Phishing for trouble


What do captive insurers require from their parents in order to prevent a cyber attack?

Like any other insurance company, they are going to want to see controls and see how the company is mitigating the exposures of cyber risk. They are going to look for multiple things, such as checking to see that response plans are in place, with decent technology and coordination among their functional operating groups so that there’s discussion about what type of cyber risks exist in the company.

What are the main problems within a business that can cause a cyber breach?

There are so many different conclusions on what ranks as the top issue causing cyber breaches, but studies suggest that hacking, phishing and social engineering are the main causes. I think that you can definitely rank phishing as one of the biggest issues in 2016, with ransomware being one of the highlights. There are also obvious causes for breaches, such as hacking events, and human error or human element events.

Do breaches also come from within the business?

Yes, there are errors that can be created by an employee, as well as a malicious component of human element, which is huge in the business environment.

Should all companies have a prevention programme?

There should be a loss prevention programme in place and I think it should start with the internal response plan. The plan should identify who is in charge of preparing for a breach, determine how to prepare it, and lay out processes so that the company is ready for any situation when it occurs.

A company also has to have a post-breach response plan. There has to be a mitigation component and within that there should be an internal response plan, which is going to lead the charge in how the company handles a breach.

Are you still being approached by large companies that do not have cyber cover in place? Why do you think they are yet to purchase cover?

Yes, and I think there are a lot of reasons why companies are still not purchasing cyber coverage. I think there is a disconnection in the type of information sharing which is going on within the cyber risk community, particularly on the brokerage side.

I believe the sophisticated brokers are able to share good quality information, starting from a risk management perspective all the way down to insurance.

But, unfortunately, I think in some cases there tends to be a disconnection in the communication process.

That means the corporations may not have had the risk properly explained to them and do not understand the value of the insurance.

In those situations, what you get is disconnection and confusion, which makes it a much harder process for a company to secure the proper insurance.

How often should companies be updating covers because of new emerging risks?

Those updates should be made annually. At the moment we know that the cyber policies are still going through changes and we are seeing emerging risk taking into account the bodily injury and property damage component of an event.

Most cyber insurance policies are not addressing bodily injury and property damage, and if they are, it’s a small segment of the insurance market place that is able to provide such.

Not all companies have the exposure but there are a lot of companies out there that are concerned an attack on their computer systems could result in some sort of bodily injury or property damage, particularly from organisations that are in the power and utility sector.
Features
The latest features from Captive Insurance Times
Jeremy Colombik of MSI and NCCIA chair explains to Becky Butcher that Notice 2016-66 could be detrimental to not just North Carolina, but other domiciles that are home to smaller captives
Alan Fine of Brown Smith Wallace explains how the industry should proceed after the Avrahami court case ruling
Join Our Newsletter

Sign up today and never
miss the latest news or an issue again

Subscribe now
Dana Hentges Sheridan, general counsel and chief compliance officer at Active Captive Management, provides insight into the differences between business risks and insurance risks
Predicting when interest rates will change is difficult, which is even more reason to maintain a disciplined approach to your investments, according to Stephen Nedwicki of Comerica Bank
Looking ahead to 2018, Phillip Giles of QBE North America predicts continued uncertainty for the healthcare reform
Michael Schroeder of Roundstone explains why transparency, control and cost savings are the secret sauce offered by a medical captive
Attendees of the Guernsey Insurance Forum heard how important it is for different parts of the industry to work together not only to co-exist, but also to collaborate
Captives must demonstrate they are both efficient and cost effective. Colin Freeman and Peter Downey explain what Barclays can do to help
Domicile profiles
The latest domicile profiles from Captive Insurance Times
Tennessee’s governor, commissioner, general assembly and business community have all worked together to create ‘explosive growth’ in the state’s captive insurance industry. Julie Mix McPeak explains more
Newly-appointed chairman of CCIA Michael Maglaras suggests that the future is bright for state’s captive industry
Asset Servicing Times

Visit our sister site
for all the latest asset servicing news and analysis

assetservicingtimes.com
Although the Isle of Man is currently focusing on updating its regulatory framework, Solvency II, Brexit and the Asian market all hold big opportunities for the island
Debbie Walker of the North Carolina Department of Insurance tells Becky Butcher why the state is among 2017’s standout performers
Experts convene to talk to Becky Butcher about the stability that Guernsey represents in a challenging financial and political environment
In an era of increasing uncertainty, Tamatoa Jonassen suggests that the Cook Islands can be a bridge to financial security in a captive
With a dedicated captive plan in place, the Lone Star State is on the rise, says Josh Magden of the Texas Captive Insurance Association
After 36 years of captive business, Vermont boasts a culture of legislative change, and still has a few tricks up its sleeve. Dan Towle and David Provost explain
Interviews
The latest interviews from Captive Insurance Times