View From The Nest: Welcoming Amanda Stantzos

We love to see the Corvus Flock continue to grow, and today we welcome Amanda Stantzos.

Amanda comes to Corvus from NAS Insurance Services, where she was Assistant Vice President of Underwriting, specializing in Cyber Liability and Technology E&O. As VP of Cyber Underwriting at Corvus, she’ll continue her focus in the fast-changing and complex area of cyber risk.

She will be working brokers across the Midwest as she leads the establishment of the latest Corvus “nest” in Chicago, which she refers to as “the greatest city!” – her adopted home after transplanting from Southern California. The office is our sixth and comes after we recently launched in Atlanta and Dallas, as well as Los Angeles early this year. With the Chicago office, we are able to better serve brokers in every region of the U.S.

 One trend Amanda sees in the Cyber insurance market is the automation of SME risks. “As more data becomes available to insurers, we will be able to quickly offer proposals and provide additional solutions. In the coming year, we will see more value-add services being offered to Insureds. Cyber markets are now viewed as partners, not just policies.”

Before starting her insurance career at NAS, Amanda earned a Bachelors Degree in Finance at California State University, Northridge. One of her biggest hobbies (or perhaps obsessions, as she puts it) is Barry’s Bootcamp. She makes a point to find the closest Barry’s studio to take a class whenever and wherever she travels.

The opportunity at Corvus excited Amanda because she has seen how technology can empower brokers, underwriters, “and above all the Insureds.” She is excited to join an innovative and creative group and can’t wait to help reinvent the cyber insurance market.

Interested in speaking with Amanda and Corvus? We’d love to get in touch. Contact us here!

View From The Nest: Welcoming Peter Hedberg

Peter Hedberg has more than 15 years of insurance industry experience, with a specialty in Cyber and Tech E&O lines. Today, it’s our privilege to welcome him as part of the Corvus “Flock” and to introduce him as VP of Cyber Underwriting. He will lead our New York nest, working with brokers across the Northeast region.

A Minnesota native, Peter started his career by working his way from IT intern to the position of cyber broker at Hays Companies over the course of ten years. He has spent the past 6 years based in New York City, first growing Hiscox USA’s business in the Northeast region as Assistant Vice President and more recently managing the tech and cyber side of NAS Insurance Services (now Tokio Marine HCC) as Vice President.  

Peter is excited to join a startup that is working to reinvent commercial insurance. Over his years at established carriers, he has been “fighting long ingrained procedural norms” in the insurance industry, which for him is what makes this new opportunity at Corvus so invigorating. As he puts it “I’m now on the front line of reshaping this industry. The possibilities are so exciting.”

Peter’s career background gives him insight into how to empower brokers to help their policyholders navigate the complex area of cyber risk. He hopes that in serving our clients he can be an advocate for “the sustainable and lucrative benefits of being value-focused” as a broker.    

Although his work primarily keeps him on the east coast, in his free time Peter loves to head back to his cabin in northern Minnesota where he enjoys the outdoors with his son Magnus and wife Bri. With an education in business, English, and history, Peter’s truly passionate about what he refers to as “the bloodsport of public policy” and will readily engage in relevant discussion.

Interested in speaking with Peter and Corvus? We’d love to get in touch. Contact us here!

View from the Nest: Welcoming Joel Fehrman and the Atlanta Office

Today we’re thrilled to be welcoming Joel Fehrman, VP of Cyber Underwriting, to the Corvus Flock, as well as announcing another “nest” for Corvus in Atlanta.

Based in our new Atlanta office, Joel comes to Corvus with an extensive background in technology and insurance underwriting. He spent the first nine years of his professional career in the technology industry with a leading supply chain software company before pursuing his MBA and transitioning into Technology E&O and Cyber Liability insurance. He spent the next nine years as an underwriter at CNA, XL, and Beazley.

Joel is excited to join Team Corvus. “I think this is an exciting time in insurance where technology is converging with a traditionally slow-to-change business model,” he says. “Corvus understands and utilizes the advantages that technology can bring to brokers, insureds, and underwriters. Corvus is doing this within the current distribution structure, which I believe provides a critical and often underappreciated value-add to insureds.”

Joel currently lives in Atlanta with his “awesome” wife Maggie and “the Pack” – their three rescue dogs. He’s been living in the Atlanta area for nearly 20 years after attending Georgia Tech, though growing up he lived in places as varied as California, Japan, Ohio and Las Vegas. Outside of work you can find Joel mountain biking, cheering on Georgia Tech and Cincinnati Bengals football, or partaking in hobbies like clay shooting, darts, and amateur motorsports.

With the addition of Joel and the Atlanta office, Corvus now operates in five locations—with Atlanta joining New York, Los Angeles, Dallas, and our headquarters in Boston. We’re excited to be putting down roots in the southeast!

Please join us in welcoming Joel. 

Cyber Risks vs. Insurance: Where do they intersect?

Some commercial insurance categories map intuitively to the vulnerabilities that could trigger them. Not having a sprinkler system increases the risk of catastrophic fire, and such a fire in a factory will clearly cause loss of property and interruption to business operations. It’s easy to draw the line from sprinklers to property and BI risk. 

Other times, risks themselves can be hard to understand, and therefore hard to map to insurance exposure. Even if you know something about a company’s IT vulnerabilities, it can be hard to know exactly how, for an example, a poor software patching regimen impacts the threat of ransomware and therefore potential losses resulting from dealing with a ransom situation. What is software patching, anyway?  

Risk Exposures: Explained

Making matters worse, many IT security exposure categories map to multiple possible insurance risks. To make sense of these complicated interactions, we put together a document that provides a basic overview of how common IT exposure categories map to insurance risks. See the first page our infographic here, and download the full PDF to see the second page with deeper explanations.

 

The Corvus Scan identifies eight primary categories of risk exposure: Software Patching, Web Encryption, Email Security, Web Applications, Threat Intelligence, Defensibility, System Hosting, and DNS Security.

Our infographic explains how all of these eight categories may potentially relate to an insurance policy. For instance, poor email security can lead to a bad actor gaining access to an organization’s sensitive information. Poor system hosting might allow a hacker to shut down an organization’s website, leading to an interruption of business. It’s all connected, and it all goes back to your risk exposure. Click to see more.

Click here to access the document and learn all about how the Corvus Scan can help you mitigate your risk exposure!

Getting to know the Corvus Scan

If you work with Corvus, you know that the Corvus Scan is a critical part of what makes our Smart Cyber Insurance policies work. It’s what enables us to quickly provide customized price and coverage options for brokers and helps to make our form one of the shortest in the industry.

What you might not know is exactly what goes into each scan, behind the scenes. 

How the Corvus Scan works

The Corvus Scan is a non-invasive test of an organization’s web-facing assets. Since it doesn’t involve penetrating an organization’s IT systems, we don’t require a password or any special access. All of the information we need is out in the open — you just have to know where to look, and what to do with it.

Finding out where that information is — all of the IT “exposure” the organization has in terms of infrastructure they own or use — is what takes place in the first phase of the scan: the Discovery phase. After that, the Testing phase involves running vulnerability tests against the assets that have been identified in order to assess security.

Corvus Scan Infographic

Finally, the results of the tests are aggregated and weighted appropriately given their severity. And once the policy is in effect, further monitoring takes place on a continuous basis. If any external events occur that may jeopardize the organization, they will be notified. This all takes place during the Recommendations and Ongoing Monitoring phase.

While those are the basics, many brokers and policyholders we talk to are interested in getting deeper into what goes into the scan. That’s why we created a document that covers it all: from how the scan works, to the three phases in the scan process, and how the results are turned into our Dynamic Loss Prevention Reports.

Click here to access the Corvus Scan overview and learn all about the scan!

Cyber

Smart Cyber Insurance and The Evolution of Cyber Risk

Massive retail data breaches, state-sponsored malware attacks, and the mishandling of sensitive information by the world’s largest companies have kept cyber risk in the headlines for the greater part of the last decade. Digitization has forced even smaller organizations to consider a wide variety of both internal and external threats to data security. The self-contained enterprise is a thing of the past, as more companies rely on third party vendors for services related to data storage, web hosting, IT security management, logistics and more. While these providers have allowed companies to operate more efficiently, cyber exposures have increased as a result. It’s no wonder cyber liability coverage has received much of the recent attention in the commercial insurance world.

Nearly 15 years ago, the earliest versions of stand-alone cyber policies would only cover third-party liability arising from the wrongful release of confidential information. Expenses related to first-party breach notification costs, digital forensics, data destruction, and contingent business interruption were not typically addressed. Not only was the coverage limited, but the underwriting process was arduous as insureds were forced to complete lengthy applications, supplemental questionnaires, and teleconferences to discuss the details of their IT security. Carriers offered few proactive risk management services, forcing insureds to incur additional expenses if they needed guidance on IT security best practices.

While insurers have made progress broadening the scope of cyber coverage, unfortunately many of the outdated methods of underwriting remain commonplace and carrier loss prevention advice is often inadequate.

At Corvus, we take a vastly different approach to underwriting and risk management. We believe in leveraging the best technology to assist our policyholders proactively address cyber risk. Rather than relying on prolonged applications with limited value, we use non-invasive web scans as part of the underwriting process and we provide our customers with meaningful insight into their IT security performance. At the time of quoting and throughout the policy period, we deliver a detailed analysis of the insured’s security operations with concise, risk-prioritized recommendations to resolve critical vulnerabilities. We red-flag IT supply chain issues and we offer meaningful business intelligence reports to insureds that are serious about confronting cyber risk head-on. Policyholders have access to a number of resources to help strengthen their IT security posture, including sample IT security policies, online privacy training, and a directory of pre and post breach experts. We call this process as Dynamic Loss Prevention™.

More precise underwriting means improved coverage and competitive premiums as well. Insureds with the strongest IT security controls are eligible for broad-form first and third party coverage, including extensions for blanket contingent business interruption triggered by cyber perils, system failure, reputational loss, social engineering, ransomware, and much more.

Our mission at Corvus is to arm commercial insurance brokers and our policyholders with the best available tools to tackle cyber risk from all angles. A modern and dynamic solution is required to address a constantly evolving risk landscape. This tech-enabled, holistic approach to risk management is what we call Smart Cyber Insurance™.