Last week news broke of two security flaws in computer processors that affect virtually all computers, smartphones and smart devices such as televisions and refrigerators.
The first flaw, nicknamed “Meltdown,” applies specifically to Intel chips. The second flaw called “Spectre,” is more difficult for an attacker to exploit but has no available patches yet and lets attackers access the memory of devices running Intel, AMD, and ARM chips.
This article from Woodruff Sawyer & Co., an insurance and risk management company, considers the cyber insurance underwriting implications of these flaws. The article states that once a bug becomes known and a patch or solution is available, the burden shifts to the device owner to download the patch and update their device. Cyber underwriters will want to know if business owners have patched all vulnerable devices, and how long it took to do that after the patches became available.
Another area of underwriting focus will be device obsolescence. Intel has stated that the patches released to address the vulnerability will focus on devices introduced in the last five years. Since manufacturers are not motivated to keep updating old equipment, and it may be difficult for companies to ensure that their entire network is free of the vulnerability if they don’t migrate to newer machines.
The article concludes that companies that are proactive in dealing with the chip vulnerabilities will improve their cyber security – and their ability to secure good cyber insurance.
Identity theft is the biggest threat consumers face when shopping online, according to security expert Dr. Yair Levy. Before venturing online for Cyber Monday deals, here are some tips from Dr. Levy which appeared in a recent Sun Sentinel article:
- Use a dedicated credit card for online purchases and a separate card for to pay bills, buy gas, groceries, etc. If the card is compromised, it’s easy to cancel the account.
- When making purchases, verify a secured connection by looking for a little padlock or by making sure the Web address starts with “https://” (the “s” stands for secured).
- Don’t use free wi-fi on your mobile device.
Phishing scams are becoming more frequent and more sophisticated, so be wary of emails or texts claiming to be from your favorite retailer. The best defense is not to click on links in a message or give out any personal information. If the message is legitimate, you can always go directly to the retailer’s website.
For more on identity theft and cybercrime, visit our Facts & Stats page.
Cyberattacks from other countries are now seen as a major threat to the U.S. by 72 percent of Americans, according to a national survey from the Pew Research Center.
This view has changed little in recent years, apparently. But what has changed is public opinions about other global threats.
Take climate change—now viewed as a major threat by 58 percent of Americans, up 7 points since January, and the highest share since 2009.
The survey was conducted October 25-30 among 1,504 adults.
Risk management services are an important way cyber insurance adds value for small businesses, according to a new I.I.I. paper.
In Protecting Against #Cyberfail: Small Business and Cyber Insurance, I.I.I. co-authors James Lynch and Claire Wilkinson say:
“The provision of these types of services is considered a growth area in the cyber market for SMBs, where price may be a barrier to insurance coverage in the first place. For larger companies, cyber-related risk management services may be offered at a discount or for free.
“For SMBs in particular, offering a risk management or training solution where they can learn more and keep themselves up-to-date on current threats is perhaps most valuable.”
Also heard at the Advisen Cyber Risk Insights Conference in NYC last week: part of the value proposition for SMBs is that cyber policies offer solutions, not just coverage.
Andy Lea, vice president underwriting for E&O, Cyber and Media, CNA, told the conference: “The value proposition is more prominent with SME and middle market companies that just don’t have resources available in-house to manage risks. This is an opportunity for brokers and carriers to add value.”
In the third week of National Cyber Security Awareness Month, Insurtech Insights newsletter by CB Insights gives a timely update on the cyber insurance market, and where startups are playing in this growing industry.
It notes the “tremendous opportunity” to sell cyber insurance to small businesses.
A recent Better Business Bureau study estimates that 15 percent of small businesses have cyber insurance. BBB Accredited Businesses are almost three times as likely to include cybersecurity insurance.
Fortunately, about nine out of 10 businesses reported to the BBB they have some cybersecurity measures in place, with the most common ones: antivirus; firewall; and employee education:
$125 million. That’s the first estimate of the insurance industry loss due to the Equifax cyber breach published by Property Claim Services (PCS).
Per Artemis blog:
“PCS’ initial estimate of the insurance market impact due to the Equifax hack attack is $125 million, however the firm said that the economic impact to the credit giant is expected to be much larger.
“PCS noted that there are outstanding coverage issues which could reduce the likelihood of the Equifax cyber insurance loss reaching the $125 million estimate, so it could be revised down it would appear.”
Equifax’s specific cyber insurance policy could provide as much as $150 million of coverage, according to Artemis.
Launched in early September, the PCS Global Cyber service provides industry loss estimates for cyber risk loss events of at least $20 million worldwide. The Equifax hack was its first designated event and PCS has since designated its second global cyber loss event, the impact of the Petya/non-Petya malware attack on pharmaceutical giant Merck & Co in June.
Whether you’re an InsurTech startup with new ideas or an incumbent concerned about protecting your book of business, the greatest risk you can take may be to resist collaboration, according to a post on Willis Towers Watson Wire.
In Threat vs Opportunity? InsurTech is largely a matter of perspective, Andrew Newman, president and global head of casualty at Willis Re, says while it’s understandable that many insurers have perceived InsurTech as a threat to the value chain, the biggest threat lies not in technology itself, but in competitors of any description leveraging these innovations to gain advantage by reducing risk and lowering costs.
“The plain fact is that the vast majority of InsurTech companies aren’t interested in going to war with incumbents. Their focus is on creating value within the insurance value chain – not collapsing it. So if incumbents embrace ‘disruption’, rather than concentrating on defending themselves by keeping these opportunities at arm’s length, then they will find that the available technology is largely complementary to most of the current processes in the industry.”
Download the presentation Insurance: Leading Through Disruption by Insurance Information Institute president and CEO Sean Kevelighan to find out more about how the industry is poised to lead through disruption.
The cyber savvy have heard of phishing – sending thousands of malware-laden emails hoping for one unsuspecting click – but the Internet of Things introduced a new kind of fishing. It involved actual fish.
An internet-connected fish tank in a North American casino was used as an initial entry point into the casino’s network. This is one of nine examples of unusual attack vectors listed in a recent report from the security firm Darktrace. This report contains nine real-world examples where sophisticated methods, advanced technologies, or unusual strategies were employed.
The report warns that “…we are seeing new areas of vulnerability arise as modern companies embrace the ‘Internet of Things’. The proliferation of new connected objects multiplies the inroads to critical networks and data, yet organizations often have remarkably poor visibility of these hidden outposts of their networks. ”
In addition to the threat posed by “things”, the increasing digitization of everyday work processes means that legitimate network users can (accidentally) expose data and systems to significant vulnerabilities.
Another growing security concern is that the automation of malware production means that attackers can spread malicious software at lightning speed, outpacing the efforts of human security teams to identify and block new variants of threats.
Sean Kevelighan, the I.I.I.’s chief executive officer told a U.S. Senate Subcommittee in Washington, D.C., today that U.S. auto, home and business insurers pay an estimated $30 billion annually —nearly 10 percent of their total claim payouts—in fraudulent auto, home, and business insurance claims. To combat fraud insurers are increasingly turning to vendors who offer technological innovations stemming from big data and artificial intelligence. These vendors are allowing insurers to assess prospective customers, verify claims and identify suspicious activity in ways that were not previously possible.
In a report released last month, the Boston-based Aite (pronounced EYE-TAY) Group outlined the fact that insurers are recognizing their fraud-fighting efforts must adapt to this new era, and found reason for optimism. The Aite Group reports insurers are retaining state-of-the-art vendors, like data aggregators, producers, and receivers and then analyzing this data through the use of artificial intelligence and predictive analytics. The result? Insurance companies are equipping themselves with the high-tech tools they need to assess a prospective customer, verify a claim, and identify suspicious activity.
Click here for the full testimony.
You’ve heard about self-driving cars, but what about autonomous ships?
Fortune Tech reports that the world’s first autonomous cargo ship, to be christened the Yara Birkeland is expected to start sailing in 2018, initially delivering fertilizer along a 37-mile route in southern Norway.
“The ship, according to the Wall Street Journal, will cost $25 million, about three times as much as a conventional ship of similar size, but will save up to 90% in annual operating costs by eliminating both fuel and crew.”
Analysis by Allianz Global Corporate & Specialty (AGCS) shows that human error accounts for approximately 75 percent of the value of almost 15,000 marine liability insurance claims studied over five years, equivalent to over $1.6 billion.
From the AGCS Safety & Shipping Review 2017:
“Autonomous vessels could improve maritime safety and revolutionize movement of cargo on a scale not seen since containerization.”
Check out Insurance Information Institute facts & statistics on marine accidents.