  Segment networks to quarantine attacks

•  Segmentation stops them from propagating

•  Deploy advanced, real-time threat prevention

•  This stops attacks before they get a foothold on a network or networks

•  Do this across all environments:

•  Networks

•  Cloud

•  Mobile

He also notes we need to get past petty differences and work together — large businesses and small. “Because cyber attacks have become the modern weapon of choice for crippling critical infrastructure, we must work together as a global cybe security community to not only protect individual organizations but also to create a shared vision around protecting cities, nations, and the citizens within them. Without a concerted, collaborative effort, we can expect nations, communities, and our most trusted companies to continue to be woefully unprotected against the next mega cyber attack,” he said.

Another report comes to similar conclusions. Datto is a cyber security and data backup company. It recently released its third annual Global State of the Channel Ransomware Report.

The report says ransom ware is the leading cyber attack experience by small to medium-sized businesses (SMB). Ransomware tops viruses and spyware as the biggest threat to their firms.

•  55% of managed service providers (MSP) said their clients experienced a ransomware attack in the first six-months of this year

•  35% said their clients were attacked many times

•  Some said they were attacked multiple times during a day

•  92% of MSPs predict the number of attacks will continue at this rate or a higher rate

In the report, the MSPs said their clients have anti-virus software but it’s not enough.

•  85% report ransomware protection is installed

•  65% say email and spam filters are installed

•  29% say their clients have pop-up blockers

All failed to block the ransomware attacks.

As we know, downtime for a small business leads to lost revenue. If the downtime is long enough, a small business can fail. The report says, the downtime and cost of the attack in other areas is 10-times what it costs to pay the ransom.

•  The average cost per business is $46,800

•  The average ransom is $4,300 per attack

James Bergl is is a director at Datto APAC. He said most businesses don’t report these attacks and just one in four get reported to authorities.

By the way, if you’re an Apple user and think you’re safe, Bergl said Apple operating systems are becoming increasingly vulnerable. In the report, five times as many MSPs reported ransomware attacks on the macOS and iOS platforms from last year to this.

He said the worst attacks are happening in Asia.

The report said the best protection against a ransomware attack is employee training. Education and training are highly recommended. And it is suggested that the training be ongoing and in areas where ransomware attacks are must likely to occur:

•  Phishing attacks

•  Malicious websites

•  Web ads

•  Clickbait directed toward a business

Source links: The Next Web, Security Asia

In a new report, A.M. Best and Guidewire’s Cyence Risk Analytics is worried about cyber insurance and cyber insurers. In a new report, the two companies said three of the top-20 cyber insurance providers could face “meaningful to significant gross losses” from a single-event cyber catastrophe.

In the special report Cyber Insurance Market: Stress Testing the Future, Fred Eslami said when looking at the estimated policyholder surplus in 2022, those losses could hit 15% to 119%.

“For the majority of these companies, even the gross losses do not come close to the natural catastrophe probable maximum loss estimates used for stressing the balance sheet strength of the companies,” he said. “However, under these circumstances, a handful of companies could lose a significant amount of surplus, which potentially could create ratings pressure or even trigger a downgrade.”

The report looks at two scenarios:

•  Several cloud-based servers fail and widespread service and business interruptions follow

•  A common software application gets compromised leading to a global attack

In another report, Gallagher said healthcare providers are the most vulnerable to hacking attacks. They happen regularly and leave the data of hundreds of thousands of people at the mercy of the cyber hackers.

Bloomberg said the average breach of a healthcare system costs more than $400 per patient. The news organization also found that just 33% of healthcare departments have defenses set up for a breach.

Gallagher’s white paper on the subject said there are six things these organizations can do to improve their security:

  Anti-virus and malware prevention

•  Firewalls

•  Patching

•  Encryption

•  PCI DDS compliance

•  Employee awareness and training

Gallagher’s Adam Cottini said the first and most important thing these organizations need to do is comply with HIPPA regulations and standards that say individual medical data must be protected.

“The HIPPA regulation has been around for a long while and the healthcare industry is tuned into the privacy requirements. Where the challenge comes is with the advancement of technology and how new technology exacerbates the vulnerabilities in the healthcare space relative to protecting and securing information,” Cottini said.

Once the privacy requirements are in place then cyber security priorities must be addressed. “Cyber security doesn’t seem to rise to the same level of priority as other areas of security, but the statistics clearly show that phishing and social engineering is a major driver of a lot of the cyber events that are happening these days, which is why we believe organizations have to continuously drive down on employee training and awareness,” Cottini noted.

The point of Gallagher’s white paper is to raise awareness.

NAS Insurance agrees with some of Gallagher’s conclusions. In its 2018 Cyber Claims Digest, NAS suggests negligent employees and third-party service providers are a common thread when it comes to cyber attacks upon healthcare providers.

Jeremy Barnett of NAS said the most common form of attack to these organizations from this carelessness is ransomeware. “The methods used for ransomware attacks are becoming more sophisticated. Spam email remains a tried and true method: one in six spam email messages comes bundled with ransomware. However, in 2017, criminals also tended to target specific companies,” he said.

From there things get worse.

“Between 2016 and 2017, there was a 152% increase in ransomware as a cause of loss for healthcare cyber claims,” Barnett noted. “The threat is typically to divulge or destroy information, to insert malicious code into a computer system or to damage, destroy or prevent access to a computer system. The monetary demand varies in both amount and the currency: the demand might seek payment in American dollars, a foreign currency or a cryptocurrency.”

While healthcare providers are lagging behind, data analyst FICO said other industries are catching up and those with cyber insurance rose between 2016 and 2017. From 2017 to 2018 those with no cyber security insurance at all fell from 50% to 24%. However, 32% of the nation’s larger companies have adequate cyber insurance.

Many of those are in healthcare.

FICO VP for cyber security solutions Doug Clare said, “Given the number of large-scale and very public breaches in recent years, it’s not surprising that we’ve seen a big increase in US organizations investing in it over the past 12 months, but there’s still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”

And back to healthcare companies. The FICO survey found 70% of them do not have cybersecurity insurance. Just 10% of financial service firms do not have cyber insurance.

Source links: Insurance Business America — link 1, link 2, link 3, Carrier Management

A new survey by the research firm Ovum says 50% of U.S. businesses don’t have cyber risk insurance. Just 16% of the 100% have full coverage. The survey was done for the analytics company FICO and it also found 27% of that 50% say their companies have no plans to purchase said insurance.

Ironically — and dangerously — 61% say they expect cyber attacks increase in the next year.

The survey found U.S. companies lag in cyber coverage when compared to Canada and the United Kingdom. The report says 40% of firms report no cyber coverage in those countries.

And why? Mistrust of insurance pricing is what most say.

The survey is wide-ranging. It connected with 350 c-suite executives and senior security officers. They come from sectors like:

•  Financial services

•  Telecommunications

•  Healthcare

•  Retail

•  E-commerce

•  Media service providers

Company sizes:

•  30% have 500 to 1,000 employees

•  28% have 1,001 to 4,999 employees

•  17% have 5,000 to 9,999

•  25% have more than 10,000

Bob Shiflet of FICO said the Ovum survey finds U.S. healthcare to be father behind than most when it comes to cyber insuring. None of those surveyed in healthcare have insurance that covers all risks and 74% had no insurance at all. Shiflet said this is troubling but some of that must be laid at the feet of the insurance industry.

“There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable,” Shiflet said.

Cost and lack of clarity from the industry is problematic:

•  Just 25% of those responding think premiums reflect their risk profile

•  Only 23% think the insurance industry is clear and transparent in its approach to pricing

•  29% of the executives think insurers need clear guidelines about how premiums are chosen

•  28% want clearer communications on why premiums are adjusted when that happens

•  23% want insurers to introduce a standard for benchmarking cyber risk

Hiscox did a similar survey that said 55% of U.S. firms have taken out cyber insurance but these businesses are — as with the Ovum survey — confused about what cyber coverage actually entails and what is protected.

For those who don’t have cyber insurance:

•  26% do not plan to purchase

•  41% said cyber insurance policies are not relevant to their business

•  17% say they have no plans to take out insurance — ever — and agreed with this statement: Cyber insurance policies are so complicated — I don’t understand what cyber insurance would cover me for.

Deloitte also did a survey that found buyers just don’t understand cyber risks or options for insurance. And all — the report found — want standardized policies. “Similar cyber insurance products offered by different providers often include alternative features, which makes it difficult for buyers to compare policies by value and price,” the report said.

Deloitte also outlined steps similar to those of Ovum for insurers to take:

•  Standardize policy language

•  Develop a risk-informed model rather than a definitive predictive model for cyber risks

•  employ more targeted underwriting by industry or exposure

•  Offer more holistic cyber risk management programs

RAND Corporation did a different report and hit the real nail on the head. Companies — it found — just don’t see cyber insurance as a good investment. The typical cost of a breach according to RAND is $200,000 which means an event will cost a company about 0.4% of annual revenues.

Sasha Romanosky of RAND put it in perspective. “Relative to all the other risks companies face, the cyber risks often aren’t as big a deal as we think. It may be bad for you if you are the victim, but it doesn’t change the behavior or strategy of a company. Like you and me, companies are self-interested and operate in ways that minimize their costs. You can’t begrudge them for working that way,” Romanosky said.

Ponemon seriously disagrees with RAND’s conclusions. It’s report from May of 2014 found the average data breach costs something like $3.5 million for super-sized companies.

Source link: Insurance Journal