This article was produced in partnership with Tokio Marine HCC - Cyber & Professional Lines Group (CPLG)
Karen Surca, of Insurance Business America, sat down with Kelly Bailey, Manager, Cyber Product & Technology Innovation with Tokio Marine HCC - Cyber & Professional Lines Group (CPLG) to discuss the ongoing cyber security threat and the ways in which underwriting for cyber insurance has addressed the underlying issues.
Whether you are an employee working at home on the company laptop, or a large-scale insurance provider with a well-implemented cybersecurity infrastructure, we are all at risk of the ongoing threat of cybersecurity breaches.
The sophistication and complexity of cyber breaches have intensified, leaving the digital infrastructures of insurance companies vulnerable to attack.
Tokio Marine HCC – Cyber & Professional Lines Group (CPLG), a member of the Tokio Marine HCC group of companies based in Houston, Texas, addresses inherent risk, and provides support, education, and cyber insurance liability coverage for its insureds.
Kelly Bailey (pictured), Manager, Cyber Product & Technology Innovation, equips insureds with the right tools to fight the cyberwar - this is at the top of her initiatives.
“We emphasize a holistic approach of supporting insureds from the start of when we first see the risk all the way throughout their policy period,” Bailey stated.
“I have the privilege of working with our underwriting and cyber threat intelligence teams to ensure that brokers and insureds alike are aware of, and taking advantage of, all the offerings that our cyber insurance policy has available to them.”
To attack cybersecurity issues head-on, Bailey explained, it is important to look at protecting insureds using an approach that helps to prevent an incident, actively monitor situations, and provide ongoing support and advice. CPLG works with leading cybersecurity vendors and utilizes in-house solutions to help their insureds secure their network.
Read next: Cyber insurance shoots up by 35%
The group encourages its insureds to install Endpoint Detection and Response (EDR) software, which protects against new threats and prevents ransomware from spreading throughout the network, and to use Multi-Factor Authentication (MFA) to secure all remote access to their network.
“From an organizational perspective, we have a robust form that helps insureds in the event of any number of cyber incidents, such as, but not limited to: wire transfer fraud, social engineering, a third-party claim, or ransomware. These are samples of different first- and third-party claims that are covered under the policy,” Bailey outlined.
“We also have a 24/7 claims hotline in the event an insured suffers a cyber breach or ransomware attack and needs immediate assistance. All of our insureds have access to free online training, phishing trainings, and simulation, and compliance materials to be protected and prepared.”
CPLG also assists all of its insureds with updates relating to potential security and vulnerability concerns.
“Leveraging advanced in-house tools, we also do continuous scanning throughout the policy period to keep the insured aware of vulnerabilities,” Bailey stated.
“Our insureds come from different backgrounds and industries and have different levels of security they may manage in-house or through a managed security provider,” she pointed out. “Our objective is to help our insureds get ahead of a [cyber incident] and support them throughout their policy period.”
An ongoing pandemic, a large global remote workforce and a concerning conflict in Ukraine have all served to change the cyber insurance landscape in recent times.
“I would say that over the last year we’ve seen a dramatic shift towards leveraging new tools throughout the policy period,” Bailey said.
“A lot of insureds may not even be aware of the vulnerabilities they were exposed to in the last 12 months. As their cyber carrier, it is our duty to provide them with the most up-to-date information using proprietary technology to conduct non-intrusive vulnerability scans.
“[As underwriters] we need to provide our insureds with timely, accurate, and concise information. We have the privilege of being on the frontline, ahead of these attacks, and to communicate with our insureds and their brokers.”
Bailey mentioned that underwriting had to adapt to the rapidly shifting needs of the cyber insurance market over the last year.
“We are no longer only reviewing controls for specific entities based on size or industry, but are encouraging, and sometimes requiring, high priority controls such as MFA and EDR be implemented,” she highlighted.
“Also, we have seen a dramatic increase in cybersecurity knowledge across the industry which is favorable for the policyholder, the broker, and ourselves as the carrier.”
Taking every precaution, being prepared, ensuring Multi-Factor Authentication (MFA) is in place, and verifying backups are working sufficiently all come to play in the fight against cybercrime. One obstacle to the adoption of these pertinent tools could be misunderstandings around the likelihood of falling victim to an attack.
“One of the biggest misconceptions is that ‘it will never happen to me’,” Bailey noted.
“Many insureds felt that they were not a target. That was unfortunately proven to not be true.”
Unless insureds are taking an approach of leveraging training and additional security controls “it won’t be a matter of if something happens, but when,” she added.
CPLG’s goal is to help insureds improve their cybersecurity posture through education and by offering proactive and preventative solutions that augment their existing security approach.
Kelly Bailey, Manager, Cyber Product & Technology Innovation, is focused on growing and refining Tokio Marine HCC - Cyber & Professional Lines Group's cyber digital distribution channels, non-intrusive security scans, and other in-house technology solutions that improve risk selection and strengthen CPLG's underwriting profitability. Leveraging her background in Cyber and Technology E&O underwriting and closely collaborating with the Cyber Threat Intelligence team, she aims to bridge the gaps between Insureds, brokers, and underwriters, all of whom are equally aligned in protecting Insureds from potentially catastrophic cyber incidents.