A recent webinar attended by insurance brokers in New Zealand and Australia provided an overview of current cyber threats and how brokers can help risk manage these challenges for their clients.
“The first thing I would always say is don't panic,” said Mitch Riley-Meijer (pictured, left).
Riley-Meijer is cyber risk and incident response manager for law firm Mills Oakley. During the Agile Underwriting webinar, he explained what cyber incident response looks like.
“There's always that moment of identification when something suspicious is occurring on the network,” he said.
For a broker’s client that could mean, for example, “a bunch of emails being rapidly sent out from a mailbox”, or a CrowdStrike style event, said Riley-Meijer, where blue screens start appearing across the office.
“Or maybe you log in one morning and you notice that a number of files are encrypted and you can't access them and there's a little text file that's quite prominently placed that says, ‘How to recover files,’” he said.
Then the fault finding starts together with some quick assessment.
“That's where you start to get a bit of an understanding of what’s happened and that you need to contact your insurer and start an incident response process,” said Riley-Meijer.
That incident response - if his firm is the insurer’s partner - starts with what he called a “triage call” with his team.
“It's really to understand what's occurred and what are the indicators of compromise,” said Riley-Meijer.
He suggested that the keywords a client uses to describe what’s happening can offer a very useful indication of the type of attack that’s occurred.
“For example, when I start hearing, ‘I can't access my files and my backdrop is different’, I start thinking: ransomware,” said Riley-Meijer. “Or if someone says emails are being sent out of my mailbox, I start thinking: business email compromise.”
He said these “indicators of compromise” can give an early picture of what the cyberattack consists of and help set up a successful response.
“Cyber insurance is often referred to as the most talked about, least sold policy in the insurance market,” said James Crowther (pictured, right). Crowther is Agile’s head of emerging risks.
He gave an opinion around what cyber covers could be best for a broker’s client.
“We don't think extensions are appropriate,” said Crowther. “We think something which is more fit for purpose is a standalone insurance policy with adequate limits, which covers malicious and non-malicious cyber events, is the way to go and is probably better for our brokers.”
Jason Symons (pictured, centre), who facilitated the webinar, agreed and suggested brokers look for offerings that “really support the insured from end to end.”
The Mills Oakley partner and specialist in cyber risk and insurance, said this means coverage that starts with the initial incident and extends through to third party claims and even regulatory investigations after the attack.
Riley-Meijer detailed some of the key types of cyberattack that brokers should be aware of.
“I think the main one, that has always been a bit of a spectre in the background for small to medium size businesses, is business email compromise,” he said. “Reports and statistics show that, on average, it's costing about AUS$50,000 for a business to respond.”
He said another major threat, ransomware, is now a business model for threat actors.
“It’s becoming commonplace on the dark web for people who manufacture ransomware to sell that product as a service,” said Riley-Meijer.
He said it’s possible to watch these transactions taking place on the dark web in real-time.
“Where they're [threat actors] sort of broking, if you will, ransomware manufacturers to people who want to buy ransomware products,” said Riley-Meijer.
These criminals have pricing guides, he said, and behave much like a structured business.
Another big cyber challenge, artificial intelligence (AI), said Riley-Meijer, has become more complex and sophisticated.
“AI-enabled fishing is becoming far more of a pervasive threat particularly to small to medium businesses where fishing was already a problem,” he said.
For the next 12 months, Riley-Meijer said he expected AI to become a more significant threat.
“But I wouldn't discount the traditional threats, if you will, around business email compromise and ransomware,” he said.
Are you a cyber broker? What do you see as your clients’ main cyber threats? Please tell us below
