Phishing for trouble
What do captive insurers require from their parents in order to prevent a cyber attack?

Like any other insurance company, they are going to want to see controls and see how the company is mitigating the exposures of cyber risk. They are going to look for multiple things, such as checking to see that response plans are in place, with decent technology and coordination among their functional operating groups so that there’s discussion about what type of cyber risks exist in the company.

What are the main problems within a business that can cause a cyber breach?

There are so many different conclusions on what ranks as the top issue causing cyber breaches, but studies suggest that hacking, phishing and social engineering are the main causes. I think that you can definitely rank phishing as one of the biggest issues in 2016, with ransomware being one of the highlights. There are also obvious causes for breaches, such as hacking events, and human error or human element events.

Do breaches also come from within the business?

Yes, there are errors that can be created by an employee, as well as a malicious component of human element, which is huge in the business environment.

Should all companies have a prevention programme?

There should be a loss prevention programme in place and I think it should start with the internal response plan. The plan should identify who is in charge of preparing for a breach, determine how to prepare it, and lay out processes so that the company is ready for any situation when it occurs.

A company also has to have a post-breach response plan. There has to be a mitigation component and within that there should be an internal response plan, which is going to lead the charge in how the company handles a breach.

Are you still being approached by large companies that do not have cyber cover in place? Why do you think they are yet to purchase cover?

Yes, and I think there are a lot of reasons why companies are still not purchasing cyber coverage. I think there is a disconnection in the type of information sharing which is going on within the cyber risk community, particularly on the brokerage side.

I believe the sophisticated brokers are able to share good quality information, starting from a risk management perspective all the way down to insurance.

But, unfortunately, I think in some cases there tends to be a disconnection in the communication process.

That means the corporations may not have had the risk properly explained to them and do not understand the value of the insurance.

In those situations, what you get is disconnection and confusion, which makes it a much harder process for a company to secure the proper insurance.

How often should companies be updating covers because of new emerging risks?

Those updates should be made annually. At the moment we know that the cyber policies are still going through changes and we are seeing emerging risk taking into account the bodily injury and property damage component of an event.

Most cyber insurance policies are not addressing bodily injury and property damage, and if they are, it’s a small segment of the insurance market place that is able to provide such.

Not all companies have the exposure but there are a lot of companies out there that are concerned an attack on their computer systems could result in some sort of bodily injury or property damage, particularly from organisations that are in the power and utility sector.
The latest features from Captive Insurance Times
Having the ability to stabilise regulatory and fiscal certainty through self-funding will continue to drive expansion of the self-insured and medical stop-loss captive markets, says Phillip Giles of QBE North America
Attendees of the European Insurance Forum in Dublin heard how insurance and reinsurance professionals are readying for turbulent times ahead
Join Our Newsletter

Sign up today and never
miss the latest news or an issue again

Subscribe now
Interest in forming new captives and protected cell companies is on the rise, according to the latest Aon Global Risk Management Survey
SACs in Bermuda, first crafted in the statute in 2000, are a useful tool for both captive and commercial insurers, says Kim Willey of ASW Law
Rule-focused decisions have kept captives from delivering full value, say Carrie Lam and Steve Prince of Collins Barrow
Attendees of this year’s European Insurance Forum can expect a full and comprehensive agenda. Eddy Van Cutsem explains
Richard Paris-Smith of Willis Towers Watson explains how the UK’s recent changes to the Ogden discount rate will affect captive insurers
Reputation insurance is an important part of any company’s risk management strategy, according to Dr Nir Kossovsky of Steel City Re
Domicile profiles
The latest domicile profiles from Captive Insurance Times
In an era of increasing uncertainty, Tamatoa Jonassen suggests that the Cook Islands can be a bridge to financial security in a captive
With a dedicated captive plan in place, the Lone Star State is on the rise, says Josh Magden of the Texas Captive Insurance Association
Asset Servicing Times

Visit our sister site
for all the latest asset servicing news and analysis
After 36 years of captive business, Vermont boasts a culture of legislative change, and still has a few tricks up its sleeve. Dan Towle and David Provost explain
After a successful 2016 and the licensing of its first securitisation cell company, Malta insurance industry professionals are looking ahead to 2017
Missouri’s captive programme is approaching a decade in operation. John Talley explains how the state has made it to this milestone
Less than 10 years ago, the Bahamas was a virtually forgotten player in the external insurance marketplace, according to Tanya McCartney and Michele Fields. But today, the jurisdiction has a reputation as a market leader
As the new head of insurance supervision in Cayman, Ruwan Jayasekera reveals how he will strive to meet international best practices and standards while encouraging innovation in the domicile
Danielle Hermansen of PKF Malta discusses how Malta can and is fully utilising its potential in the insurance industry
The latest interviews from Captive Insurance Times