The Management Series

To sign up for our newsletter, please click here.

Oct 2017

Attack Simulator Can Test Readiness, Risk

Steep losses, careless businesses and sophisticated criminals mean cyber insurers have to take defensive steps.

The growing threat of cyber attacks on businesses like the breach at Equifax and the global Wanna Cry ransomware attack make a powerful case for companies to have cyber insurance. But security analysts say that insurers, in turn, have to make sure that they are protected from poor security practices of their clients.

Eyal Wachsman, CEO of Israel-based cyber security firm Cymulate, told Insurance Business Asia that the insurance industry generally relies on clients and potential clients to self-report their cyber security procedures and the software and hardware they use in questionnaires and through time-consuming  onsite inspections.

Cymulate, founded last year by former Israeli Defense Forces intelligence officers and experienced cyber researchers, has developed a simulation platform that can test the defenses of a company and report on their sturdiness, Wachsman said in the article, which was highlighted in the Council’s Cyber Spotlight newsletter.

“The value from such technology is that insurers are able to know within a few hours if they should provide coverage to an applicant based on demonstrated risk, how much coverage to provide the applicant without putting insurers at risk, and how much in premiums to charge based on an accepted risk score provided after the assessment,” Wachsman said.

Cyber insurance is a young insurance line with terms, conditions and practices that are being refined and can be open to challenge, which is clearly reflected by recent federal court rulings in two cases that were rooted in similar types of computer fraud but had entirely different outcomes.

Insurance recovery law firm Miller Friel briefly recounts the two incidents of fraud and examines the implications of the two court decisions in the blog “Computer Fraud: Two Similar Scams, Two Very Different Insurance Outcomes.” Both cases involved “spoofing” scams (fraudulent use of emails made to look like they are from official or business representatives) but courts ruled in favor of the insurer in one case and not in the other because:

“In the end, specific facts of the claims, slight differences in policy wording, and even the forum in which the cases are heard, can be the difference between a covered claim and a large cyber loss borne by an insured business,” Miller Friel said.

Insurance coverage “should be negotiated to cover current scams, taking into account recent insurance decisions as well,” the firm said. “Understanding how computer fraud coverage interacts with other types of cyber crime policies is also essential, because as these types of coverage mature the Courts can severely limit their application in the real world.”

For more on cyber coverage trends, read the latest Leader’s Edge cyber column from Jody Westby, CEO of Global Cyber Risk.

comments powered by Disqus