Category: Cyber

Cyber-attack ā€“ the heart attack of the companies

Posted on by

From a cyber perspective, there are only two types of companies: those that have been hacked and those that will be hacked.

When an agricultural producer gets hit by a ransomware attack, it comes close to collapsing its business. The last two years of our lives will forever be marked as the years hardest hit by the global pandemic COVID-19. But this period has also brought us other threats, namely the digital pandemic in the form of the rise of Ransomware cyber-attacks.

What is Ransomware?

It was an ordinary morning for the agricultural company which is one of the main dairy products producers in the region. The director of the company arrived as usual some time before the workers came to the factory, turned on his business laptop and noticed a disturbing message: ā€œYou are under ransomware attack, please follow the link for further steps.ā€

Ransomware is a type of malicious software or encryption program, placed by a hacker, that works by encrypting data on a network. To regain access to the data, it asks you to pay a ransom in exchange for a decryption key. Some researches (Coveware) show that a minority of companies that choose the ransom payment route, end up being forced to make additional payments or never getting access to their data.

Ransomware attacks have been one of the most common threats in the last couple of years. Business interruption periods increased from an average of 15 days (2020), now to an average of 23 days (2021). It should be also noted that the business interruption costs sometimes are as high as the ransom payment, or even exceed the amount. IBM’s 2020 Cost of Data Breach Report shows us that it took around 280 days to even identify a breach in a system, which gives us an insight into the ability and power of hackers to move stealthily and silently through a victim’s system.

Cognyte company, the security analytics agency, claims that the Manufacturing and Financial Services industries are the leading targets for ransomware hit, followed with a Transportation, Technology and Legal and Human Resources industries. Some examples are:

  • In 2016, Delta Airlines faced a major network outage that lasted for five hours and cost the company 150 million USD.
  • In October 2016, there was a DDoS attack on Dyn, a company that administers a major element of the web, that took down widely used websites such as PayPal, Twitter, Netflix, Amazon, and others.
  • In 2017, Maersk, a Danish shipping company, faced a cyber-attack that disrupted operations for two weeks, resulting in a loss of about 300 million USD.

Weak point RDP

According to the UK security company Sophos, one of the most distinguished ways is the widespread use of Remote Desktop Protocol (RDP). RDP is a system which allows remote users to connect to the desktop of another computer via a network connection. Usually it is used by organizations to allow employees to gain access to their networks while they are working remotely. If the port, which an organization uses for RDP access, is exposed directly to the internet, it is easy for malicious actors to find it, where they then attempt to gain access to an organizationā€™s computer systems.

After the hackers gain access to the system, the next step is to break into organizationĀ“s local administrator account. This means that the attackers are using a computer program trying to crack the passwords by trying various password combinations in quick series. The longer and more complex password, the more difficult the job will be for hackers to crack the system. Unfortunately, in our case, the local administratorĀ“s account had a weak password combination. Additionally, the absence of Multi-factor authentication (MFA) for RDP access, allowed the hacker to gain access to the organizationā€™s network without having to go through a second verification procedure, such as entering a verification code.

The production was blocked and unfortunately the company did not have offline back-up stored on an external storage that could be used to restore them. After the activation of the business incident plan and connection with the external incident response team, the company decided that a ransom will be paid. After the payment and receiving decryption key, the recovery was started. As the whole process was time-consuming, it took around 14 days for the system to get fully recovered.

The benefits of cyber insurance

Due to having a cyber insurance policy, the company was able to carry out the whole process of recovery of data and ransom payment with highly skilled IT professionals. The costs which were covered under this cyber-attack were, above mentioned ransom payment, business interruption losses, business incident response, forensic investigation costs, crisis PR, privacy liability, compliance with the data protection regulatory bodies (GDPR) under the law regulated time.

Some important statistics (Indusface)

  • Organizations saw a record 225% increase in losses from ransomware attacks in 2020;
  • 53% of attacked businesses stated that their brand and reputation were damaged after a successful attack;
  • Around 26% of enterprises had to shut down operations permanently because of a ransomware attack.

From a cyber perspective, there are only two types of companies: those that have been hacked and those that will be hacked.

If you are interested about the possible insurance offers and the level of vulnerability of your company to cyber threats, contact us and team of our specialists will provide you all necessary information about the further steps.

Related Insights

View All

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Continue reading “Cyber-attack ā€“ the heart attack of the companies”

Technology Insurance: What you need to know before hitting the market?

Posted on by

A couple of years ago, my friend from a law firm decided to learn some coding just for the fun. After some lessons, he discovered how similar contracts and software are in nature – writing a code is like drafting a contract. Both have an idea how it should work to become a functional piece of program or contract.

Like business relationships, technology can also let you down. The biggest software failures in recent history have affected some of the biggest companies and millions of customers around the world. Very often software companies developing and supporting their systems are to be held liable for damages.

Case studies: how technology can cut us off

Imagine you are having a nice Sunday with your family and scrolling your phone to check e-mails just to discover one of the largest airports in Europe has cancelled over 100 flights due technical issues. This happened twice in London Heathrow Airport back in 2019 and 2020. Who are to blame? Technology companies who created, maintained and amended the systems.

Or something more recent – a major outage affected several high-profile websites, including Amazon, Reddit and Twitch. It was discovered that the outage was caused by service configuration that triggered disruption in specific locations. For these companiesā€™ outages cost around $250.000 per hour and it is claimed back from the service providers.

The problems can start out of contractual relations too, and the technology company can find itself in the middle of a court case. Facial recognition start-up Clearview AI was sued in a potential class action lawsuit that claims the company crabbed up photos from employment sites, news sites, educational sites, and social networks out of ā€œpure greedā€ to sell to law enforcement. It is currently difficult to estimate the final cost and claimed damages related to this case.

How to save the business in these situations?

You canā€™t do much to avoid technology failures totally, but there is a way to find some redemption in the complicated situations. When it comes to mitigating the risk and finding a proper insurance policy, technology insurance is one of the very first insurance products recommended for technology companies.
This is covering the liability arising from the technological activity. For instance,

  • damages related to the errors
  • failures to perform, breach of contract
  • security failure
  • media liability
  • intellectual property breach
  • legal expenses related to the actual or alleged claim.

The core of this insurance is professional indemnity, which is rather related to errors and negligence and not directly to bodily injury or property damage like general liability policies.

Shortly, this is the solution to transfer your companyā€™s financial risk and meet the contractual requirements. Insurance should be the first risk mitigation measure to consider while starting technology company, concluding the first contract or considering service or product launch.

Simple steps to get the insurance policy done

Buying your first technology insurance policy is far much easier than creating the technology itself. We only need your input to introduce your company to the insurance market and obtain quotes. The rest is for you to decide if and when you need the coverage be effective.

Related Insights

View All

Helen Evert

Practice Leader Liability & Financial Lines – Estonia

T +372 5824 3096

Continue reading “Technology Insurance: What you need to know before hitting the market?”

Cyber insurance comes of age

Posted on by

Cyber insurance, now out of its infancy, has become an essential part of risk management. Stephan Eberlein, cyber expert at GrECo Specialty, reports on how you can get tailored cyber insurance with the best conditions, even in the current market environment.

For years, GrECo has been concerned with communicating to its clients that cyber incidents can be major loss events with serious effects on the company’s success or reputation. Risk transfer via an insurance solution is an important measure for effective cyber risk management.

At the beginning, there was still a lack of risk awareness among domestic company managers, who were “still” convinced of the effectiveness of their firewalls & co. The available cyber insurances were also still in their infancy and their complexity was not easy to understand. However, there was a euphoria in the insurance industry, which provided plenty of capacity at very low premiums to generate market share.

Cyber threats: the No. 1 business risk

Since 2019 at the latest, the world has entered a new cyber era. Although the IT landscape has faced viruses, security breaches and other forms of cyber attacks for years, cyber criminals have become increasingly sophisticated. Meanwhile cyber threats now represent the top business risk (source: Allianz Risk Barometer 2020).

Due to the large number of reports of cyber attacks and their serious financial consequences, many business leaders around the world have taken out cyber insurance at favorable premium costs. In early 2020, Munich Re valued the European cyber insurance market at more than 1 billion USD.

The digitalization accelerated by the Corona crisis not only led to a further sharp increase in cyber insurance policies last year, but also to a rapid increase in claims. Insurers had to deal with ransomware attacks on a large scale. Acting as an accelerant to the negative claims figures are incidents such as SolarWinds, the latest global cyber incident that even compromised government systems. Experts estimate that the insurance industry will have to pay about 90 million USD for this incident.

Cyber insurers are now complaining that claims payments far exceed premiums. Insureds are now feeling the consequences in their policy renewals: capacities are being cut and premiums are being increased, sometimes sharply. In addition, the application process for large companies is becoming more and more burdensome. In other words, market hardening has not stopped at cyber insurance.

Key to best possible conditions

In the current market environment, a “risk-based” approach and transparency are the key to a tailored insurance solution at the best possible conditions, both for contract renewals and new contracts.

However, companies often do not have sufficient answers to questions such as: Which “crown jewels” need to be protected? What is the financial impact of an intervention on these assets? We therefore recommend assessing the cyber risk as part of a loss potential analysis in order to derive the insurance requirements.

Cyber security audits are used to determine the maturity level of IT security, because insurers now consistently demand minimum protection standards. This means that it is worth checking in advance whether the technical and organizational security measures correspond to the state of the art.

Regular awareness trainings for employees and penetration tests also have a very positive effect on risk assessment by the coverage market. On one hand, these measures serve to raise awareness, and on the other hand, they allow companies to test an emergency situation and derive important conclusions for their cyber risk management from the results.

Support in risk and insurance issues

GrECo’s experts accompany you throughout the entire phase of preliminary work up to the completion of the customized solution. They identify potential for improvement in IT security, shed light on the market environment and coverage options. They manage the marketing process, in which detailed questions often have to be answered. We are currently in a seller’s market. This means that the more transparent and better the company’s individual risk situation can be presented, the greater the insurers’ appetite for risk and the more attractive the outcome of the negotiations. So-called “underwriter meetings” also have a positive influence on the results of negotiations. In these meetings, the insurers’ risk engineers have the opportunity to ask detailed questions directly to the company’s managers. This facilitates the application process and promotes trust.

Cyber insurance, the new fire insurance

It is now undisputed that cyber insurance can effectively reduce or compensate for the financial loss in a cyber incident. The current loss events have demonstrated this clearly. Thus, it is more true than ever that cyber insurance should be a standard part of every company’s insurance portfolio. It is now considered the fire insurance of the 21st century.

However, it is important not to see them as a substitute for information security. In addition, companies should be prepared for the fact that insurers subject their risks to an individual review. The better the preparation, the more transparent the risk situation and the more comprehensible the corporate decisions in this area are, the smoother contract renewals and new contracts for cyber insurance will run.

Related Insights

View All

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Continue reading “Cyber insurance comes of age”

Cybercrime is also targeting your business

Posted on by

Some industries, such as online retail or banking, handle large amounts of sensitive and possibly lucrative data. By the very fact that the services they offer are to a wide extent are virtual, the exposure is rather obvious. With others, like manufacturers, telecommunications and healthcare, it is their obvious dependency on IT which makes them an attractive target for attacks in the cyber sphere. And indeed, participants of industries where neither apparently applies are sometimes lead to believe that this topic is of subordinate relevance or relevant to others.

Unfortunately, this is far from true, as an even quick analysis and recent events show. It is a misperception that a company has to have a widely known brand, a particular product or media coverage to become a target. Falling prey to one of the ominous phishing mails or an inconsiderate click of an employee on a seemingly harmless attachment are equally relevant for each and every company. Recent events and our claims experience show us that both large and small businesses are targeted by cyber criminals.

The top three cyber strategies of businesses

In our daily discussions with clients we encounter broadly three classes of responses:

  • Denial / minimum response:Ā The initial response is that this risk is relevant for other industries, but not so much the own. Publicly available examples are discarded as singular incidents or consequence of particularly unsuitable use of IT tools. Often, this approach is also driven by the fact that the acknowledgement of an exposure would require a reaction, which may result in costs. An insurance premium would be such an additional cost. The topic of cyber and IT security is seen as a responsibility of the IT-department. Since the details of any exposure would inevitably be technical in nature (and impossible to understand for anybody but an IT professional) this is where the matter resides best. In smaller companies, without dedicated departments, the responsibility is seen to lie with suppliers of software or hardware/infrastructure.
  • Awareness and prevention:Ā Media coverage on the topic has become ubiquitous and hard to avoid, even to a level where not addressing the topic could lead to the managementā€™s reaction in this respect being questioned with hindsight. It is understood that the exposure is not merely technical, but also comprises soft facts like social engineering and human error which has to be actively managed in a company. The focus here often lies on prevention.
  • Comprehensive approach:Ā In addition to prevention also comprising mitigation and business continuity analysis based on having developed a number of actual scenarios. Similar to fire drills, real exercises are being conducted and key personnel (not limited to the IT department) trained in how to react when servers go dark and communi

This simplified classification is of course exemplary and in reality more like a continuum. It can also be observed that when the conversation is brought to Cyber and insurance it is either the complexity of what is covered under which line of insurance (property, cyber, professional indemnity, D&O and crime being the ones which could immediately be triggered, depending on the loss scenario) which may be challenging. A certain saturation given the ever increasing media alerts and the fear this could only be the insurance industry seeking the next product it can sell are other reservations.

The risk, of course, is real and can be effectively managed by a combination of prevention and mitigation, where insurance falls under the latter.

Related Insights

View All

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Continue reading “Cybercrime is also targeting your business”

When Cyber infects the construction site

Posted on by

Cyber risk management and insurance in Construction

The construction industry becomes more connected through electronic solutions and remotely accessible systems. Until now, labour productivity in the construction sector has not seen the same increase like in general manufacturing but it is expected that this will change in the foreseeable future. Despite an improved procurement and supply-chain management it is particularly digital technology, new materials and advanced automation that promise the largest gains.

A specific trait of companies in the construction sector is the fact that each building is, to a varying extent, different to any other. As a consequence, builders and joint venture partners, vendors, subcontractors, suppliers and financial institutions are mixed together in changing constellations every time. They co-operate on a contractual framework specifically drafted for this definite project and tasked with creating something which has not been done in this exact configuration before. At the same time trying to perform as efficiently as possible to produce works fit for the purpose and free of defect, while securing the sometime slim operating margin the industry offers. This is contrary to any stationary industry, where locations and stakeholders are a lot easier to oversee processes more standardized and accessible for optimization and immunization to threats.

The main attack vectors in the construction industry in cyber are:

  • Social engineering:Ā psychological manipulation of people into performing actions or divulging confidential information. People and companies change from project to project and also within projects fluctuation of personnel happens.
  • Access points:Ā construction trailers, site offices and decentralized IT are often more vulnerable and easier to access physically than on-site premises or offices in buildings
  • Increasing digitisation of the value creation change, from project management software over electronic flow of designs and BIM to Internet of things (IOT) and automatized machinery
  • Ransomware:Ā a piece of malicious software that blocks access to a system, encrypts it or threatens to publish the victimā€™s data unless a ransom is paid (extortion)
  • Dependency on subcontractors and suppliers:Ā if a subcontractor or supplier is affected by a cyber attack it may negatively influence the timely completion of a project
  • HacktivistsĀ identifying companies as targets because of their involvement in certain areas/projects (fossil fuels, nuclear power plants, some sort of industrial plant)
  • Human errorĀ / malicious (ex-)employees

Some of these assets are at risk by a cyber-incident:

  • Intellectual property, proprietary assets, information protected by non-disclosure agreements including contractual fines if information gets disclosed
  • Architectural drawings / specifications, building schematics and blueprints
  • Compromised core systems (finance and accounting, logistics, communications) and as a consequence theft of funds, loss of contracts and contractual penalties
  • Business interruption events, literally paralyzing a company partly or in whole
  • Loss or theft of confidential information
  • Third party liability arising from any of the above
  • Loss, theft or extortion of funds
  • Reputational risk

To illustrate cyber claims examples in the construction industry, we consider the following units of a construction company and claims we have observed:

Recent media coverage of incidents only support our illustration. In October 2018 for instance, IngĆ©rop was victim of a cyber attack where perpetrators were able to get documents relating to nuclear plants, jails/correctional facilities and railway lines. The breach comprised 65 Gigabytes, including the exact locations of video surveillance intended for use in a French high-security prison as well as plans to an ultimate disposal site for nuclear waste and sensitive details on more than 1.200 employees of IngĆ©rop.

Two of the largest construction companies in Austria were affected recently as well. In one instance in 2020, the companyā€™s communication system was affected internationally, including encryption of files on network drives, ultimately rendering the company unable to act for several days, while the actual impairment of operations (and correspondingly, increased IT costs) went on for several months thereafter. The second well known incident in Austria was a Phishing email disguised in an email titled ā€œInformation on the Corona Virusā€. In this case, the actors gained access to the data of the project owner, a municipality, and consequently tried to extort them.

Also in 2020, a ransomware attack on Bouygues led to internal applications, intranet and the email-system had to be taken offline, with even phone services failed intermittently. The hacker group Maze consequently demanded 10 million EUR in ransom based on the attack, which presumably originally affected only part of the system in Toronto and MontrĆ©al, and consequently affected systems worldwide.

Do you need insurance?

It is and entrepreneurial decision which risks to take and which ones to transfer. The cyber arena provides exposures which simply did not exist 5-10 years ago. And just like the business environment changes, so does the response of the companies adapt to those changes.

As of today, insurance premiums are still low and wide coverages available. In the wake of the numerous cyber incidents registered in recent times the premiums are however bound to go up and covers to get more restrictive. Costs following a cyber-breach can easily reach millions of Euros, composed of ā€“ depending on the loss scenario:

  • First party losses such as business interruption and immediate costs of crisis management and first response, including technical experts and forensic experts
  • Third party losses stemming from legal liabilities such as the GDPR, including financial loss due to contractual penalties, and crisis communication requirements

As even the most advanced IT security cannot guarantee full safety (think of the recent Solarwinds hack which even affected the source code of widely used Microsoft products, though the full extent is yet to be assessed), it seems prudent to install a safety net which will step in should security measures fail and covers the worst case scenario of company closure.

The mere question of when a cyber-insurance policy is triggered is simple:

  • Data breach (violation of data protection laws (e.g. GDPR)
  • Network security breach: targeted or non-targeted cyber-attack (e.g. computer virus)
  • Operator Error: error or omission that results in a damage of data (e.g. programming error)
  • Technical failure: computer system malfunction (e.g. overheating)

The way ahead and how we can help

The evolvement of technology will continue to coin and form the value creation in construction. A conscious analysis will help to contribute to the resilience of the organisation and minimize negative effects cyber incidents may have. GrECo Risk Engineering offers specialized services supporting in the assessment of cyber exposures and choosing adequate insurance levels. With CyberSolid, GrECo exclusively offers an insurance solution with extensive cover and easy and simple application.

Related Insights

View All

Richard Krammer

Group Practice Leader Construction & Real Estate

T +43 5 04 04 119

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Continue reading “When Cyber infects the construction site”

ā€œWe are the friendly face who is there to ensure that the process runs smoothly.ā€

Posted on by

Brian Alexander, Group Practice Leader Financial Institutions, talks with Robert Lloyd, Director at ASL about trends in Crime & Cyber claims, the effects of Covid-19 on claims and the neutral and objective position of the loss adjuster.

Alexander: Can you tell us a little bit about how you got into adjusting?

Lloyd: I qualified as a chartered accountant in 2009 specialising in audit. Whilst this was great experience, I wanted more variation in my day to day work and the opportunity to travel internationally.

If Iā€™m being completely honest, I came across ASL by chance. The role sounded extremely interesting ā€“ so I went for it. I met the Senior Directors at the time and they talked about trips to Latin America, cash being stolen from armoured cars and bank robberies. It was fascinating and Iā€™m still captivated 11 years later!

Alexander: How does the adjusting process work?

Lloyd: Weā€™re appointed by Insurers to investigate the facts of a claim and the amount of the loss. To do this, we provide the Insured with one or more written lists of information and documentation required.

If itā€™s a small loss, we may just correspond with the Insured through the Brokers. Alternatively, if itā€™s a large and/or complex loss, we will typically travel to the Insured, wherever they are in the world, and go through our questions with them face to face. Video meetings are increasingly playing a part too.

Once we have all the information, we prepare a report to the Insurers setting out our findings. Based on our report, the Insurers decide whether or not the claim is payable and, if so, how much.

Itā€™s important to note that, whilst we are appointed by the Insurers, we provide a neutral and objective assessment of the claim.

Alexander: What are the benefits of the adjusting process to an insured (client)?

Lloyd: The loss adjuster facilitates the entire claims process. At the outset, we can help guide the Insured as to what they should and shouldnā€™t do ā€“ we can help them try to mitigate their loss and prevent a recurrence.

Then, by asking targeted questions, and requesting only relevant documentation, the adjuster is able to efficiently extract the information required by the Insurers to determine policy response. The adjuster also ensures that the Insuredā€™s representations are properly and clearly communicated to the Insurers.

Additionally, the loss adjuster is someone that the Insured can speak with, along with their Broker, to discuss the status of the claim or simply to explain how the process works ā€“ we deal with crime and cyber claims every day and are therefore very comfortable with the process and the issues that arise. The adjuster should be a friendly face who is there to ensure that the process runs smoothly and that the correct outcome is achieved for all parties.

In those instances where coverage issues arise, and in order to manage expectations, the adjuster is also able to work with the Broker to explain these to the Insured.

Alexander: What are the current trends you see in Crime and Cyber claims?

Lloyd:

  • An ever-increasing number of social engineering frauds where an Insured is tricked, usually over email, into paying away money by fraudsters pretending to be a colleague, client or supplier. This affects both Banks and commercial entities with cover potentially available under crime and cyber policies.
  • More ransomware attacks. This is where criminals insert malware into an Insuredā€™s computer system and encrypt data. It typically takes a week or more to get the systems back online resulting in a loss of income, which can be claimed under the business interruption section of a cyber policy.
  • Frauds involving transactions made via mobile telephone / cellphone ā€“ exacerbated by the growth of mobile banking in developing countries.
  • We continue to see numerous loan frauds across the world ā€“ and particularly in Eastern Europe. These often involve dishonest employees within Banks colluding to issue loans in return for kickbacks.
  • Weā€™re seeing fewer claims involving the forcible theft of cash from Banksā€™ premises, ATMs and in transit. Perhaps thatā€™s because running into a branch with an automatic weapon gives a much higher risk of being caught than trying a social engineering fraud or hacking into a Bankā€™s system. The amount that can be stolen by forcible theft is typically is much lower too!

Alexander: Has Covid-19 seen an increase in claims from what you see?

Lloyd:

  • Weā€™ve seen a marked increase in ransomware attacks and social engineering frauds because remote working has presented the ideal conditions for these types of fraud.
  • Thereā€™s been a temporary drop off in more conventional fraud being notified ā€“ such as individuals stealing money from their employers. However, this is likely because Insureds have only recently returned to their offices, or are yet to do so, and so have not yet uncovered these schemes. The pandemic has created the ideal environment for fraud and weā€™re expecting to see significantly increased volumes of crime claims later this year and into 2021.
  • There have also been more loan frauds notified by the large Trade Finance Banks. This is because the pandemic has caused a number of their corporate clients to default ā€“ and the Banksā€™ subsequent enquires have led them to believe that some of those loans may have been obtained under false pretences. The Banks therefore notify the matter to their crime policies.

About ASL
ASL are market leading loss adjusters and forensic accountants. We specialise in dealing with crime claims made by Banks and commercial entities. We also handle cyber claims.

ASLā€™s professional staff includes chartered accountants and lawyers. This gives us the necessary expertise when it comes to quantifying complex losses and providing coverage analysis for the crime and cyber Insurers.

We have offices in London and Dubai and, since 1988, have handled assignments in over 100 countries.

Related Insights

View All

Brian Alexander

Group Practice Leader Financial Institutions

T +43 5 04 04 342

Continue reading “ā€œWe are the friendly face who is there to ensure that the process runs smoothly.ā€”

Cyber security – the fire protection of the 21st century

Posted on by

Companies in the 21st century face the great challenge to advance digitization. This means to increase efficiency, reduce costs and deploy new, innovative IT-products and ā€“services that also enhance cyber security.

Various studies and statistics show a clear tendency: crime is increasingly shifting to the Internet. Just in Austria, the authorities recorded a 27.5% increase in Internet-based crimes between 2018 and 2019. According to the IT-trend-study 2020 by Capgemini, almost 63% of companies in German-speaking countries now intend to increase their IT-spending, compared to around 44% in the previous year.

With this tension, between the necessity for digital transformation and the existence-threatening cyber-attacks, cyber-security comes into play. Pursuing a sustainable security strategy is almost indispensable for companies. From the entrepreneurial point of view, cyber security is now at least as important as fire protection, for which usually each company has an understanding. For companies fire-protection is primarily a personal safety issue with official regulations that must be observed. Cyber security, on the other hand, is (only) a data protection issue from the point of view of the authorities, and this is probably the biggest difference in the perception of companies when it comes to the willingness to invest in security.

Identify weak points

The fire-hazard is evaluated by site inspections and tests of the fire-protection-equipment by experts in order to uncover weak points and identify potential for improvement. The same approach is used to manage cyber-threats.
The cyber-risk potential of the entire company is recorded and evaluated within the scope of aĀ risk assessment, whereby organizational aspects (e.g. security policy, employee training) and technical aspects (e.g. design of the server landscape, firewalls) will be considered. This is usually done based on relevant standards such as an ISO 27001 or the COBIT basic-protection.

A further or additional welcome step is for example aĀ penetration test. Here the digital “fire-protection-gates” of a company are tested under strict security-regulations or a “fictitious digital-fire” is set to see how the IT-security reacts in case of an emergency.

Companies also are hold regular fire drills to train employees for emergencies. In the event of a cyber-attack, unqualified employees are the greatest weakness, while trained employees are the greatest strength when it comes to averting or mitigating cyber damage. RegularĀ cyber awareness trainingĀ ensures that cyber-dangers are recognized timely and that the right measures are taken in case of an emergency.

Related Insights

View All

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Continue reading “Cyber security – the fire protection of the 21st century”

Buyerā€™s guide Risk-based purchasing of cyber insurance

Posted on by

New cyber threats are evolving almost every day along with insurance concepts.

However, it is clear that the cyber insurance policies available on the market pursue different objectives: some providers look primarily to cover damage and losses caused by a business interruption resulting from a cyber incident, while others focus on liability cover for a claim based on data breaches. Only focusing on the price of different products can lead to nasty surprises in the event of damage. In addition to the suitable scope of cover and an adequate risk premium, it is also important to choose the right sum insured for cyber insurance.

Before taking out cyber insurance, we recommend that you identify and quantify your own cyber risks within the company and define a strategy for risk management. Our buyerā€™s guide shows how you can use the GrECo cyber risk assessment to make the best possible decision in terms of cyber insurance.

Step I: Identification of the company cyber risk

The cyber risks of a company, such as cyber attacks, data breaches or IT errors of employees, are diverse. Companies must first of all face the challenge of identifying these risks. Here are some examples of the most significant risks for most businesses: data risk, operational risk, criminality risk and reputational risk.

The most significant cyber risks for companies

Step II. Determining the adequate sum insured

If the companyā€™s cyber risks are identified, we recommend qualifying and quantifying these risks. Cyber risks can also be prevented or at least reduced in most cases by specific risk management, but a residual risk almost always remains. The residual risk of a potential major loss is covered by cyber insurance. Choosing the right sum insured and deductible commensurate with the risk involved can be a challenge. The evaluation approach must be chosen, based on the risk type. The evaluation of the loss potential resulting from data theft follows approaches other than the evaluation of a business interruption following a cyber attack on IT infrastructure and key systems. The insurance market currently has sufficient capacities, even if high sums insured are required as is the case with multinational companies. The specialists of GrECo Risk Engineering are on hand to help you prepare loss potential analyses for cyber risks. Read the article ā€œIdentify your risks. Donā€™t burn your money.ā€.

Step III. Evaluation of cyber resilience

Cyber resilience is a comprehensive strategy for enhancing the resistance of a companyā€™s IT systems to cyber attacks. International standards such as ISO 27001 or the cyber security framework of the international standardisation authority NIST offer recognised models for establishing, implementing, examining and continuously improving the companyā€™s own cyber resilience.

But it is not appropriate to introduce these standards for all companies. These certifications are often too complex and cost-intensive, especially for SMEs. However, cyber security services such as cyber penetration tests, awareness training courses and cyber scoring reports are available to help SMEs to build up their cyber resilience.
The cyber scoring report allows companies to establish their digital footprint quickly and cost-effectively. Leaked, publicly available company data (e.g. email addresses, passwords, user names, etc.) is searched for during a desktop scan of the internet and darknet. The result of the report shows the companyā€™s digital footprint, from which it can be concluded how the employees move in cyberspace, how visible the company is for cyber attacks (reputation in cyberspace), whether recent attacks can be detected, etc.

Cyber insurance ultimately safeguards corporate assets …
The awareness of the possible loss potential is an essential requirement for the decision on an insurance solution and its characteristics. Cyber resilience safeguards material and immaterial corporate assets and supports the purchase of cyber insurance in terms of quality and price.

As every minute counts with cyber damage, cyber insurance also offers important services such as immediate telephone protection, an IT expert network, and legal and PR support in order to overcome the cyber incident in the best way possible and prevent a negative impact on the companyā€™s reputation. After the crisis has been overcome, cyber insurance takes responsibility for first-party and third-party liability losses.

Related Insights

View All

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Guido Teutsch

Specialist Employee Benefits

T +43 5 04 04 – 247

Continue reading “Buyerā€™s guide Risk-based purchasing of cyber insurance”

How hackers work…

Posted on by

Crisis manager Crawford & Company explains

Cyber criminality can take on a number of forms ā€“ but one aspect always remains constant: the criminal energy of the attackers!

The hackersā€™ motivation is to seriously disturb a companyā€™s operations and to gain a financial advantage from the criminal act ā€“ with correspondingly negative consequences for the parties concerned. If this scenario occurs, the following are crucial: good preparation and professional and coordinated actions!

Attackers usually gain access to the IT systems of the parties concerned and the sensitive data stored on these systems. In the past, the main focus of the risk assessment was often on the associated data protection and regulatory aspects. These aspects must always be taken into account, as otherwise there is the potential for hefty fines from the supervisory authorities. The recent past shows that authorities are increasingly imposing these types of fines due to data breaches (e.g. in accordance with the GDPR).

Fraudulent emails and encryption Trojans

The usual attack vectors are still often email fraud or attacks with encryption Trojans (ransomware). Over the past 12 months, we have been monitoring the trend towards increasing targeted attacks that are often based on social engineering (e.g. by phishing emails) in conjunction with complex, smart and automated malware (such as e.g. Emotet which is deemed to be one of the most destructive and cost-intensive malwares).

The damage and losses resulting from cyber incidents may take on significant proportions in many cases. In addition to the regulatory aspects mentioned and data protection, the potentially significant damage to the companyā€™s reputation and the financial losses of this company must also be taken into account.
The financial losses incurred are not restricted to the monetary expenditure for restoring data, IT forensic analysis and the evaluation of the attack, and to the costs of involving specialist lawyers and PR consultants. Financial losses that result from the temporary standstill of businesses or even entire corporate groups are increasingly playing a leading role in the risk assessment.

Crisis management with professional help in the event of damage

In addition to preventative measures for defence against and prevention of attacks, acting quickly and professionally in the event of damage or loss is usually the key to best overcoming cyber incidents and reducing the resulting damage and losses. In terms of crisis management, an external crisis manager may coordinate the management processes involved centrally together with the companies involved. With access to a carefully chosen and extensive network of external specialists as a result of framework agreements with IT forensic experts, lawyers and PR consultants, Crawford has the resources to offer active support in the event of damage or loss. Experts experienced in major damage and losses work at Crawford as crisis managers to offer support during the whole process, from the initial analysis and mitigation of the incident to the subsequent damage claims process as part of cyber insurance. This fully integrated crisis and claims management process represents a smooth and efficient solution for the entire cyber insurance claim.

GrECo best practice recommendations for mitigating the damage of a cyber incident

Florian SƤttler is Head of Cyber Services, Germany/Austria and works as a Cyber Incident Manager at Crawford & Company (Deutschland) GmbH. The qualified industrial engineer started working as an expert in insurance claims for Crawford Global Technical Services (GTS) in 2014 and investigated various large national and international claims in the commercial and industrial sector. He has been an accredited Crawford GTS Cyber Incident Manager since 2017 and is responsible for crisis management/incident response in the event of cyber incidents, with a focus on Germany, Austria and Switzerland in cooperation with Crawford network partners.
Crawford & Company is the worldā€™s largest listed and independent claims provider and has been helping policyholders and insurers with the solution-oriented processing of claims resulting from cyber criminality since 2014, using the Crawford CyberSolution. Crawford & Company has approximately 9,000 employees globally and has already processed well over 1,000 cyber claims.

Related Insights

View All

Stephan Eberlein

Group Practice Leader Financial Lines

T +43 664 962 40 60

Guido Teutsch

Specialist Employee Benefits

T +43 5 04 04 – 247

Continue reading “How hackers work…”

Identify your risks, donĀ“t burn your money!

Posted on by

Cyber-crime loss potential analysis

Cyber security has long since arrived on the management floor of SMEs. Budgets are being increased, the outsourcing of IT services is becoming increasingly popular and the training of IT employees is being promoted. The essential aspect of cyber security, i.e. raising awareness among employees with relevant training courses, is increasingly becoming a standard element of training plans.

However, the number of successful cyber attacks is on the rise, which is also due to the increasingly sophisticated methods, especially in relation to manipulating employees with social engineering, and the more aggressive behaviour of the attackers. Cyber attacks still have a very high success rate for criminals, with minimal effort and a low probability of being caught.

Comprehensive risk assessment

GrECo offers you a 360Ā° support for cyber risks and advises you comprehensively from the identification and evaluation of possible cyber risks to the customized coverage of cyber insurance.

Risks are identified and assessed along the risk management cycle in order to objectively define a strategy to manage these risks, including costs and benefits.
A comprehensible and transparent risk assessment is essential for using existing resources where they have the greatest impact, especially given the rising need for investment in cyber security.

GrECo Risk Engineering ā€“ GrECoā€™s subsidiary specialised in risk management ā€“ evaluates the following losses as part of the cyber loss potential analysis.

1. First-party loss potential analysis

A key part of the analysis of first-party loss is the impact of a potential cyber incident on business interruption or business restriction. This is especially important for manufacturing companies due to the increasing dependence on functioning IT processes. The analysis includes evaluating the impact on bottleneck systems and production-critical, infrastructure facilities. However, the IT systems used for production management or warehouse logistics are also an important part of the analysis.

The availability and integrity of data play an essential role for service providers and local authorities. Other internal cost positions are intra-company friction costs incurred from finding the causes of damage, determining the damage and repairing the damage. First-party losses also include the costs for obligations to provide information to authorities and customers, possible penalties and contractual penalties or blackmail payments. The first-party loss potential is also supplemented by reputational damage and theft of trade and business secrets, the monetary valuation of which poses a particular challenge.

Providing proof of damage and losses to the insurance company may also involve considerable costs. The burden of proving the existence of a cyber incident lies with the companies.

2. Third-party loss potential analysis

Assessing third-party losses that may essentially result from risks of liability to third parties is very important. These losses may have a significantly greater impact than the first-party losses and are often more difficult to assess, as company stakeholders such as customers, suppliers and its own employees must be taken into account in the analysis. The applicable legal situation also plays a key role, as it is necessary to clarify individually whether there is a liability and to what extent. The legal situation may very different in specific countries. According to the General Data Protection Regulation, the parties affected by a data breach are entitled to compensation for pecuniary or non-pecuniary damages. However, the final supreme court decisions that can serve as precedents have yet to be made.

3. External cost positions

The costs for external consulting services for damage forensics, damage repair (e.g. restoring data) and for crisis communication, legal consulting costs or the reduction of reputational damage which may represent a significant cost factor for cyber damage and often be underestimated, are assigned to the external cost positions. Internal personnel are often not able to perform these services due to a lack of expertise or a lack of resources.

Assessing the loss potential is an important prerequisite for taking out cyber insurance both in terms of defining the sum insured and for the design of a risk-adequate scope of cover.

Related Insights

View All

Johannes Vogl

General Manager GrECo Risk Engineering

T +43 5 040411160

Continue reading “Identify your risks, donĀ“t burn your money!”