Tech

Business Activity Risk Profiling vs Scaremongering Will Increase Your Cyber Insurance uptake

The key to engaging with a potential client to discuss and provide cyber-risk insurance is to approach the discussions from their real business activities’ needs rather than any generalised knowledge they have gleaned from recent cyber-security threats or events reported in the national broadcast and newspaper media.

For example, most retail brokers engage too early in conversations about ‘hacking’, ‘denial of service’, ‘phishing’ and ‘social engineering’ and such like. As important as these topics are, it can often lead to a conclusion that the potential client has not been directly affected by these matters to date, therefore, they don’t need cover. Don’t forget the basic premise of insurance – it provides security for the future!

Our extensive experience at Node International, particularly in the USA and Europe, clearly tells us that the correct, and more successful, approach is to start with an evaluation of the potential client’s business activities.

For examples, each of these activities has a cyber-risk profile so even though the potential client has not dealt with (say) a denial of service attack, the fact that over 80% of their business depends upon an ecommerce website highlights the substantial cyber-risk. Or they are highly dependent on a supply chain and/or contractor, of which they know little about their cyber-risk policies, again highlighting their potential cyber-risk through the failures of others.

Taking this business activities profiling approach is a very logical systematic approach that engages the potential client. It is also quite simple to conduct. Start with a conversation about ‘mapping’ the high priority business activities and start introducing the question, ‘’What happens if…’’ Think of it as an ‘heat map’ of the business. When viewed overall, the client then sees the totality of cyber-risk they face. Then, the most effective cover can be assessed and priced accordingly.

It’s important not to think of early conversations as ‘selling cyber-insurance’ but providing an expert and value-added service to the clients. It is likely that they know very little about cyber-security and cyber-risk so building up the ‘heat map’ though sensible discussion helps the client. Nowadays, ‘helping the client to buy’ is far more effective than ‘selling’.

This is where Node International scores highly. As a wholesale broker and underwriter at Lloyds of London you can tap into our expertise and assistance. For example, by talking to one of our brokers before you go and see a client could help you tremendously. Even if you have never used Node International before, our brokers and underwriters are here to help you build your business.

Finally, lets step back a little. In the last two decades there has been a huge increase in businesses that are now dependent upon their technologies and digital capability. And, of course, the constant threat scenarios they face each day. From our experience, literally 99% of modern businesses (from small to large across all sectors) face at least one cyber-risk in their ‘heat map’. In effect, every business call you make is a potential satisfied client providing you approach it correctly and have a ‘value-added service’ at the forefront of your mind. As mentioned before, we can assist you with this essential skill.

Tech

WHY AREN’T MORE BUSINESSES BUYING CYBER INSURANCE & WE HAVE OUR FIRST GUEST | EPISODE #9

Why aren’t more businesses buying cyber insurance?

Today we have with us our first guest, Mr Mark Robinson, who is the managing director of Henderson Insurance Brokers and also a specialist in cyber insurance. Mark works in Leeds in Harrogate and we’ve worked together on projects for several years. What’s really useful is getting that retail perspective on how people are getting on with cyber, what people are facing and your experience of what people can do to sell more really. So I guess we’ve got some changes coming from the privacy framework that we all speak about and that will be a big driver towards the end of this year, as people begin to move towards getting ready for that. I guess what’s also interesting is what you’re doing with your clients in order to get that on their radar really.

Mark: I think one of the issues that you’ve touched on there is the lack of sales of cyber liability. The first thing we, as retail brokers, have an exposure to is the errors of omission. This is an issue whereby we don’t discuss the issue of cyber with our clients and therefore it’s not on their radar at all. In the event of a cyber breach or a data loss, the first person they point the finger to is there insurance broker and obviously if we have failed to mention it, there is an error of omission there. Or linked with that is if we miss sell a cyber insurance policy. So, if we don’t have a correct understanding of wording, in the terms of the cover and we miss sell it to them, well that can be almost as bad as not selling them a cyber policy at all.
So one of the things I’ve been tasked with across the Henderson Group is to develop a cyber strategy. The number one key point for us is education, and I think that’s true across the entire cyber security sector.

So what does that look like? Do you mean internally with your account holders or with your clients?

Mark-It’s across the board, so the first thing we’re looking to do is to educate within our business. So this is account handlers, our account executives that are going out to meet with the clients. I can say this because I used to be one, account executives are very structured in what they do. So, they will have or they will go into a client meeting that we know- and they’ll know how it’s going to run. Because we will have gone through it in our heads several times. Rightly or wrongly, there are two types of meeting an account executive goes to, a renewal meeting or a new business meeting. In a renewal meeting, you want to get in and out as fast as you can with renewal instructions and try to avoid any questions that’ll throw you off track! A new business meeting is to get in and out as fast as you can and to hopefully strike a new deal with the business. What we avoid, is any difficult questions that we don’t know the answer to…

Just before you go there, I think what you’re saying is, that it’s likely that the if the account executives feel comfortable about talking the digital risk and the various types of exposure, it won’t be missed.

Mark- Absolutely. So that’s where the education comes in, we need to make sure that our guys are educated enough to the extent where they can feel comfortable to go in and have that initial conversation about cyber insurance.

That’s where it starts that level of comfortability.

Mark-Absolutely. The issue is they’re frightened they’re going to be asked a question by the client and they don’t know the answer to that question and all of their credibility goes out of the window. So number one is the education piece, that’s a big part of it all. Once they understand the simple heads of cover and how it would be triggered that’s half the battle. Once our staff are educated, our staff can educate the clients. Another issue and again, an issue that is sector wide is the press reporting of UK cyber incidents. The UK press are getting better at reporting UK based cyber threats and breaches, but certainly you talk about two years ago, even just last year; if a client ever asked for an example of a claim, you ended up pointing them towards UBER’s claim or Playstation’s claim, or something that’s happened in the US. That’s fantastic and frightening, but does that really relate to a manufacturing firm, absolutely not.

I think that failure to resonate with the examples you’re giving to them, it doesn’t relate to them. As the consumer and purchaser, if they don’t feel that what you are offering them isn’t relevant to their business, you’re never going to sell it.

Mark- That’s it, it all comes down to the fact that as a sector, brokers and insurers as a sector aren’t making it easy for them to buy cyber insurance, because we aren’t making it very clear to them. We’re not making it clear to them what it is. It’s difficult to obtain, because of the amount of information that’s required…

Are you talking about the size of the application?

Mark-Yeah, exactly. We still for whatever reason, pigeonhole businesses. I.e. a technology business, manufacturing business. In all honesty is there such thing as a technology business anymore? A stand alone technology business, probably not. All businesses use technology now.

I think so, in some of the earlier videos, I’ve talked about businesses that have gone from non digital to digital enabled. I think you’re absolutely right, it’s very rare that businesses don’t do six or seven functions that have a digital risk attached to them and a cyber policy could help mitigate them against those activities. I think you’re absolutely right that the way that people are presenting the risk from a cyber liability approach, might be slightly misleading. It might be more effective for people watching this who are brokers, to perhaps look at profiling their activities. So looking at online banking, email, portable devices and helping account executives understand that, as opposed to going in with an eighteen page cyber application form and saying can you fill this out. Talking about cyber threats is a very ineffective way of selling the policy. If you’re talking about claims that aren’t relevant to them and talking about cyber liability threats that they don’t feel they have exposure to, you’re going to struggle to make a sale. Just going full circle in this, I guess what you’re trying to do at Henderson’s is to try to change the way your account handlers actually raise this issue. Through the educational activities that you’re doing, they’ll feel more comfortable in how to raise it and present it in a different way and the client has a better experience of learning about it.

Mark- It becomes an informed decision, rather than buying ‘this’ because it’s the new thing to buy.

You made a really good point that- So, I started in cyber and then transferred from technology to digital risk insurance about six years ago. Initially at that time, I was trying to sell policies, directly to the insured, it was insanely difficult because nothing was in the press. At the time, it was the FCA who were responsible with privacy and then the ICO formed. The Information Commission Office, you’re right, because you have to be registered with them and they do a lot about publication and notification, it really has gone from not being in the news to headline press. I think that’s really raised the awareness for the insured. They understand now that it’s a real threat. However, there still is that gap between value and what you’re putting onto the table. That’s got to be when the penny really drops.

We have got privacy law and regulatory framework coming out, which is going to make it more challenging and costly should a breach occur. I do really think there is a gap between the everyday business to which you would have thousands of within your organisation and the amount of people who buy cyber which is actually very small. You say the word ‘cyber’ to people and they believe that implies only if they rely very heavily on selling products online and if they’re not, then they don’t feel their digital risk exposure is a threat. One thing that we do a lot of here, is talk more about digital risk than we do cyber threats. I think that’s a really good tip to take away from this chat we’re having now. Try profiling your businesses and get your account executives to focus on the business’s individual threats.

Mark- I think the term cyber, as you mentioned, gets thrown around a lot, which puts a lot of people off when they don’t see themselves as a technology business. Generally, a cyber liability policy covers data, which extends to include paper records. Even so much as leaving a laptop on a train or in a taxi, or putting a file in the bin rather than confidential waste, is potentially a data breach.

Here’s the other massive point, most smaller and medium businesses, will outsource these responsibilities. They use third parties to hold that data or store on a cloud and often even for the shredding of business documentation. So the risk is usually out of their hands, but it’s still a very real risk and they will be responsible if something happens. I think you’re right, understanding that is really important.

Going back to what we were saying about profiling, we’ve seen such an increase in social engineering and I imagine that you don’t have many clients who don’t use online banking or are exposed to malware or ransomware. All of those things are covered by a digital risk insurance policy, but again people are shying away from it because they don’t understand that they are exposed. I think that’s really interesting piece where brokers can have more traction, by identifying, well do you have email? Yes? Then, these are the things you’re exposed to!

Tech

EPISODE #8

This week we’ll be focussing in on ransomware, whilst we’ve touched on ransomware more generally in a couple of previous episodes, today’s vlog will be honing in recent activity that’s affected our clients. We hope that sharing these recent developments will help give you some clues of what to look out for!

Ransomware is a much talked about topic and is generating a lot of publicity; it’s also something that we see crop up time and time again in our conversations with clients. We’ve actually had two incidents within the last couple of weeks that were very similar; fortunately both didn’t have a serious impact on their businesses. Fortunately our vendors were able to act fast and help mitigate and further nullify any potential losses.

The most recent feedback we have had from our brokers is that even though the threats are very real and very current, not all businesses see the need or think they are vulnerable and are not taking up the cover. In both these cases, we must stress, the businesses were non-digital, they didn’t have e-commerce; they had few digital aspects to their business (online banking, storing of employee data) they were exposed and fell victim. The way that the attack is happening is, the attackers are targeting the HR Department.

Attackers are targeting HR departments, quite simply because they are easy targets. They are used to receiving emails from unknown persons, whether it’s people speaking to them about opportunities within the company or correspondence with other businesses- either way HR are used to clicking on emails from strangers. Therefore, what’s happening is the ransomware email is opened by the unassuming employee, attached is a PDF document and an Excel spreadsheet. Whilst the PDF seems to be benign, the spreadsheet contains the malware designed by the attackers, to begin encrypting all of the files as soon as it is clicked open, asking for a bitcoin payment.

One of our goals and what we really try and work on is; We obviously want to be the insurance solution but as important, if not more, we want to be able to guide them offering them the tools to prevent. We’d much rather add value in that way, helping both you and the client, offering tools and resources through our offering that raises awareness of said potential issues, educating them with the aim on improving their risk management, preventing them from landing themselves in a sticky situation. Of course we’re still also there if it all goes wrong as insurers, but from our perspective it’s equally important to help them prevent as well as protect.

There are quite a few things that the insured can do, whether it’s having the right settings on their G-mail or Outlook, or simply keeping up to date with the right information. We’re always producing new material that contains all of the necessary pointers on what to look out for or what to be mindful of clicking on. We deliver this through our monthly webinars and weekly educational publications.
We wanted to bring this subject your attention, to make sure you keep your eyes open; especially with the high frequency attacks which have occurred over the past week. If you have any questions or want to learn more about the warning signs of malware and ransomware, as always please feel free to get in touch as We always enjoy hearing from you.

Tech

INTERNET OF THINGS & INDUSTRY 4.0 | NODE TV EPISODE #7

Hello and thank you for joining us for episode seven of Node TV. How time flies!

A huge theme over the last few weeks has been our excitement over the digital revolution. What we’re witnessing is incredible; as insurance brokers, underwriters and business intermediaries you’re trying to keep up with, as well as hopefully, trying to adapt and innovate with, is just phenomenal.

In light of that, one of the topics I have been asked about a lot over the last couple of weeks is Industry 4.0. Or more specifically, how we think the upcoming industry revolution is going to affect insurance.

Again it’s about understanding how fortunate we are to be at the very cusp of the industry’s fourth revolution. The first revolution, known topically as ‘The Industrial Revolution’ occurred in the eighteenth-century as the result of the discovery of steam power. Secondly, we have the mass-production revolution, assembly line production powered by electricity in the early twentieth-century. Then, of course most recently the third which kind of covers, the time through from the seventies to the nineties, where we saw the rise of computer and automation.

Now, we’re at the beginning of the fourth, the revolution that experts are referring to as the revolution of cyber physical systems. I think with the change that we are going to witness over the next twenty years, is going to create a very dynamic space within the insurance industry. Naturally, I want insurers to begin to look at this. I think it’s absolutely the right time to look at cyber liability insurance for clients; that’s the things we here about day in day out. That’s the data and the privacy, the business interruption, the infrastructure and network- the general hackable of side of things

But more than that, now is the time to look at the internet of things and the interconnectivity of devices and machines. It’s crucial to understand that with the progression that we are going to see happen over the next twenty years- the internet of things is not going to go away. We speak to insurance brokers all over the world, every single week and we’re constantly reminding them this. As well as doing everything we can to help them find confidence and assist them in discussions with the insured.

Frankly there is a lot of money to be made. We all like to do a deal, but also it’s a necessity, as it isn’t going to go back. We need insurance brokers based in all corners of the world to get informed and to get comfortable discussing the internet of things., the digital revolution and the technology standpoint. We’re at a point where manufacturing, is going to completely change, so it’s important to ground ourselves now.

I was actually reading a really useful study the other day, which has inspired me to collate together run some services off that are most going to be impacted by the industry 4.0. Within all service industries, we’re going to see a complete alteration of their business models. How people look at reliability in their infrastructure, the IT security, the machine safety, the product life-cycle, industry value-chain, work and education skilled economic factors. It’s all going to be turned on its head. I think it’s crucial that everybody starts to address and considers these. They say risk, I say opportunity!

We also believe that certain products around the cyber and ENO are going to have to absolutely change; thus again prompting a complete shift in the way in which we underwrite these types of risk. Perhaps most importantly, the information we will need ourselves, in order to underwrite these risks is going to change.

Whilst it might sound daunting, don’t lose sight of the excitement that comes with change. We’re really excited and hopefully you are and will be too. Get some confidence and start to have the conversations with the insured, as the industry 4.0 gains speed, you will see great benefit from being involved!

Tech

E-GAMING JACKPOT INSURANCE | NODE TV EPISODE #6

This week is a snapshot look into the new and exciting E-gaming sector.

E-gaming is a sector that we’ve really focused our attention on over the last few years and its where we’ve really seen our business grow. It’s one of those areas which has spun out of the digital revolution. Traditional offline gaming has moved online and the sector has really taken off. What makes it so interesting is the room for innovation and development that the sector holds for creating new digital insurance products.

Instead of focussing on cyber or tech products, e-gaming requires thinking outside of the box. One of the coolest things we’ve been developing at Node is solutions to insure the jackpots. Where traditional gaming companies would have typically used ticket based sales to build a jackpot, we have built some very innovative systems around insuring an online jackpot. In particular, we’ve been working with lottery based games, as well as recently moved this blueprint into online slots.

To take a quick look at our solution, it was brilliantly simple. Following the traditional principles of a lottery or slots based game, we found a way to remove the moral hazard by leveraging the latest technologies, in particular the block chain architecture . Also we have deployed older service principles like database mirroring so the bet file was then protected.

If you are a broker out there who deals with the e-gaming sector, please get in touch if you would like more info. You may not be aware of this new approach, moving beyond liability from the platform and instead focussing on the prize fund as well. We think it’s a really exciting approach to take. It’s an entirely new form of insurance!

What’s great about the sector, is that as people evolve in the space and new games and businesses pop up, the insurer is similarly able to grow and innovate, making it one of the most wonderful sectors out there.

Next week, we’ll be heading to the ICE conference at the ExCel in London, so if you’re heading there too, we look forward to seeing you!

Tech

CYBER INSURANCE Q&A | NODE TV EPISODE #5

This week we’d like to share with you our projections for cyber insurance in 2017 and maybe even 2018. We’d also like to talk through some of the new opportunities that are presenting themselves to us here at Node and some new areas that are beginning to offer some exciting new ventures.

To kick things off, let’s have a look at the current field of play and where we think the trends will sit in the next twelve months. It’s a notoriously difficult thing to lock down, simply due to the ever changing and evolving nature of digital risk. Indeed, the level of crime and sophistication of the incidents we are seeing is definitely on the up. These however, are the territories that are creating the most buzz and the most conversations.

One of the biggest current trends is data integrity for business owners. We’re seeing a shift in focus away from not just what data they are holding, but towards how they are holding it and ultimately what they would do in the case of a breach. Conversing from an insurance perspective, that means a stronger focus on what a cyber insurance policy will specifically do to help rectify the problem.

Criminal activity, specifically the ways in which criminals are using and manipulating various infrastructures is also going to continue to grow and be a massive player over the coming year. We’re going to see more disruption by organised crime with them exploiting networks and essentially proving harmful and disruptive to businesses.

As we’ve previously touched on in past posts, spear-phishing and social-engineering are appearing both globally and daily. Again, it’s organised crime and fraudsters specifically targeting businesses. All of the aforementioned are very insurable for now, but their sophistication is going to continue grow and it’s something that we’re really going to have to continue to monitor.

Secondly, we want to share with you the new sectors that we’re being approached by and who are actively looking for a cover that will mitigate risk in their specific areas. Here at Node, we think that this is one of the most fascinating aspects of the what we do. Never in our history are we going to see such a fundamental transformation and transition, like that of the internet and what it has done for trade and commerce. Our exciting part to play is our role in coming up with new solutions for those old infrastructures which have recently updated to new technologies. As they embrace the brilliance of technology, we are able to protect them against the new risks they face.

One of the largest of these, particularly in London, are the marine and aviation sectors. They are typical of businesses who have historically had a very set infrastructure of digital risk. One that has been either a very fixed layer, or simply hasn’t existed at all. Yet now that they are becoming digitally enabled, we are finding that not only do they need to look beyond their current policies in order to cover them. But also that this digital risk, is actually the largest and realest risk they face. As such they need a solid and reliable digital risk insurance solution that will help mitigate against this.

Other sectors that are gathering momentum are the service sector, as it moves towards driverless vehicles, artificial intelligence and drone delivery. The e-gaming industry, where traditional casino customers are moving online and lastly the Internet of Things, which is looking to make huge advances in the next few years.

As all of these industries rely more and more heavily upon digital infrastructures, so will they rely more heavily on digital risk management and cyber insurance.

This week, we’re more interested than ever in hearing your feedback. We’d love to know if there are any big contenders you feel we’ve neglected.

Goodbye for now,
The Team at Node

About Node International

We provide leading comprehensive insurance coverage combined with essential cybersecurity prevention and detection tools.

Related Links
Cyber Insurance Newsletter

Interested in Cyber Insurance?

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Spotify
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound