Posted By staff reporter,
Tuesday, February 12, 2019
| Comments (0)
Cyber 101 is the newest educational resource created by PIA and The PIA Partnership to help educate PIA members and their clients about the seven most common cyber risks.
Fraudulent funds transfer
Website media liability
Q: Do I have to be a PIA member to participate in the Cyber 101 courses?
A: Yes. However, you can also be a Non-PIA members appointed by Partnership companies.
To learn which companies are Partnership companies, visit our partner page.
Q: What's in it for you?
A: Become a subject matter expert on Cyber coverage. Producers and CSRs using the Cyber 101 resources will become confident in their abilities to thoughtfully talk about cyber risks and coverage.
Q: How often are Cyber 101 webinars?
A: Each month, Cyber 101 will introduce new resources on one of these topics:
- fraudulent funds transfer
- social engineering
- business interruption
- data breach/privacy
- network security .
- website media liability
These topic-specific resources will include:
- interactive claims examples
- 1-page PDFs explaining the risk
- 30-minute webinars
PIA agents can also personalize and provide their clients with general cyber educational resources. All webinars will be recorded and made available on the Cyber 101 website.
Q: How do I access Cyber 101?
Login here to access Cyber 101
Click here to access Cyber 101
Click here to become a PIA member
For additional information about The PIA Partnership
Posted By staff reporter,
Tuesday, February 12, 2019
| Comments (0)
Consumers want more insurance help with their cyber woes, and potential cyber woes. The why is easy. From automobiles to interconnected homes, just about every aspect of people’s lives are impacted by technology, and that technology is a sieve and easy for hackers to access.
Take automobiles for example. Asaf Ashkenazi of the software company Inside Secure said hackers can use connectivity to access private information and can even use it to steal the car. “The worst-case scenario is that they can completely take over and control anything in your car, from the brakes to the steering wheel,” he said. “The scariest scenario is that you're driving and they make your car crash.”
Then there’s the loss of personal records. The Identity Theft Resource Center’s 2018 End of Year Data Breach Report said 447 million consumers had their personal records compromised last year. That is a 126% increase from 2017.
What’s ironic is the total number of data breaches in 2018 fell by 23%.
Paul Robinson of GreyCastle Security said, “It’s very difficult now to avoid these attacks, even if you're taking the precautionary measures, such as managing your bank account and things of that nature. Now please do that, don't neglect watching your accounts and keeping an eye on your medical records, but the horse has left the barn per se.”
Assurant’s new study, The Connected Now says the connected lifestyle isn’t connecting with everybody. This is where insurance might be helpful. More on that in a bit.
The risk management firm said like it or not, nearly 40% of consumers identify themselves as technophobes. They own an average of 1.3 connected products. These range from smartphones and computers to equipment to manage things in the home.
Those same people — or 78% of them — worry about ID theft and the compromising of their personal information. They point that worried finger at interconnectivity — connectivity they are not that happy with.
Yet, 69% do admit this technology makes their lives easier.
This is where insurance has an opportunity to shine. Parks Associates — an Internet of Things marketing and consulting company — said its research finds that 40% to 50% of households with access to broadband Internet want additional insurance services.
Parks Associates said this applies to those who own their homes and those renting.
Of those interested, 35% want insurance services that are proactive and that communicate the potential risk of the smart devices in their homes. They want to be updated and warned ahead of time.
Parks Associates spokesman Brad Russell said the insurance they want will take care of the restoration of those services and repair their home after the damage occurs.
“A restoration service that repairs damage is the most appealing service among insured households, but there is strong interest in proactive services, which would be enabled by smart home devices and AI capabilities to detect and prevent risk situations,” he said.
And he noted that advances in technology now let the insured and the insurer connect and interact more easily than ever. “Connected devices are reshaping the way consumers think about many traditional services and how they interact with their service providers,” he added. “These trends in consumer expectations, combined with the wealth of data derived from IoT solutions, are opening significant market opportunities for the insurance industry.”
Source links: PropertyCasualty360.com, USA Today, WHEC-TV, Insurance Business America
Posted By Staff reporter,
Tuesday, February 5, 2019
| Comments (0)
A new report from Accenture is frightening. Another one from the Defense Department and the Pentagon is even more frightening than Accenture’s.
The Accenture report is titled Securing the Digital Economy: Reinventing the Internet for Trust. It found 75% of the CEOs think the only solution to the cyber challenges faced by all of us is cross-industry coordination.
Worse, Accenture believes in the next five-years companies worldwide will lose $5.2 trillion from cyber attacks.
• The highest risk is the high-tech industry with $753 billion at stake
• Life sciences has $642 billion at risk
• The automotive industry has $505 billion
“Internet security is lagging behind the sophistication of cybercriminals and is leading to an erosion of trust in the digital economy,” company spokesman Omar Abbosh said. “Strengthening internet security requires decisive — and, at times, unconventional — leadership by CEOs, not just CISOs.
To become a cyber-resilient enterprise, companies need to start by bringing CISOs’ expertise to the board, ensuring security is built-in from the initial design stage and that all business managers are held responsible for security and data privacy.”
Here’s more from the report:
• 79% say the advancement of the digital economy will be stall or slow down if dramatic improvement in internet security is not made
• 59% say the internet is growing increasingly unstable
• That same 59% say they are not sure how to respond to that instability
• 56% say they would welcome stricter business regulations to fix the problem
PIA Western Alliance Members can take our Cyber 101 Webinar Classes at no charge!
Click the banner to sign up, today!
In the U.S. the Defense Department — via spokesman Robert Behler — said it cannot adequately defend itself against cyber attacks. The Government Accountability Office (GAO) agrees. Spokeswoman Cristina Chaplain said the military has not been able to secure weapons systems that cost billions to build.
“DOD testers routinely found mission-critical vulnerabilities in systems under development, and in some cases, repeatedly over the years,” she said.
One of the problems with cyber security is the lack of cyber experts to do battle with the bad guys. In the U.S. between September of 2017 and August of 2018, there were 314,000 job postings. Even though most earn something like $95,000 a year on average, job openings stay open.
The National Initiative for Cyber Security Education says if all were filled that would pump up the number of pros battling cyber criminals by 40%. That’s a workforce of 714,000.
Worldwide, (ISC)2 says there are close to three million cyber security jobs open.
In addition to not being able to find experts, current polling says that 43% of organizations around the world fail to adequately do security training.
Worse, universities — 85% of them — have cyber security graduate or undergraduate degrees. However, their more diversified and attractive computer science programs do not offer even one cybersecurity course.
Business and government are continuing to explore options. One idea is a Cybersecurity Peace Corps. The proposal is the same idea as the original Peace Corps and will develop and train people to do cybersecurity jobs. It will require an act of Congress to establish.
Meanwhile, community colleges are now offering boot camps — of sorts — to train people in key skills.
Whether all this training comes fast enough to avoid the trillions that will be lost in the future to cyber criminals is anybody’s guess. What we all can — however — agree upon is that there is a definite need for action.
Source link: Insurance Business America, PropertyCasualty360.com, Tech Crunch
Posted By staff reporter,
Tuesday, January 15, 2019
| Comments (0)
Scam artists used a variety of sophisticated schemes to separate Americans from their money in 2018. Those schemes resulted in the loss of a whopping $18 billion to consumers and individuals in the U.S. last year.
That information comes courtesy of Website Builder Expert (WBE). It is a website building and launching platform. WBE came to its conclusions from data produced by the FBI’s Internet Crime Report and from the Insurance Information Institute (I.I.I.).
WBE — as well as most of us — finds the the $18 billion lost shocking. It’s even more shocking when you consider the billions spent each year to combat cybercrime and make websites and other Internet sources safe.
Apparently — and obviously — those measures are not working all that well.
WBE used the statistics from the two reports that show individual complaints to determine which states are most vulnerable and which are the safest. Two PIA Western Alliance states — California and Washington — are on the list of the most vulnerable.
Vermont is the safest. California the least.
Here are the stats for the two PIA Western Alliance states in the top-15:
• 2018 complaints — 55,774
• Average growth per year in reported crimes — +515
• Average cost per incident — $5,900
• 2018 complaints — 9,011
• Average growth per year in reported cybercrime — +351
• Average cost per reported incident — $3,572
Ironically, WBE says California — unfortunately — will likely have more cyber complaints in 2019 than the bottom 27 states
Here’s the list of the 15 most vulnerable states:
5. New York
10. New Jersey
11. North Carolina
The cybersecurity firm McAfee released a report late last year that says cybercriminals are putting out 480 new threats per minute. That frightening statistic comes from
McAfee Labs Threats Report: December 2018.
McAfee’s lead scientist Christiaan Beek said malware attacks were up 73% in the third quarter of 2018.
“Cybercriminals are eager to weaponize vulnerabilities both new and old, and the number of services now available on underground markets has dramatically increased their effectiveness,” he said. “As long as ransoms are paid and relatively easy attacks, such as phishing campaigns, are successful, bad actors will continue to use these techniques.”
Source links: PropertyCasualty360.com, Venture Beat
Posted By Staff Reporter,
Tuesday, December 18, 2018
| Comments (0)
Myth: Hackers and cyber criminals generally target large businesses because that is where they profit most.
Fact: 62 percent of cyber-attacks target small-and mid-sized businesses
Get your Cyber 101 On!
Learn what you need to know to keep your business clients safe in an uncertain world.
PIA created the Cyber 101 education series to help educate agents and their clients about the most common cyber risks faced by small and mid-sized businesses as well as the business practices and insurance coverages that can reduce those risks.
HOW TO ACCESS CYBER 101
Non-PIA members appointed by Partnership companies: Click here to access Cyber 101.
Other agents: To access Cyber 101, you will need to become a PIA member. Learn more about PIA membership and join today!
Cyber 101 classes
pia western alliance
Posted By Staff Reporter,
Monday, November 19, 2018
| Comments (0)
It’s been a year since the WannaCry ransomware struck. In a four-day period it attacked 300,000 computers, and cost businesses and individuals billions of dollars.
Gad Naveh of Check Point's Threat Intelligence and Research & Development team did some research on what’s happened in the past year. Since then hackers have created offshoots of the ransomware and they are creating more chaos. His research also points out that — in spite of the continuing threat — businesses still aren’t prepared.
• 77% of chief information security officers (CISO) say they are not equipped to handle these attacks
• Staffing challenges are a problem
• Security technology conflicting with business operation is another
• Just 3% of businesses have the protection needed to repel an attack
• 79% are using security solutions from generations two and three
By the way, Naveh points out that we are now up to generation five — Gen V — of this kind of ransomware. The genesis of ransomware is pre-2000.
He is very critical of nations and businesses and says it’s time for the U.S. and other nations to put an end to this problem. He writes, “It does not really matter who launches an attack or why — countries and global business communities simply need to defend themselves better — because the large-scale, multi-vector nature of these attacks are several generations beyond the average enterprise’s security capabilities.
The reality is we’re spending trillions globally on military defense technologies, but investing only a fraction of that on defending businesses and infrastructure against cyber attacks.”
He suggests going back to the basics to start:
• Segment networks to quarantine attacks
• Segmentation stops them from propagating
• Deploy advanced, real-time threat prevention
• This stops attacks before they get a foothold on a network or networks
• Do this across all environments:
He also notes we need to get past petty differences and work together — large businesses and small. “Because cyber attacks have become the modern weapon of choice for crippling critical infrastructure, we must work together as a global cybe security community to not only protect individual organizations but also to create a shared vision around protecting cities, nations, and the citizens within them. Without a concerted, collaborative effort, we can expect nations, communities, and our most trusted companies to continue to be woefully unprotected against the next mega cyber attack,” he said.
Another report comes to similar conclusions. Datto is a cyber security and data backup company. It recently released its third annual Global State of the Channel Ransomware Report.
The report says ransom ware is the leading cyber attack experience by small to medium-sized businesses (SMB). Ransomware tops viruses and spyware as the biggest threat to their firms.
• 55% of managed service providers (MSP) said their clients experienced a ransomware attack in the first six-months of this year
• 35% said their clients were attacked many times
• Some said they were attacked multiple times during a day
• 92% of MSPs predict the number of attacks will continue at this rate or a higher rate
In the report, the MSPs said their clients have anti-virus software but it’s not enough.
• 85% report ransomware protection is installed
• 65% say email and spam filters are installed
• 29% say their clients have pop-up blockers
All failed to block the ransomware attacks.
As we know, downtime for a small business leads to lost revenue. If the downtime is long enough, a small business can fail. The report says, the downtime and cost of the attack in other areas is 10-times what it costs to pay the ransom.
• The average cost per business is $46,800
• The average ransom is $4,300 per attack
James Bergl is is a director at Datto APAC. He said most businesses don’t report these attacks and just one in four get reported to authorities.
By the way, if you’re an Apple user and think you’re safe, Bergl said Apple operating systems are becoming increasingly vulnerable. In the report, five times as many MSPs reported ransomware attacks on the macOS and iOS platforms from last year to this.
He said the worst attacks are happening in Asia.
The report said the best protection against a ransomware attack is employee training. Education and training are highly recommended. And it is suggested that the training be ongoing and in areas where ransomware attacks are must likely to occur:
• Phishing attacks
• Malicious websites
• Web ads
• Clickbait directed toward a business
Source links: The Next Web, Security Asia
Posted By Staff Reporter,
Tuesday, October 23, 2018
| Comments (0)
The U.S. Securities and Exchange Commission (SEC) has spoken. It says companies that fail to do proper cyber security for its data could be breaking federal law. The idea of law breaking came about in a report that investigated nine unidentified companies who’ve suffered cyber attacks. It wonders if they had the proper internal accounting protection controls in place.
Those systems are required by law.
The investigation focused on business email compromises. This is a way cyber criminals get access to bank accounts and other information. They pose as company executives and other employees to get information sent to them. Scams like this — says the FBI — have netted these businesses $5 billion in losses since 2013.
Stephanie Avakian is the co-director of the SEC Enforcement Division. She said these scams aren’t that sophisticated. They rely upon human inattention to succeed.
“We did not charge the nine companies we investigated, but our report emphasizes that all public companies have obligations to maintain sufficient internal accounting controls and should consider cyber threats when fulfilling those obligations,” she said.
The warning from the investigation is clear. Regulators, Congress and consumer groups are watching, and are growing more and more focused on requiring companies to do all they can to keep data secure.
By the way, those regulating regulators ought to also pay attention. On October 4th the Pentagon said the system it uses to maintain travel records was hacked. The Department of Defense said 30,000 records were accessed.
As an FYI, the department says it does not administrate those records. That has been outsourced to a third party contractor. It also says the 30,000 records isn’t all that many when you consider the Department of Defense is the nation’s largest employer.
It has 1.3 million enlisted men and 742,000 civilians work for the department.
Source links: Reuters, Insurance Journal, Forbes
US securities and exchange commission
Posted By Joey Leffel,
Tuesday, August 28, 2018
| Comments (0)
In a new report, A.M. Best and Guidewire’s Cyence Risk Analytics is worried about cyber insurance and cyber insurers. In a new report, the two companies said three of the top-20 cyber insurance providers could face “meaningful to significant gross losses” from a single-event cyber catastrophe.
In the special report Cyber Insurance Market: Stress Testing the Future, Fred Eslami said when looking at the estimated policyholder surplus in 2022, those losses could hit 15% to 119%.
“For the majority of these companies, even the gross losses do not come close to the natural catastrophe probable maximum loss estimates used for stressing the balance sheet strength of the companies,” he said. “However, under these circumstances, a handful of companies could lose a significant amount of surplus, which potentially could create ratings pressure or even trigger a downgrade.”
The report looks at two scenarios:
• Several cloud-based servers fail and widespread service and business interruptions follow
• A common software application gets compromised leading to a global attack
In another report, Gallagher said healthcare providers are the most vulnerable to hacking attacks. They happen regularly and leave the data of hundreds of thousands of people at the mercy of the cyber hackers.
Bloomberg said the average breach of a healthcare system costs more than $400 per patient. The news organization also found that just 33% of healthcare departments have defenses set up for a breach.
Gallagher’s white paper on the subject said there are six things these organizations can do to improve their security:
Anti-virus and malware prevention
• PCI DDS compliance
• Employee awareness and training
Gallagher’s Adam Cottini said the first and most important thing these organizations need to do is comply with HIPPA regulations and standards that say individual medical data must be protected.
“The HIPPA regulation has been around for a long while and the healthcare industry is tuned into the privacy requirements. Where the challenge comes is with the advancement of technology and how new technology exacerbates the vulnerabilities in the healthcare space relative to protecting and securing information,” Cottini said.
Once the privacy requirements are in place then cyber security priorities must be addressed. “Cyber security doesn’t seem to rise to the same level of priority as other areas of security, but the statistics clearly show that phishing and social engineering is a major driver of a lot of the cyber events that are happening these days, which is why we believe organizations have to continuously drive down on employee training and awareness,” Cottini noted.
The point of Gallagher’s white paper is to raise awareness.
NAS Insurance agrees with some of Gallagher’s conclusions. In its 2018 Cyber Claims Digest, NAS suggests negligent employees and third-party service providers are a common thread when it comes to cyber attacks upon healthcare providers.
Jeremy Barnett of NAS said the most common form of attack to these organizations from this carelessness is ransomeware. “The methods used for ransomware attacks are becoming more sophisticated. Spam email remains a tried and true method: one in six spam email messages comes bundled with ransomware. However, in 2017, criminals also tended to target specific companies,” he said.
From there things get worse.
“Between 2016 and 2017, there was a 152% increase in ransomware as a cause of loss for healthcare cyber claims,” Barnett noted. “The threat is typically to divulge or destroy information, to insert malicious code into a computer system or to damage, destroy or prevent access to a computer system. The monetary demand varies in both amount and the currency: the demand might seek payment in American dollars, a foreign currency or a cryptocurrency.”
While healthcare providers are lagging behind, data analyst FICO said other industries are catching up and those with cyber insurance rose between 2016 and 2017. From 2017 to 2018 those with no cyber security insurance at all fell from 50% to 24%. However, 32% of the nation’s larger companies have adequate cyber insurance.
Many of those are in healthcare.
FICO VP for cyber security solutions Doug Clare said, “Given the number of large-scale and very public breaches in recent years, it’s not surprising that we’ve seen a big increase in US organizations investing in it over the past 12 months, but there’s still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”
And back to healthcare companies. The FICO survey found 70% of them do not have cybersecurity insurance. Just 10% of financial service firms do not have cyber insurance.
Source links: Insurance Business America — link 1, link 2, link 3, Carrier Management
PIA Cyber Insurance
Posted By Administration,
Tuesday, July 31, 2018
| Comments (0)
The headline “Carrier Perspective” has to do more with carrier’s realizing this is a popular and profitable line of insurance. It’s so popular — in fact — that the number of carriers expanding into cyber insurance leaped to 170 in 2017 from 140 in 2016 and 119 in 2015.
Aon — who came up with the figures in its U.S. cyber market update titled 2017 U.S. Cyber Insurance Profits and Performance — said that’s not counting MGAs.
Rapid growth in the market and the high number of new entries hasn’t hurt profitability. The line is very profitable with premiums in 2017 that hit $1.84 billion. That’s a 37% increase over 2016.
Another plus. The loss ratio from cyber insurance fell from 47.6 in 2017 to 32.4.
John Laux heads cyber analytics for Aon Reinsurance Solutions. He said the 98% jump in premiums comes from packaging the product. Premiums for stand-alone cyber insurance rose 8%.
Laux said the trends here are significant — especially for a relatively new product. “Our study reveals that despite several significant and prolific cyber attacks in 2017, industry premium continued to increase and loss ratios continued to decrease,” Laux said and then added, “insurers have the expertise to offer an appropriate product with first-and third-party coverages that firms are willing to buy.”
Also in the report:
• The top-five cyber insurers wrote 51% of the direct written premiums in 2017
• That’s down from 52% in 2016
• The top-10 insurers accounted for 69% of the direct written premiums in 2017
• That’s down from 73% in 2016
• Those new to the cyber market averaged $140,000 in premiums
• Small commercial insureds is where the biggest premium growth is found
• These days cyber criminals favor ransomware over hacking
• Underwriters with $5 million or more in direct written premiums saw loss ratios from zero to 223.7%
• In 2017 — and at 59% — claims against first-party coverage was 2/3 of all claims
• They are 72% of the total package policy claims
• The first-party claims outnumber third-party claims by a long shot
The line of insurance has grown to the point that ACORD has put together a standard for cyber data breach cover. It’s in the development stages and is called the ACORD Cyber Data Breach Standard and was developed with specialist insurer Beazley and insurance broker Aon.
ACORD members have been given the standard for review and feedback. If the reviews and feedback are positive it will be put in the next scheduled release of the ACORD Property & Casualty Standards.
Christian Hoffman who heads the U.S. Cyber Solutions at Aon said, “Connectivity and collaboration across organizations including, but not limited to, information security, legal and risk management is critical. A set of uniform standards is an ideal place to start this transition.”
Source links: Insurance Journal, Carrier Management
Weekly Industry News
Posted By Administration,
Tuesday, June 6, 2017
| Comments (0)
A new survey by the research firm Ovum says 50% of U.S. businesses don’t have cyber risk insurance. Just 16% of the 100% have full coverage. The survey was done for the analytics company FICO and it also found 27% of that 50% say their companies have no plans to purchase said insurance.
Ironically — and dangerously — 61% say they expect cyber attacks increase in the next year.
The survey found U.S. companies lag in cyber coverage when compared to Canada and the United Kingdom. The report says 40% of firms report no cyber coverage in those countries.
And why? Mistrust of insurance pricing is what most say.
The survey is wide-ranging. It connected with 350 c-suite executives and senior security officers. They come from sectors like:
• Financial services
• Media service providers
• 30% have 500 to 1,000 employees
• 28% have 1,001 to 4,999 employees
• 17% have 5,000 to 9,999
• 25% have more than 10,000
Bob Shiflet of FICO said the Ovum survey finds U.S. healthcare to be father behind than most when it comes to cyber insuring. None of those surveyed in healthcare have insurance that covers all risks and 74% had no insurance at all. Shiflet said this is troubling but some of that must be laid at the feet of the insurance industry.
“There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable,” Shiflet said.
Cost and lack of clarity from the industry is problematic:
• Just 25% of those responding think premiums reflect their risk profile
• Only 23% think the insurance industry is clear and transparent in its approach to pricing
• 29% of the executives think insurers need clear guidelines about how premiums are chosen
• 28% want clearer communications on why premiums are adjusted when that happens
• 23% want insurers to introduce a standard for benchmarking cyber risk
Hiscox did a similar survey that said 55% of U.S. firms have taken out cyber insurance but these businesses are — as with the Ovum survey — confused about what cyber coverage actually entails and what is protected.
For those who don’t have cyber insurance:
• 26% do not plan to purchase
• 41% said cyber insurance policies are not relevant to their business
• 17% say they have no plans to take out insurance — ever — and agreed with this statement: Cyber insurance policies are so complicated — I don’t understand what cyber insurance would cover me for.
Deloitte also did a survey that found buyers just don’t understand cyber risks or options for insurance. And all — the report found — want standardized policies. “Similar cyber insurance products offered by different providers often include alternative features, which makes it difficult for buyers to compare policies by value and price,” the report said.
Deloitte also outlined steps similar to those of Ovum for insurers to take:
• Standardize policy language
• Develop a risk-informed model rather than a definitive predictive model for cyber risks
• employ more targeted underwriting by industry or exposure
• Offer more holistic cyber risk management programs
RAND Corporation did a different report and hit the real nail on the head. Companies — it found — just don’t see cyber insurance as a good investment. The typical cost of a breach according to RAND is $200,000 which means an event will cost a company about 0.4% of annual revenues.
Sasha Romanosky of RAND put it in perspective. “Relative to all the other risks companies face, the cyber risks often aren’t as big a deal as we think. It may be bad for you if you are the victim, but it doesn’t change the behavior or strategy of a company. Like you and me, companies are self-interested and operate in ways that minimize their costs. You can’t begrudge them for working that way,” Romanosky said.
Ponemon seriously disagrees with RAND’s conclusions. It’s report from May of 2014 found the average data breach costs something like $3.5 million for super-sized companies.
Source link: Insurance Journal
Weekly Industry News
Who has Cyber Insurance? Not that Many