Getting to know the Corvus Scan

If you work with Corvus, you know that the Corvus Scan is a critical part of what makes our Smart Cyber Insurance policies work. It’s what enables us to quickly provide customized price and coverage options for brokers and helps to make our form one of the shortest in the industry.

What you might not know is exactly what goes into each scan, behind the scenes. 

How the Corvus Scan works

The Corvus Scan is a non-invasive test of an organization’s web-facing assets. Since it doesn’t involve penetrating an organization’s IT systems, we don’t require a password or any special access. All of the information we need is out in the open — you just have to know where to look, and what to do with it.

Finding out where that information is — all of the IT “exposure” the organization has in terms of infrastructure they own or use — is what takes place in the first phase of the scan: the Discovery phase. After that, the Testing phase involves running vulnerability tests against the assets that have been identified in order to assess security.

Corvus Scan Infographic

Finally, the results of the tests are aggregated and weighted appropriately given their severity. And once the policy is in effect, further monitoring takes place on a continuous basis. If any external events occur that may jeopardize the organization, they will be notified. This all takes place during the Recommendations and Ongoing Monitoring phase.

While those are the basics, many brokers and policyholders we talk to are interested in getting deeper into what goes into the scan. That’s why we created a document that covers it all: from how the scan works, to the three phases in the scan process, and how the results are turned into our Dynamic Loss Prevention Reports.

Click here to access the Corvus Scan overview and learn all about the scan!

Historical data won’t predict Cyber claims. Here’s what will.

In most insurance arenas, historical loss data is paramount in perfecting pricing and other underwriting strategies. Not so in Cyber Insurance. An examination of large data sets relating to prior breaches is not without interest, of course. But most aspects of Cyber Risk are dynamic: the types and sources of attacks, levels of awareness and defense on the part of organizations, and the ever-growing digital surface area of organizations — these are all in flux. As a result, reliance upon historical loss data, that pillar of insurance underwriting, will likely lead to a false sense of security among many insurers.

Insurance underwriting – the traditional way

In order to demonstrate how Cyber Insurance poses new challenges to the commercial insurance industry, we must first consider traditional underwriting approaches. Let’s approach it through the lens of Property Insurance. There is an immense amount of historical data about the frequency and severity of property losses from major perils like fire. Through both intuition and the gathering of data over decades, insurers are able to identify distinguishing risk characteristics and to quantify those differences.

For example, property losses may be several times as likely to commence in a building made of wood as opposed to a building made of non-combustible materials. Property losses are also mitigated by common defenses that have been well studied. Greater losses are more likely to occur in a building without a modern sprinkler system than one with a system of sprinklers. Consider also temporal conditions. The fire hazard posed by the operations of a paper goods wholesaler or a law firm has not changed in decades. The operations of these companies and the fire risk arising from them are well studied. The past can accurately predict the future.

Cyber Risk is immensely dynamic

Digital risks are much more challenging for insurers to measure. This is due in part to a lack of expertise. Most do not examine, in a digital fashion, the IT Security of their prospective insureds other than by asking questions on a quickly-outdated application. Over time, insurers have gone deeper into the Cyber Insurance market and have suffered losses that can produce intuitions and data-driven assumptions about future risks. This information is certainly important—but the tendency in insurance to rely upon historical data may finally meet its match in Cyber Insurance. Digital risks should be evaluated using digital tools.

Cyber Risk is not as static as most other arenas of risk. Unlike fire, whose nature does not change, the Cyber Risk peril is in constant motion. Consider cyber thieves. They don’t rest idly with their current methods, waiting for law enforcement or the security industry to catch up — these thieves make a living inventing new types of scams, ransomware attacks, and phishing formats. They are innovative in a way that fire risk simply cannot be. Their strategies change in order to increase the likelihood of success. The international nature of the internet along with powerful state actors like North Korea make the source of the peril ever-changing.

Of course, the nature of the peril is not the only dynamic aspect. The defenses used by organizations are also in constant motion. New Cyber Security companies seem to pop up like mushrooms in the spring. They offer new detection and prevention systems for companies large and small. It is a challenge just to identify the nature of these changes, never mind evaluating their effectiveness. Sprinkler systems never had to change so quickly.

The biggest source of unreliability in prior experience is the use of the internet by the policyholders themselves. It seems that every function is moving to digital platforms with cloud-based systems. Not only does this pose new aggregation risk for insurers, but it also means that most organizations are increasingly reliant on web-based platforms for customer orders, logistics, quality control, product operation, safety, and more. Thankfully, this is countered by an increasing level of attention being paid to Cyber Risk security by organizations.

Lastly, the use of static underwriting tools like document-based applications leads to a tendency to collect information that is quickly outdated. While insureds are seldom malevolent, there is a tendency nonetheless for many to put less than their full effort into the underwriting process — particularly when it seems so antiquated by the nature of its questions.

How can insurers respond to this new risk environment?

There are a number of strategies for insurers to address the ever-changing risk dynamics of Cyber.

First, underwriting information needs to be focused on the near past instead of the distant past. That means opening up to the possibility of using proactive measures to assess risk at a point in time, not just by using an aggregation of past data. Put differently, if the digital “footprint” of a business is constantly growing and evolving, the most accurate assessment of risk will necessarily be one that examines an organization’s digital landscape as close as possible to the moment the policy is quoted — not what it looked like last quarter or last year, or generally over the past 5 years.

To accomplish this up-to-the-moment assessment, insurers need platforms that use AI and machine learning to automate the process of scanning web-facing infrastructure, and which can process new information about threats and defenses far more quickly than a labor-intensive questioning process about the company’s systems. These kinds of scans are typically found within the realm of cyber security, where vendors work to actively protect clients rather than underwrite risk. But such technologies are making inroads in the insurance industry as their value for underwriting becomes better understood. A side benefit of using an automated assessment is that it bypasses the human element, eliminating inaccuracies based on misunderstanding, error, or laziness.

Insurers should also be wary of becoming too reliant on the historical data approach that has served so well in everything from Property Insurance to Workers Compensation to Products Liability Insurance. Looking back at a decade of cyber attacks to judge risk at the point of quoting a policy isn’t enough. With dynamic cyber crime trends, information about current risks should be both included in the initial risk assessment and also shared with policyholders as new information becomes available. The cyber crimes relevant in 2017 may not be relevant in 2019. Insurers can protect themselves from increased risks by helping their policyholders proactively protect against new threats throughout the policy period.

Digital tools are needed to assess digital risk. The sooner insurers accept and act upon this directive, the better cyber insurance will be for insurers and policyholders alike.

Corvus Shortlisted for Two Cyber Risk Awards

The Corvus team is excited to be participating in Advisen’s 2019 Cyber Risk Awards!

Corvus has been shortlisted in two categories: Cyber Newcomer of the Year and Cyber Risk Innovation of the Year for our Smart Cyber Insurance™ product. We’re honored to be among the great companies in these categories, with leaders in cyber insurance on the cutting edge of innovation in our field. 

Can we count on you for a vote?

It means so much to us to know that brokers and partners we work with see the value in our products. If you feel that we’ve earned your vote for Cyber Newcomer of the Year and Cyber Risk Innovation of the Year, you can head to Advisen’s website to learn more about the awards or click here to go straight to the voting form to cast your vote. We truly appreciate it.

About Smart Cyber Insurance

With Corvus’s Smart Cyber Insurance policies, rich sets of data are gathered through our non-intrusive Corvus Scan, and analyzed with the help of AI to instantly and accurately assess risk to inform underwriting. Our Dynamic Loss Prevention Reports provide actionable recommendations to mitigate risk and prevent claims over time, including real-time threat monitoring, while the CrowBar platform provides on-demand access to policy information, claims reporting, loss prevention recommendations, and business intelligence.

With Smart Cyber Insurance, brokers can be confident in delivering their clients the data and understanding they need to make key decisions about their coverage, and reduce their cyber risk over time.

Click here to learn more about Smart Cyber Insurance.

Cyber Policyholders Need Security Data – Brokers Can Help

Few cyber insurance policyholders have a security program in place. That’s an opportunity for insurers and brokers. 

For large businesses, cyber risk is a fact of life. After the spate of privacy breaches and ransomware attacks experienced by companies with household-name brands, including the WannaCry and NotPetya attacks of 2017, cyber risk shot up to the top of lists of business risks. A recent survey of large businesses from Willis Towers Watson suggested that 85% of US employers and 72% of UK employers consider cybersecurity to be a top priority.

In general, these companies have the resources to take on the issue of cyber risk head on with well-developed IT policies and programs throughout the enterprise. But if you’re not a Fortune 500 company (or even a Fortune 1000 company) are the headline-making events of the last few years enough to coax you to take action?

Most would answer yes, with some caveats. One way to look at this is by looking at the market for cyber insurance. The steady growth not just in the enterprise segment, but also in middle and small business segments, speaks for itself. Within the SMB segment, first-time buyers of cyber insurance policies grew an average of over 30% each quarter for the year leading up to Q3 2018. That is substantial growth.

Yet awareness of the issue, and the penetration of cyber insurance, doesn’t provide a complete picture of risk, or what companies can do about it.

A recent survey from the Council of Insurance Agents and Brokers (CIAB) found that just 37% of commercial brokers’ clients have a security program in place to prevent or mitigate the effects of cyber attacks. These clients run the gamut from SMBs to the largest enterprises. The number is surprising given that this is a sample of companies that we already know have cyber insurance – so they are certainly aware of the risk, and willing to take steps to mitigate their financial exposure. Yet few have put procedures and programs in place to prevent the events they are insured for.

This points to a major opportunity for the insurance industry.

Companies of all sizes are clearly looking to insurers for help to protect against cyber risk. While the world’s biggest companies are already backing up their cyber insurance policies with standardized security procedures deployed across many thousands of employees and applications, companies in the vast middle market, including many large businesses, are not. The insurance industry serving this market can surely underwrite the risk and provide policies — but we can also help provide the knowledge companies need to help push toward safer practices and policies for cyber.

The key, as with much innovation in today’s business world, is data.

As cutting-edge cyber insurers develop new means of identifying and pricing cyber risk, the next frontier should be deploying that knowledge in ways other than simply fueling a premium and coverage decision. The opportunity is there for insurers to arm brokers with data about their clients’ vulnerabilities. In turn, brokers have the opportunity to relay that information to clients, ensuring they understand it. The challenge for everyone throughout the insurance value chain is presenting data clearly, making it actionable for the policyholders.

The CIAB survey noted that 85% of brokers have a “strategic approach to marketing and educating clients about cyber risks.” It’s time for insurers and brokers alike to take it a step further. If clients can get their hands on actionable information about cyber security — armed with knowledge of what it means, and what to do about it — it could mean fewer claims, lower premiums, and a safer web environment for everyone.

Now In Flight: Smart Cyber Excess Insurance™

Today I’m thrilled to announce the latest product to take flight from the Corvus nest: Smart Cyber Excess Insurance. This product was created in response to demand from our brokers for excess capacity in cyber, and brings increased underwriting appetite for our Smart Cyber Insurance™ product lines.

Under a new underwriting mandate from Hudson Insurance, our risk-taking partner, Corvus now underwrites Excess Cyber Insurance for most types of organizations with up to $1 billion in annual revenues in addition to its primary offering. We now write Smart Cyber Excess Insurance policies with up to $10 million in aggregate limits.  

Just like all of our Smart Cyber Insurance policies, Smart Cyber Excess underwriting will be driven by the Corvus Score™ and will include Dynamic Loss Prevention™ (DLP) reports. Corvus Scores are based on an assessment of any enterprise’s IT footprint, including their vendors and partners, across eight critical security criteria. This provides holistic visibility into your client’s security programs to better inform underwriting. The Corvus Score also drives a customized DLP Report that includes recommendations and business intelligence you can use to inform your clients about their cyber risk and help them to reduce the total cost of risk.

As a broker we know you’re always working to provide the best options for your clients, and we couldn’t be more excited that Corvus will now be among your options for Excess Cyber.

If you’d like to learn more about our Smart Cyber Excess Insurance, please contact me here

What is Silent Cyber Risk?

By now, you’ve likely heard about “silent cyber” — after all, it’s been the most talked about term in global commercial insurance for the past year or so. It seems like every major reinsurer, broker, and insurance publication has commented on the topic, and explained the risks it poses.  

What you may not have heard yet are suggestions for how insurers can take action to avoid those risks. It’s a difficult problem for insurers to solve, for a number of reasons — but there are ways to start mitigating the risk through the use of technology. We cover these challenges, and suggestions for overcoming them, in our new whitepaper: Silent Cyber: Threat or Opportunity? If you want to read more in-depth on the issue, head over to check out the full whitepaper now.

If you’re just getting started, read on as we discuss the basics of the issue of silent cyber: what it is, and how we got here as an industry.

What is Silent Cyber Risk?

Silent cyber risk is a term describing the possibility that an insurer of a non-cyber insurance policy (e.g., Property, Business Interruption, General Liability) could assume risk triggered by a cyber peril such as a ransomware attack, denial-of-service attack, or data breach. Importantly, the policy in question must be “silent” about cyber: neither mentioning cyber risk as part of the coverage, nor excluding it. By covering things like damage to property or business interruption that are potentially impacted by a cyber attack, but not defining how that situation will be handled, you have the conditions for silent cyber risk.

There are a few different ways silent cyber risk can manifest. Sometimes the insured business does not have any sort of standalone cyber insurance policy at all — only non-cyber policies that are silent on cyber. In others, a business may have a cyber insurance policy, but also have cyber-silent policies covering property or general liability. Those non-cyber policies may still be impacted by certain perils that are beyond the scope of the standalone cyber policy. Lastly, there may be cyber-specific language (“affirmative cyber”) included in some non-cyber policies, but not others.

Needless to say, things can get complicated with ambiguity at various levels. Each situation is unique to the business and its coverage.

How Did We Get Here? A Brief History of Silent Cyber

The first cyber insurance policies, issued in the 1990’s, were limited in scope. Over time, as new risks emerged and demand for insurance grew, insurers offered increasingly complex insurance policies. That expansion of coverage allowed insurers of other traditional commercial Property & Casualty (P&C) insurance policies to remain silent, hoping that cyber policies would come to the rescue if there were claims.

The mode of complacency was shaken in 2017, when a series of attacks on major global businesses rocked the insurance industry. The NotPetya and WannaCry ransomware viruses affected large, global businesses like FedEx, Merck, Mondelez, WPP, and Maersk, among others. In each case costs ran to the tens or hundreds of millions of dollars. At the high end, total losses for some companies were reported to have exceeded $1 billion.

Costs were driven not only by direct damage, such as infected computer hardware, but also business interruption losses. Property/Business Interruption insurers covering the affected companies likely did not underwrite cyber risk under their policies, nor did they charge an explicit premium for the risk. Alarm bells began sounding in insurer board rooms across the world.  

The attacks had the effect of magnifying the silent cyber issue. In several cases insurers paid out millions in affirmative cyber coverage, but those claims represented a small fraction of overall losses for businesses. The rest of the losses, due to business interruption for instance, remained ambiguous due to cyber silence and left insurers open to the risk of disputes if insured companies were to seek redress. With hundreds of millions in losses uncovered, the stakes are high for all involved.

Why Can’t Insurers “Speak up” on Cyber?

If you’re interested in learning about why silent cyber risk persists, and what can be done about it, we invite you check out our free whitepaper: Silent Cyber: Threat or Opportunity.

While you’re at it, follow us on Twitter for more content and commentary on cyber insurance and the intersection of insurance, data and technology: @CorvusInsurance  

10 Years in Cyber Risk

The “10 Year Challenge” meme that made the rounds last month on Facebook and Instagram got us thinking about how things have changed in a decade in the world of cyber risk.

Looking back to the cyber risk landscape of 2009, it’s not a clear-cut narrative of change between then and now. In fact, it’s a bit like the people who shared their photos for the challenge: on the surface, much is new and different – yet certain more essential aspects remain unchanged.

First let’s look at the similarities. In a general sense, cyber risk was already well-known 10 years ago, at least in government, military, and tech, if not in the broader business community. That year, President Obama launched a White House cybersecurity office and focused a major speech on the subject. North Korea made headlines for alleged cyber attacks on South Korea. Twitter suffered its first high-profile distributed denial of service (DDoS) attack. Spear phishing was known as one of the top tactics for hackers. Many of these stories and topics wouldn’t be out of place if published today, with a few names and details changed.

But just as technology has driven rapid change in how we communicate and consume information on the Internet in the last 10 years, cyber risk has evolved and expanded. Here are three of the key ways that cyber risk has changed.

The scale of cyber risk has exploded

First, scale. In 2009, the iPhone was only two years old, and Android was in its infancy. The predominant access point for the Internet was the personal computer and web browser, and most businesses still hosted their data in on-premises servers.

Today, our smartphone apps, speaker systems, thermostats, cars, and even household appliances are increasingly Internet-connected and thus are potential vectors for attack. Next year it’s expected that there will be 20 billion IoT devices in use worldwide; in 2009 that number was under 1 billion.

Meanwhile, this trend toward increased connectivity has led to increasing loads of data being collected and stored by businesses, who in turn have dealt with the task of managing and storing that data by turning to cloud-based storage options. Now, not only are businesses holding onto an abundance of data, it’s also being stored in a way that increases the attack surface – scattered on third-party servers that are often accessible through the web.

On the basis of scale alone, cyber risk is a completely different conversation in 2019 than it was in 2009.

Cyber risk has gone mainstream

Next is awareness. For business leaders, the last 10 years have presented a series of wake up calls in the form of data breaches and ransomware attacks. Target and Home Depot in 2013 and 2014. Anthem, the major health insurer, in 2015. A slew of major businesses in 2017, including Equifax, Merck, Maersk, and more. All of a sudden, the cyber risk conversation spread from the realm of datacenters and nuclear facilities into the mainstream of businesses large and small — and their employees, personal computers, and customers.

A survey from Allianz of business leaders puts cyber risk at #2 on a list of business risks – up from 15th just five years ago.

The cyber risk conversation is now an insurance conversation

Finally, one that’s close to home for us at Corvus: insurance. While cyber insurance has been available in some form since the 1990’s, it has only become a common, well-known option for businesses much more recently. Once businesses came to grips with the scale of the digital assets they had to protect, and the business risks posed by high-profile cyber attacks, they naturally looked to their insurers for help. The industry has responded, and now there are a number of options for cyber insurance, both from traditional insurers and from startups like Corvus who work with carriers.

Aside from the fact that there are more options to insure cyber risk, there is also far more in the way of information and knowledge suffused throughout the insurance industry. As with other complex commercial insurance products, insurance brokers are the preferred channel for businesses to get informed about and acquire insurance. Wholesale brokers and some retail brokers are increasingly folding cyber into their standard set of commercial offerings, and developing institutional expertise in insuring cyber risk.

Part of extending knowledge about cyber risk is sharing data, something that is possible, and indeed welcomed, in cyber insurance today. This is a departure both from the cyber landscape of 2009, and from the traditional model of insurance. The digital landscape is constantly evolving — and with new types of threats, and new vulnerabilities, popping up constantly, predicting risk is hard. That’s why, for insurers, gathering as much new data as possible about cyber risks is critical; and why sharing that data with brokers, and in turn with policyholders, helps to prevent claims and improve the products that get put into the market. Sharing data has become a cornerstone of our approach at Corvus, and makes cyber insurance unique within the field of insurance.

The last 10 years have brought a massive changes to cyber risk, and the next 10 are sure to bring more yet. All of us in the cyber insurance field are working to ensure that in spite of its constant evolution, the cyber landscape becomes safer more predictable by the end of the next decade.

What’s in a Name? The Story of “Corvus”

We’re often asked about the significance of our name, Corvus Insurance. It’s a story we enjoy telling, because it helps explain our approach to building products and writing Smart Commercial Insurance™ policies.

Corvus is a class of birds – a genus, specifically – that includes species like crows, ravens, and rooks. As a group, these birds are known for their exceptional intelligence. Crows are said to be as smart as seven- to ten-year-old humans. They are great communicators and collaborators and have long, detailed memories.

Perhaps their most remarkable quality is their ability to create tools. Crows not only use twigs to extract insects from logs — they take it a step further by carving hooks at the end of the twigs to make them more effective. They’ve also been observed dropping crabs in busy roadways so that their prey is run over by cars, making for an easier snack. This kind of resourcefulness makes corvids fascinating creatures to study.

It’s these traits of corvids that inspire us at Corvus Insurance.

We, too, create tools, like our web-based platform CrowBar. We use all the materials available to us — in this case, not twigs, but rich streams of data — to uncover actionable information to share with brokers and their clients. By bringing a greater degree of intelligence to the entire commercial insurance process, we strive to deliver on the promise of our product name, Smart Commercial Insurance™.

That’s what makes us Corvids: resourcefully building tools to help empower insurance brokers with data and smart policies. We’re building our “nest” and growing our flock, and we are ready to soar with you.

Three Ways to Use Data to Win New Business in 2019

2019 is upon us and many brokers are already into their new production year. Organic growth from new accounts or new lines of property and casualty business are two major means of meeting and exceeding these goals— but organic growth is difficult, and so is grabbing the attention of insurance buyers. InsurTech advances are allowing for some exciting new developments in differentiated product development that can help open doors for new clients and help round out accounts with new kinds of coverages, such as cyber insurance. In particular, the use of previously ignored or inaccessible data can move the needle and get the attention of insurance buyers in 2019. But how can you do that with everything else on your desk? We’d like to pitch some ideas.

First, align yourself with partners that can put data to work for you. Corvus is one of many data suppliers to the industry. Others, using a SaaS (Software as a Service) model sell “seats” or “licenses” to brokers. Prominent among them are AIR Worldwide and RMS, which use data to predict the likelihood of catastrophes such as earthquakes and windstorms. Their data is also used to help brokers and insureds determine the maximum probable losses in certain situations. In the same way, Corvus provides reports from externally sourced data that can help you and your clients predict and prevent claims.

Second, determine which coverage areas have the most potential for you and your clients to leverage novel data sets. These will generally be in areas that are causing anxiety for customers, such as property catastrophe risk, cyber insurance, and areas with large severity exposure. Predicting and preventing large and uncertain claims is far more urgent for insurance buyers than managing smaller events like slip and fall liability claims– or even more predictable events, such as auto claims.

Finally, demonstrate your expertise by using social media. LinkedIn and Twitter are business favorites, but in some communities, Facebook can be a strong tool in getting out the news about new risks and solutions. Effective social media is frequent, with headlines that grab attention (but aren’t sensational), and timely (linked to recent news developments). It can be enhanced with strong graphics and links to larger reports and external sources. Corvus and other marketing-oriented underwriting partners provide this information to its brokers. You should not need to find this information yourself.

While Corvus is not the only company to master unique data sets in order to support insurance brokers and their clients, we are digital natives. Everything at Corvus is built with digital integration in mind. From data science to data analytics to social media and other marketing tools, it all results in victory.

For more information about how Corvus can empower your 2019 New Business plans, contact Gerritt Graham, Chief Commercial Officer at ggraham@corvusinsurance.com. Here’s to a happy and successful 2019!

Does OpenTable Equal Opening to Risk?

The risk of cyber-attacks and security breaches are becoming a critical concern for restaurant executives. Restaurants are experiencing a wave of technology innovation in everything from the customer experience to operational efficiency. With these technology enhancements comes an ever-increasing number of third-party vendors that interact with a restaurant’s customers and the business as a whole. New business relationships and processes can create security gaps, alter access to sensitive data, or cause increases in cyber risk liability exposures and threats.

The days of calling a restaurant for a reservation are all but over. Customers have come to expect real-time visibility into table availability online. Restaurants are becoming more and more dependent on apps to remain front and center with their customers, to increase traffic, and to better manage table turns. Loyalty programs are also being integrated to capture sensitive customer data, as well as to provide services like food delivery or tableside kiosks. These third-party technologies may or may not be integrated with the restaurant’s point-of-sale system but regardless, restaurant management will likely not have knowledge of how this data is stored, segregated, or transmitted. These third parties may also be sharing or sorting sensitive data with other parties unbeknownst to the restaurant, which creates vulnerabilities and entry points for cyber attacks and requires greater vigilance to protect customer data.

Payment processing is continuously evolving and increasingly shifting liability to the merchant if they cannot keep up with expensive and ever-changing technology standards. Therefore, strengthening resilience to cyber breaches is essential to business continuity.

The path forward for restaurant owners demands expanding cybersecurity programs in whole. This includes a core of controls and processes around the most sensitive assets, including up-to-date data on areas of vulnerabilities such as vendor software patching. Not acting on known areas of weakness in their environment is the most common factor for those that have been attacked. Awareness of how threats are evolving is critical to having the ability to analyze situations and to properly plan for business continuity.

What is also sometimes lost is that the biggest weakness with data security in the restaurant industry is the human component. It is an industry that is heavily reliant on lower cost labor, often experiences high turnover, and engages with a variety of third parties, including outsourcers; and directly interacts with customers through various physical and digital venues. This complex extended enterprise makes cultural awareness of data security important not only at the corporate level but also at the store level.

As the threats evolve, however, so does the spectrum of risk mitigation solutions that can be put in place to combat possible attack. Innovative insurance products, like the Smart Cyber policies offered through Corvus Insurance, use data scans to help restauranteurs identify possible vulnerabilities on an ongoing basis and provide liability coverage to address some of these new risks. Digital exposures emanating from third-party service providers should be adequately addressed in a cyber liability insurance policy. This may include comprehensive coverage extensions for contingent business interruption, PCI-DSS fines and penalties, and breach response expenses tied to contractual indemnification provisions. Sunshine is the best prevention as Corvus identifies risks for restaurants to manage.

Are you up to speed on “silent cyber” risk? Check out our new whitepaper: Silent Cyber: Threat or Opportunity?