29 June 2020
Corvus Team

Breach response during a pandemic: what brokers and their clients can expect

As society has convulsed with the effects of a global pandemic, the Corvus Smart Breach Response team has been tracking how the shifts in business, government, legal and social spheres have impacted breach response efforts.

As society has convulsed with the effects of a global pandemic, the Corvus Smart Breach Response team has been tracking how the shifts in business, government, legal and social spheres have impacted breach response efforts. 

What’s in store for an organization affected by an incident in the near future? Let’s dive in.

Communication Woes

First, it should be said that the platform for cyber risk is simply higher during this time, creating an environment with the possibility of more breaches. We discussed elevated cyber risk in a previous post. But specific to breach response, many of the same problems that increase risk also complicate the response.

For organizations, simply getting in touch during an urgent situation can be difficult. With unusual work schedules, parents juggling full time work and child care, and other factors, it may be harder to get everyone who needs to be informed and consulted about a potential data breach onto the same call at the same time. You can no longer tap everyone to huddle in a conference room. 

Distractions, just like with any of our calls, are a factor in breach response as well. A pet jumping on the keyboard, choppy WiFi connections, a child needing attention – these interruptions can range from comical to a minor annoyance in normal business discourse. When dealing with an acute situation like a cyber incident, though, where every minute counts, such situations can become more onerous. 

The effort to assemble a key team can be amped up dramatically in the case of a ransomware attack that has succeeded in shutting down access to IT for an entire organization’s employees, as happens in the most drastic ransomware events. Then, the inability to get a team together in a room can be truly crippling. If you can’t use your primary telephone or computer to log into a teleconference, what do you do? It can lead to some scrambling situations. 

Forensics, IT Resources and Shipping

Supply chains have been in flux due to Covid-19 for a number of reasons. Capacity is strained thanks to record use of online shopping and delivery services, making delays much more frequent. We’re even seeing that goods are lost more frequently. 

This can come to bite during breach response when trying to get evidence to the forensics firm to conduct their investigation.  While aspects of the forensics investigation can be sent and received electronically, often an organization has to send encrypted hard drives with forensic images of computers and servers to the forensics firm. Those deliveries have been delayed or lost more frequently during the pandemic. This highlights the importances of sending information on encrypted drives, so that if stolen or lost, the data is not accessible to the unintended recipient.

On-site collection of evidence or recovery of systems by external firms — something that is often needed for clients with smaller or outsourced IT departments — faces similar challenges. In the early days of the pandemic, people hesitated to leave their homes. And even with a willing vendor partner, coordination between in-house personnel, external IT resources, and building management (to gain access to closed facilities) proved tricky.

Dateline 2021: What Breach Response Looks Like

Uncertainty reigns in questions about how long the pandemic will persist and what a new “normal” looks like for business practices. For now, it seems unlikely that many companies will rush back from their fully- or mostly-remote status, and may never get back to their previous numbers of daily in-office workers. That means several of the challenges described here could become permanent fixtures of breach response. 

As we all adjust, look for new protocols and processes to be added to Incident Response Plans (IRPs) and Business Continuity Plans (BCPs) that factor in a more remote workforce. Now, more than ever, connecting with the right vendors who have experience guiding clients through breach response during the pandemic will help avoid the pitfalls other organizations experienced earlier this year.

The content of this article was adapted from a discussion between Lauren Winchester, VP of Smart Breach Response at Corvus, and Pasha Sternberg, an Attorney at Polsinelli PC specializing in privacy and cybersecurity matters. The two spoke during the Insurance Business America Broker Connect – Cyber virtual conference in June 2020.

View From the Nest: Welcoming Jocelyn Getson

An experienced insurance executive, Jocelyn brings to the Corvus Flock a holistic view of the evolution of our industry. Her passion encompasses identifying, building, and implementing risk-based insurance programs for a diverse array of partners.

Read Now

Mike Karbassi

Mike Karbassi is Vice President and Head of Cyber Underwriting at Corvus. He specializes in Network Security, Privacy Liability, Technology E&O, Media Liability, and Miscellaneous Professional Liability. Karbassi has over a decade of experience in insurance and is a graduate of the Boston University Questrom School of Business.

Gerritt Graham

Gerritt is the Chief Commercial Officer at Corvus. He has over 20 years of sales and marketing experience, primarily focused on technology and data solutions for the financial services industry.

James McElhiney

James co-founded Corvus and is the company’s Chief Technology Officer. A 30+ year technology veteran, Jaimie most recently served as CTO of Iora Health and previously co-founded Gazelle.

Mike Lloyd

Mike Lloyd is the Co-Founder and Chief Product Officer of Corvus Insurance. Previously, Mike co-founded Poncho, a personal lines agency InsurTech startup, and was a venture investor at FJ Labs. Mike has an MBA from Harvard Business School and engineering degrees from Virginia Military Institute and MIT.

Phil Edmundson

Phil is the founder and CEO of Corvus. A 30+ year insurance veteran, Phil co-founded broker William Gallagher Associates (acquired by Arthur J Gallagher in 2015) and was an active leader in both the Worldwide Broker Network and Council of Insurance Agents and Brokers. Phil is the Managing Partner of Edmus Ventures where he invests in InsurTech companies including Verifly, Wellthie, Agentero, and Cover Wallet, and serves on the board of Cover Wallet.

Play Video