There are two sides to cyber risk that brokers should understand when selling a cyber policy.
One gets talked about the most (at least by vendors who sell cybersecurity solutions): IT defenses. That means being prepared to keep out snooping hackers with technology solutions like firewalls and encryption, monitoring to know when an attack is taking place, and defense plans to take action when you are being attacked.
The other side of cyber risk is less sexy because it has no easy solutions. That is the people: your clients’ employees, their business partners, and their clients. With the increased incidence of “social engineering” tactics like phishing, people have become one of the biggest security risks for organizations of all types — government and private industry; high-tech and old-school; large and small.
After many high profile reports of social engineering in the past few years, there has been a surge in organizations providing information and training for their employees, teaching them to look out for these social engineering tactics. Perhaps you’ve sat through a mandatory webinar yourself. Those efforts are starting to pay off, as surveys this year have started to show reductions in self-reported risk in categories that include phishing and social engineering. Yet the continued prevalence (and success) of malware and phishing points to the limitations of training and education. Cybercriminals aren’t giving up so fast.
act, your client’s technical defenses can directly impact social engineering risk. Criminals go after companies they can identify as having low defenses because they are less likely to have adequate training programs in place. Often the victims in these situations are smaller companies without dedicated IT resources to provide proper education and protocol to their employees. At the other end of the spectrum, larger established companies whose sheer scale prevents them from being able to take advantage of the most up-to-date IT defenses can provide fertile ground because their organizational complexity is easy to exploit.
Whatever category your client falls into, there are steps they can take to mitigate risk.
Perhaps you’re gathering the conclusion here: gathering data on how risky your client’s business is and having a response plan in place are key to ensuring that the right level of effort is taken to mitigate risk and prevent loss.
Mike Karbassi is Vice President and Head of Cyber Underwriting at Corvus. He specializes in Network Security, Privacy Liability, Technology E&O, Media Liability, and Miscellaneous Professional Liability. Karbassi has over a decade of experience in insurance and is a graduate of the Boston University Questrom School of Business.
Gerritt is the Chief Commercial Officer at Corvus. He has over 20 years of sales and marketing experience, primarily focused on technology and data solutions for the financial services industry.
James co-founded Corvus and is the company’s Chief Technology Officer. A 30+ year technology veteran, Jaimie most recently served as CTO of Iora Health and previously co-founded Gazelle.
Mike Lloyd is the Co-Founder and Chief Product Officer of Corvus Insurance. Previously, Mike co-founded Poncho, a personal lines agency InsurTech startup, and was a venture investor at FJ Labs. Mike has an MBA from Harvard Business School and engineering degrees from Virginia Military Institute and MIT.
Phil is the founder and CEO of Corvus. A 30+ year insurance veteran, Phil co-founded broker William Gallagher Associates (acquired by Arthur J Gallagher in 2015) and was an active leader in both the Worldwide Broker Network and Council of Insurance Agents and Brokers. Phil is the Managing Partner of Edmus Ventures where he invests in InsurTech companies including Verifly, Wellthie, Agentero, and Cover Wallet, and serves on the board of Cover Wallet.