View from the Nest: Welcoming Joel Fehrman and the Atlanta Office

Today we’re thrilled to be welcoming Joel Fehrman, VP of Cyber Underwriting, to the Corvus Flock, as well as announcing another “nest” for Corvus in Atlanta.

Based in our new Atlanta office, Joel comes to Corvus with an extensive background in technology and insurance underwriting. He spent the first nine years of his professional career in the technology industry with a leading supply chain software company before pursuing his MBA and transitioning into Technology E&O and Cyber Liability insurance. He spent the next nine years as an underwriter at CNA, XL, and Beazley.

Joel is excited to join Team Corvus. “I think this is an exciting time in insurance where technology is converging with a traditionally slow-to-change business model,” he says. “Corvus understands and utilizes the advantages that technology can bring to brokers, insureds, and underwriters. Corvus is doing this within the current distribution structure, which I believe provides a critical and often underappreciated value-add to insureds.”

Joel currently lives in Atlanta with his “awesome” wife Maggie and “the Pack” – their three rescue dogs. He’s been living in the Atlanta area for nearly 20 years after attending Georgia Tech, though growing up he lived in places as varied as California, Japan, Ohio and Las Vegas. Outside of work you can find Joel mountain biking, cheering on Georgia Tech and Cincinnati Bengals football, or partaking in hobbies like clay shooting, darts, and amateur motorsports.

With the addition of Joel and the Atlanta office, Corvus now operates in five locations—with Atlanta joining New York, Los Angeles, Dallas, and our headquarters in Boston. We’re excited to be putting down roots in the southeast!

Please join us in welcoming Joel. 

Cyber Risks vs. Insurance: Where do they intersect?

Some commercial insurance categories map intuitively to the vulnerabilities that could trigger them. Not having a sprinkler system increases the risk of catastrophic fire, and such a fire in a factory will clearly cause loss of property and interruption to business operations. It’s easy to draw the line from sprinklers to property and BI risk. 

Other times, risks themselves can be hard to understand, and therefore hard to map to insurance exposure. Even if you know something about a company’s IT vulnerabilities, it can be hard to know exactly how, for an example, a poor software patching regimen impacts the threat of ransomware and therefore potential losses resulting from dealing with a ransom situation. What is software patching, anyway?  

Risk Exposures: Explained

Making matters worse, many IT security exposure categories map to multiple possible insurance risks. To make sense of these complicated interactions, we put together a document that provides a basic overview of how common IT exposure categories map to insurance risks. See the first page our infographic here, and download the full PDF to see the second page with deeper explanations.

 

The Corvus Scan identifies eight primary categories of risk exposure: Software Patching, Web Encryption, Email Security, Web Applications, Threat Intelligence, Defensibility, System Hosting, and DNS Security.

Our infographic explains how all of these eight categories may potentially relate to an insurance policy. For instance, poor email security can lead to a bad actor gaining access to an organization’s sensitive information. Poor system hosting might allow a hacker to shut down an organization’s website, leading to an interruption of business. It’s all connected, and it all goes back to your risk exposure. Click to see more.

Click here to access the document and learn all about how the Corvus Scan can help you mitigate your risk exposure!

Getting to know the Corvus Scan

If you work with Corvus, you know that the Corvus Scan is a critical part of what makes our Smart Cyber Insurance policies work. It’s what enables us to quickly provide customized price and coverage options for brokers and helps to make our form one of the shortest in the industry.

What you might not know is exactly what goes into each scan, behind the scenes. 

How the Corvus Scan works

The Corvus Scan is a non-invasive test of an organization’s web-facing assets. Since it doesn’t involve penetrating an organization’s IT systems, we don’t require a password or any special access. All of the information we need is out in the open — you just have to know where to look, and what to do with it.

Finding out where that information is — all of the IT “exposure” the organization has in terms of infrastructure they own or use — is what takes place in the first phase of the scan: the Discovery phase. After that, the Testing phase involves running vulnerability tests against the assets that have been identified in order to assess security.

Corvus Scan Infographic

Finally, the results of the tests are aggregated and weighted appropriately given their severity. And once the policy is in effect, further monitoring takes place on a continuous basis. If any external events occur that may jeopardize the organization, they will be notified. This all takes place during the Recommendations and Ongoing Monitoring phase.

While those are the basics, many brokers and policyholders we talk to are interested in getting deeper into what goes into the scan. That’s why we created a document that covers it all: from how the scan works, to the three phases in the scan process, and how the results are turned into our Dynamic Loss Prevention Reports.

Click here to access the Corvus Scan overview and learn all about the scan!

Cyber

Smart Cyber Insurance and The Evolution of Cyber Risk

Massive retail data breaches, state-sponsored malware attacks, and the mishandling of sensitive information by the world’s largest companies have kept cyber risk in the headlines for the greater part of the last decade. Digitization has forced even smaller organizations to consider a wide variety of both internal and external threats to data security. The self-contained enterprise is a thing of the past, as more companies rely on third party vendors for services related to data storage, web hosting, IT security management, logistics and more. While these providers have allowed companies to operate more efficiently, cyber exposures have increased as a result. It’s no wonder cyber liability coverage has received much of the recent attention in the commercial insurance world.

Nearly 15 years ago, the earliest versions of stand-alone cyber policies would only cover third-party liability arising from the wrongful release of confidential information. Expenses related to first-party breach notification costs, digital forensics, data destruction, and contingent business interruption were not typically addressed. Not only was the coverage limited, but the underwriting process was arduous as insureds were forced to complete lengthy applications, supplemental questionnaires, and teleconferences to discuss the details of their IT security. Carriers offered few proactive risk management services, forcing insureds to incur additional expenses if they needed guidance on IT security best practices.

While insurers have made progress broadening the scope of cyber coverage, unfortunately many of the outdated methods of underwriting remain commonplace and carrier loss prevention advice is often inadequate.

At Corvus, we take a vastly different approach to underwriting and risk management. We believe in leveraging the best technology to assist our policyholders proactively address cyber risk. Rather than relying on prolonged applications with limited value, we use non-invasive web scans as part of the underwriting process and we provide our customers with meaningful insight into their IT security performance. At the time of quoting and throughout the policy period, we deliver a detailed analysis of the insured’s security operations with concise, risk-prioritized recommendations to resolve critical vulnerabilities. We red-flag IT supply chain issues and we offer meaningful business intelligence reports to insureds that are serious about confronting cyber risk head-on. Policyholders have access to a number of resources to help strengthen their IT security posture, including sample IT security policies, online privacy training, and a directory of pre and post breach experts. We call this process as Dynamic Loss Prevention™.

More precise underwriting means improved coverage and competitive premiums as well. Insureds with the strongest IT security controls are eligible for broad-form first and third party coverage, including extensions for blanket contingent business interruption triggered by cyber perils, system failure, reputational loss, social engineering, ransomware, and much more.

Our mission at Corvus is to arm commercial insurance brokers and our policyholders with the best available tools to tackle cyber risk from all angles. A modern and dynamic solution is required to address a constantly evolving risk landscape. This tech-enabled, holistic approach to risk management is what we call Smart Cyber Insurance™.