Category Archives: Cyber Insurance

The latest risk management news about cyber insurance.

Immediate Vault Immediate Access

Marsh Tracks Top Captive Trends

Posted on by

The number of captive insurers continues to increase globally, from 5,000 in 2006 to more than 7,000 in 2016. Once formed primarily by large companies, the captive market has opened up to mid-size and small businesses. The industry is also seeing a trend in companies forming more than one captive, using them for cyber, political risk and other exposures, according to a recent Marsh report, Captives at the Core: The Foundation of a Risk Financing Strategy.

Organizations are seeing disruptions in a number of areas and are relying more on their existing captives, Marsh said. Because of their flexibility, captives are also being used to respond to market cycles and organizational changes such as mergers and acquisitions.

While North America and Europe still dominate in numbers of captives, other regions have shown more interest in the past three years. In Latin America, captive formation increased 11% in 2016, the study found.

Within the United States, there is more competition among domiciles and some of the newer domiciles are experiencing growth. The top-growing U.S. domiciles in 2016 were Texas, Connecticut, Nevada, New Jersey, Tennessee, and New York. Domiciles outside the U.S. seeing the most growth include Sweden, Guernsey, Singapore, Malta, and the Cayman Islands.
As organizations’ exposures increase in number, complexity and severity, shareholder funds generated by captives are becoming more important. According to Marsh:

For many clients, captives are at the core of their risk management strategy, going beyond the financing of traditional property/casualty risks.

Specifically, we are seeing an increase in parent companies using captive shareholder funds to underwrite an influx of new and non-traditional risks, including cyber, supply chain, employee benefits, and terrorism, as well as to develop analytics associated with these risks and fund other risk management initiatives.

Risk management projects funded by captive shareholder funds in 2016 included initiatives to determine capital efficiency and optimal risk retention levels in the form of risk-finance optimization; quantify cyber business-interruption exposures; accelerate the closure of legacy claims; and improve workforce and fleet safety/loss control policies.

For example, Marsh-managed captives used to address cyber liability increased by 19% from 2015 to 2016. Since 2012, in fact, cyber liability programs in captives have skyrocketed 210%.
“We expect to see a continued increase, driven in part by companies that are already strong captive users and by those that may have difficulty insuring their professional liability risks,” Marsh said.

Ransomware Attacks Increase, With U.S. the Primary Target

Posted on by

Ransomware attacks constituted the greatest cybercrime danger in 2016 as the volume and value of attacks rose sharply, according to a new report from internet security firm Symantec.

“Attackers have honed and perfected the ransomware business model, using strong encryption, anonymous Bitcoin payments, and vast spam campaigns to create dangerous and wide-ranging malware,” according to “Internet Security Threat Report (ISTR), April 2017.”

The average ransom amount involved in such attacks jumped 266% to $1,077 during 2016 from just $294 in 2015. Symantec also found that frequency increased, with detection of ransomware up 36% to 463,000 from 340,000 in 2015; or 1,271 per day in 2016 compared to 933 per day in 2015.

The United States saw the largest share of these attacks by far at 34%, followed by Japan (9%) and Italy (7%). “The statistics indicate that attackers are largely concentrating their efforts on developed, stable economies,” Symantec said. Further, research from Norton Cyber Security Insight team said that 34% of those attacked will pay the ransom, but that figure jumps to 64% for U.S. victims, “providing some indication as to why the country is so heavily targeted,” the Symantec report said.

Another indicator of rising ransomware activity is the tripling of new families of ransomware to 101 in 2016 from just 30 in both 2105 and 2014. While the number of new variants (distinct variants of existing ransomware families) declined 29% to 241,000 from 342,000 in 2015, this “suggests that more attackers are opting to start with a clean slate by creating a new family of ransomware rather than tweaking existing families by creating new variants,” the report said.

The proportion of ransomware infections on consumer computers rose only marginally to 69% from 67% in 2015 as the rate of infections for enterprise and other organizations dropped accordingly to 31% from 33% in 2015. Consumer infections totaled between 59% and 79% for every month except December, when they fell to 51%.

Beyond the top threat of ransomware, the report discusses exposures including “New frontiers: Internet of Things, mobile, & cloud threats,” and has a section that lists multiple challenges from malware, spam and phishing via email. Email, for example, was a major avenue of attack in 2016, “used by everyone from state- sponsored cyber espionage groups to mass-mailing ransomware gangs,” it said, adding that one in 131 sent during 2016 were malicious, the highest incidence in five years.

Symantec also discusses a few of the largest cybercrimes of the year, including the theft of $81 million from the central bank of Bangladesh and alleged tampering with the U.S. electoral process. “Cyber attackers revealed new levels of ambition in 2016, a year marked by extraordinary attacks, including multi-million dollar virtual bank heists, overt attempts to disrupt the US electoral process by state-sponsored groups, and some of the biggest distributed denial of service (DDoS) attacks on record,” according to the report.

Despite the apparent rising threat level portrayed in the report, the cyber insurance landscape remains untamed, Risk Management Magazine reported in April. Potential customers would be wise to educate themselves prior to approaching the market.

Insurance Rate Declines Moderate as Cyber Shines

Posted on by

Global insurance rates declined for the 15th consecutive quarter, remaining competitive for most of 2016, according to the Marsh Global Insurance Market Index, Q4, 2016, which tracks industry data.

Insurance rate decreases moderated in the fourth consecutive quarter as global property rates continue to drop at a greater rate than other lines, mainly due to overcapacity and a lack of insured losses, according to the report.

“The last quarter of 2016 marked the 15th consecutive quarter in which average rates declined, largely due to a market with an oversupply of capacity from traditional and alternative sources and a lack of significant catastrophe losses,” Dean Klisura, global industry specialties and placement leader at Marsh, said in a statement.

After peaking at a 5% global quarterly rate of decline during the fourth quarter of 2015, that rate moderated throughout 2016. “The fourth quarter of 2016 marked an entire year (four consecutive quarters) in which the average rate of decline for global insurance rates moderated—a first since Marsh initiated the index in 2012,” says the report.

Worldwide, rates declined by 3.1% while the U.K. and Continental Europe saw the greatest regional drops at 4.8% and 4.2% respectively. Latin America saw the smallest regional drop at just 0.5% as the U.S., Asia and Pacific regions hovered midway with declines of 3.0%, 2.7% and 2.2%, respectively.

By business line, global casualty lines had the slowest rate decline at 1.9%, followed by Marsh’s Global FinPro (financial and professional) at 3.0% and then global property with the largest decline of 4.2%. U.S. rate declines reflected global figures with U.S. casualty rates declining in the fourth quarter at a rate of 2.1%, U.S. FinPro at 2.5% and U.S. property at 4.8%.

By contrast, the Marsh report tracked rising U.S. cyber liability rates, up 1.4% for Q4 2016, which was actually the smallest increase since rates started rising in Q3 2014 at a rate of 4.8% before peaking at 20.0% in Q2 2015, then beginning a steady decline toward the latest quarter. Despite steadily rising cyber liability rates, the report notes that “the number of clients purchasing cyber insurance increased 25% from 2015 to 2016 across all industries, with the greatest overall take-up in healthcare, communications, media and technology.”

Insurance markets in the U.K. and Continental Europe remain competitive, the report said, as Latin American casualty and financial and professional liability rates increased. Casualty rate increases were largely due to rising auto insurance prices, particularly in Colombia and Mexico, where Marsh says it has a large market share.

Some rates in the Pacific region notched increases, with casualty rates up 0.4% and financial and professional liability rates up 1.7%. Asia’s commercial insurance market remains competitive, according to the report.

While the report appeared to paint an overall picture of industry-wide softness, there was some suggestion of a turn in the tide. “Early indications that capacity may be moderating and that combined ratios may be increasing could be harbingers of looming rate increases as carriers seek to boost profitability and keep combined ratios below 100%,” Marsh says in its report.

In addition to looking back with its rates report, Marsh also takes a look forward in its “U.S. Financial and Professional Market in 2017: Our Top 10 List.” The company states that decreases in the directors and officers insurance market, continue “nine straight quarters of rate decreases.”

The Top 10 list goes on to say that cyber insurance will evolve as “risk professionals will need to address evolving cyber risks across multiple platforms,” and adds that financial and technology industries are converging at an increasing pace. “Financial companies will increasingly see exposures that were historically the domain of the technology industry,” it says.

In its “Casualty Insurance Outlook: Good News for Buyers in 2017,” Marsh says 2017 is “generally a buyer’s market for casualty insurance buyers, who typically are seeing strong competition and ample capacity for most casualty lines.”

10 Lessons Learned from Breach Response Experts

Posted on by

SAN FRANCISCO—As hacking collectives target both the public and private sectors with a wide range of motivations, one thing is clear: Destructive attacks where hackers destroy critical business systems, leak confidential data and hold companies for ransom are on the rise. In a presentation here at the RSA Conference, the nation’s largest cybersecurity summit, Charles Carmakal and Robert Wallace, vice president and director, respectively, of cybersecurity firm Mandiant, shared an overview of some of the biggest findings about disruptive attacks from the company’s breach response, threat research and forensic investigations work.

In their Thursday morning session, the duo profiled specific hacking groups and the varied motivations and tactics that characterize their attacks. Putting isolated incidents into this broader context, they said, helps companies not only understand the true nature of the risk hackers can pose even in breaches that do not immediately appear to target private industry.

online pharmacy tobradex with best prices today in the USA

One group, for example, has waged “unsophisticated but disruptive and destructive” against a number of mining and casino enterprises in Canada. The hackers broke into enterprise systems, stole several gigabytes of sensitive data and published it online, created scheduled tasks to delete system data, issued ransom requests, and even emailed executives and board members directly to taunt them about the data exposed and increase the pressure to pay. Further increasing that pressure, the group is known to contact journalists in an attempt to publicize the exposed data. Victims have endured outages for days while trying to recover data from backups, and some have paid the ransoms, typically requested in the range of $50,000 to $500,000 in bitcoin.

Mandiant refers to this group as Fake Tesla Team because the hackers have tried to seem a more powerful and compelling threat by claiming they are members of Tesla Team, an already existing group that launches DDoS attacks. As that group is thought to be Serbian, they have little reason to target Canadian entities, and indeed, the bits of Russian used by Fake Tesla Team appears to be simply translated via Google.

In all of the group’s attacks that Mandiant has investigated, the hackers had indeed gained system access and published data, but they exaggerated their skills and some of the details of access. Identifying such a group as your attacker greatly informs the breach response process based on the M.O. and case history, Mandiant said. For example, they know the threat is real, but have seen some companies find success in using partial payments to delay data release, and they have found no evidence that, after getting paid, the collective does anything else with the access they’ve gained.

Beyond considerations of specific hacking groups or their motivations, Carmakal and Wallace shared the top 10 lessons for addressing a breach Mandiant has distilled from countless investigations:

  1. Confirm there is actually a breach: make sure there has been a real intrusion, not just an empty threat from someone hoping to turn fear into a quick payday.
  2. Remember you face a human adversary—the attacker attempting to extort money or make other demands is a real person with emotional responses, which is critical to keep in mind when determining how quickly to respond, what tone to take, and other nuances in communication. Working with law enforcement can help inform these decisions.
  3. Timing is critical: The biggest extortion events occur at night and on weekends, so ensure you have procedures in place to respond quickly and effectively at any time.
  4. Stay focused: In the flurry of questions and decisions to make, focus first and foremost on immediate containment of the attack.
  5. Carefully evaluate whether to engage the attacker.
    online pharmacy zydena with best prices today in the USA

  6. Engage experts before a breach, including forensic, legal and public relations resources.
    buy vardenafil online https://galenapharm.com/pharmacy/vardenafil.html no prescription
  7. Consider all options when asked to pay a ransom or extortion demand: Can you contain the problem, and can you do so sooner than the attack can escalate?
  8. Ensure strong segmentation and control over system backups: It is critical, well before a breach, to understand where your backup infrastructure is and how it is segmented from the corporate network. In the team’s breach investigations, they have found very few networks have truly been segmented, meriting serious consideration from any company right away.
  9. After the incident has been handled, immediately focus on broader security improvements to fortify against future attacks from these attackers or others.
  10. They may come back: If you kick them out of your system—or even pay them—they may move on, perhaps take a vacation with that ransom money, but they gained access to your system, so remember they also may come back.