Phishing for trouble

What do captive insurers require from their parents in order to prevent a cyber attack?

Like any other insurance company, they are going to want to see controls and see how the company is mitigating the exposures of cyber risk. They are going to look for multiple things, such as checking to see that response plans are in place, with decent technology and coordination among their functional operating groups so that there’s discussion about what type of cyber risks exist in the company.

What are the main problems within a business that can cause a cyber breach?

There are so many different conclusions on what ranks as the top issue causing cyber breaches, but studies suggest that hacking, phishing and social engineering are the main causes. I think that you can definitely rank phishing as one of the biggest issues in 2016, with ransomware being one of the highlights. There are also obvious causes for breaches, such as hacking events, and human error or human element events.

Do breaches also come from within the business?

Yes, there are errors that can be created by an employee, as well as a malicious component of human element, which is huge in the business environment.

Should all companies have a prevention programme?

There should be a loss prevention programme in place and I think it should start with the internal response plan. The plan should identify who is in charge of preparing for a breach, determine how to prepare it, and lay out processes so that the company is ready for any situation when it occurs.

A company also has to have a post-breach response plan. There has to be a mitigation component and within that there should be an internal response plan, which is going to lead the charge in how the company handles a breach.

Are you still being approached by large companies that do not have cyber cover in place? Why do you think they are yet to purchase cover?

Yes, and I think there are a lot of reasons why companies are still not purchasing cyber coverage. I think there is a disconnection in the type of information sharing which is going on within the cyber risk community, particularly on the brokerage side.

I believe the sophisticated brokers are able to share good quality information, starting from a risk management perspective all the way down to insurance.

But, unfortunately, I think in some cases there tends to be a disconnection in the communication process.

That means the corporations may not have had the risk properly explained to them and do not understand the value of the insurance.

In those situations, what you get is disconnection and confusion, which makes it a much harder process for a company to secure the proper insurance.

How often should companies be updating covers because of new emerging risks?

Those updates should be made annually. At the moment we know that the cyber policies are still going through changes and we are seeing emerging risk taking into account the bodily injury and property damage component of an event.

Most cyber insurance policies are not addressing bodily injury and property damage, and if they are, it’s a small segment of the insurance market place that is able to provide such.

Not all companies have the exposure but there are a lot of companies out there that are concerned an attack on their computer systems could result in some sort of bodily injury or property damage, particularly from organisations that are in the power and utility sector.
The latest features from Captive Insurance Times
What should a captive look for when hiring a firm to manage its portfolio? Stephen Nedwicki of Comerica Bank takes a look
Martin Membery and Andrew Holland of Sidley Austin discuss the signing of the EU-US bilateral covered agreement and who will potentially benefit from it
Join Our Newsletter

Sign up today and never
miss the latest news or an issue again

Subscribe now
Michael Zuckerman of Temple University Fox School of Business makes the case for a captive insurance company independent board director
This year’s Bermuda Captive Conference highlighted the importance of the captive industry to the island, and the need to stay ahead of the curve in terms of regulation and innovation in order to maintain its global status
Brady Young, Stuart King and Andrew Berry tell Becky Butcher about the decision to expand into Europe with a new operation in Dublin
Unscrupulous micro captive managers and their motley crews might have walked their last plank following the ruling in the good ship Avrahami
More than 200 delegates gathered in Charlotte, North Carolina, to attend the state’s three-day annual captive insurance conference. Becky Butcher reports
John Dies and Steve Miller of alliantgroup analyse the Avrahami tax court case decision, and warn captives to take a look at their own programmes
Domicile profiles
The latest domicile profiles from Captive Insurance Times
Although the Isle of Man is currently focusing on updating its regulatory framework, Solvency II, Brexit and the Asian market all hold big opportunities for the island
Debbie Walker of the North Carolina Department of Insurance tells Becky Butcher why the state is among 2017’s standout performers
Asset Servicing Times

Visit our sister site
for all the latest asset servicing news and analysis
Experts convene to talk to Becky Butcher about the stability that Guernsey represents in a challenging financial and political environment
In an era of increasing uncertainty, Tamatoa Jonassen suggests that the Cook Islands can be a bridge to financial security in a captive
With a dedicated captive plan in place, the Lone Star State is on the rise, says Josh Magden of the Texas Captive Insurance Association
After 36 years of captive business, Vermont boasts a culture of legislative change, and still has a few tricks up its sleeve. Dan Towle and David Provost explain
After a successful 2016 and the licensing of its first securitisation cell company, Malta insurance industry professionals are looking ahead to 2017
Missouri’s captive programme is approaching a decade in operation. John Talley explains how the state has made it to this milestone
The latest interviews from Captive Insurance Times