Cyber Villains’ Strike Again!

The Verge reported on Wednesday, October 6th, 2021 that cyber villains unknow have struck again!  This time targeting Twitch, an content sharing and streaming platform owned by Amazon. 

The Verge had the following report, which can be found at https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor

Twitch source code and creator payouts part of massive leak

The leaked data also includes a Steam competitor

Twitch appears to have been hacked, leaking source code for the company’s streaming service, an unreleased Steam competitor from Amazon Game Studios, and details of creator payouts. An anonymous poster on the 4chan messaging board has released a 125GB torrent, which they claim includes the entirety of Twitch and its commit history.

The poster claims the leak is designed to “foster more disruption and competition in the online video streaming space.” The Verge is able to confirm that the leak is legitimate, and includes code that is as recent as this week. Video Games Chronicle first reported details on the leak earlier today.

Twitch has confirmed it has suffered a data breach, and the company says it’s “working with urgency to understand the extent of this.”

The leak includes the following:

  • 3 years worth of details regarding creator payouts on Twitch.
  • The entirety of twitch.tv, “with commit history going back to its early beginnings.”
  • Source code for the mobile, desktop, and video game console Twitch clients.
  • Code related to proprietary SDKs and internal AWS services used by Twitch.
  • An unreleased Steam competitor from Amazon Game Studios.
  • Data on other Twitch properties like IGDB and CurseForge.
  • Twitch’s internal security tools.

The leak is labelled as “part one,” suggesting there could be more to come. Video Games Chronicle reports that Twitch is aware of the breach, but the company has not yet informed its userbase.

The leak doesn’t appear to include password or address information on Twitch users, but that doesn’t mean this information hasn’t been obtained as part of this breach. In fact, the leaker seems to have focused on sharing Twitch’s own company tools and information, rather than code that would include personal accounts.

While Twitch has confirmed a data breach, it’s still unclear exactly how much data has been stolen. We’d recommend changing your Twitch password and enabling two-factor authentication on your account if you haven’t done so already.

Twitch has been struggling to contain ongoing hate and harassment recently. After weeks of hate raids, some Twitch streamers took a day off in August to protest against the company’s lack of action. Twitch has responded to the #DoBetterTwitch movement, and it’s a hashtag that the anonymous poster has used today to promote this leak.

Updates on the Twitch security incident can be found on the platform’s own website at https://blog.twitch.tv/en/2021/10/06/updates-on-the-twitch-security-incident/

This is Why You Should Double Check Your Cyber Insurance Policy

Image

Whether a business is in healthcare, accounting, legal, real estate, manufacturing, etc., most of a business’ important assets are digital. (Government municipalities are included too.) To make matters complicated, it’s very common for these digital assets to be stored in various systems and locations, intertwined with a third party’s digital information. With so many opportunities for disaster, steps must be taken to insure this critical information.

Cyber insurance is a new frontier that is rapidly evolving as the industry gets its bearings. Many companies are finding that their current cyber policies have very minimal coverage in case of a cyber breach, and the majority of these policies will not come close to providing the necessary breach coverages to the business or municipality.

When looking at your existing or new cyber policy, it’s important to consider these types of coverages:


As we have come to realize, the idea that security starts and ends with the purchase of a pre-packed firewall is simply misguided

Art Wittman

1. Privacy Breach Notification

Some reports estimate the notification and credit monitoring costs alone are over $100 per record, so if you had 1,000 compromised records, this alone could cost $100,000 or more.

2.Data Loss Restoration

Believe it or not, many large insurance carriers have policy exclusions for the replacement and restoration of data, so be very careful in this area when reviewing your policy.

3. Privacy Liability

This covers for the theft or loss of private information related to customers and other third-party information that is in your care.

4. Regulatory and PCI Defense

Many industries are under strict regulatory control, and breaches may result in fines and other penalties from these regulatory agencies.

5. Public Relations

If an enterprise has a breach, the bad press they receive can do significant long term reputational damage and can also be used by competitors to their advantage. This coverage will help hire a public relations firm to mitigate the reputational damage your name brand might incur.

6. Cyber Crime

If your organization is threatened with various cyber threats such as malicious code that will result in financial loss or data loss, this coverage is needed for the reimbursement of the costs associated with these threats.

7. Defense and Settlement costs

A breach affecting a lot of customers may result in lawsuits and financial settlements, so insurance coverage is needed to offset these potentially enormous costs.

8. Consulting and Forensic Fees

If a breach does occur, the upfront investigative process will require a lot of professional expertise and a lot of money, and this specific coverage will offset these significant costs.

9. Business Continuity

If a hack causes your business to lose income, this coverage will reimburse you for these losses.

It takes 20 years to build a brand or company reputation and a few minutes within a cyber incident to ruin it

Stephane Nappo

For a free cyber insurance policy evaluation, contact Libertate Insurance today at 813-367-7574 or email me, James Buscarini at jbuscarini@libertateins.com.

Our professionals are happy to review and discuss your firm’s existing cyber liability insurance policy and the relation to your unique business requirements, needs and cyber coverage. Our goal is to help your PEO and client companies navigate the cyber liability insurance landscape and identify potential vulnerabilities that could be exposed based on your existing technology network and infrastructure. Finally, we want to make sure that in the event of a ransomware attack, business email compromise or phishing expedition your firm has adequate coverage in each of the areas that you might be vulnerable to be targeted in.

Annual Growth of Cyber Claims is Double Growth of Cyber Premiums

Time For Insurers to Reassess ‘Grim’ Cyber Insurance Market: AM Best

It comes as no secret that there has been an increase in both cyber events as well as the average cost per event. This escalation seems to be fueled by the ever-increasing volume of ransomware attacks. A few fun facts from the below article from our friends at Carrier Management, citing AM Best as a source.

  • Year over year loss ratio went up 551% from 44.8% to 67.8%. 15 of the top 20 cyber insurers saw deteriorating results (9 of top 10)
  • Industry stalwarts CNA, AIG, XL and Travelers got hit especially hard on this line
  • Defense and cost containment costs (the cost to contain claims like attorneys and forensic experts) are going to be substantial due to nature and sophistication of claims; prediction of costs uncertain based on lack of historical data to support it
  • Cyber claims number of claims is up 18%, strictly due the surge in first party ransomware. Ransomware was up 35% and now accounts for 75% of all cyber claims

Needless to say, pay attention to the market if you already buy this coverage as it is quickly shifting. Critical focus should be given on ransomware limits, deductibles and responsiveness due to significant amount of overall exposure this type of attack can bring.

___________________________

With the cyber risk hazard environment—ransomware, business interruption and aggregation—worsening significantly, “prospects for the U.S. cyber insurance market are grim,” according to a report from AM Best.

According to the global rating agency’s analysts, insurers “urgently need to reassess all aspects of their cyber risk, including their appetite, risk controls, modeling, stress testing and pricing, to remain a viable long-term partner dealing with cyber risk.”

The reassessment is needed because cyber insurance, which began as a diversifying, secondary line and another endorsement on policies, is now a “primary component of a corporation’s risk management and insurance purchasing decisions,” notes Best’s in its report, “Ransomware and Aggregation Issues Call for New Approaches to Cyber Risk.”

The loss ratio for cyber insurance rose dramatically in 2020, to 67.8 percent from 44.8 percent in 2019. However, the increase was not limited to just a few insurers—the loss ratio rose for 15 of the 20 largest cyber insurers, AM Best reports.

“The rate increases for cyber insurance outpaced that of the broader property/casualty industry, but the increase in cyber losses outstripped the rate hikes, which suggests more trouble for 2021 as ransom demands continue to grow,” said Sridhar Manyem, director, industry research and analytics.

Of special note, defense and cost containment (DCC) expenses are rising and “could become a significant issue because of potentially significant costs to defend claims as a result of either ambiguous coverage language or regulatory investigations that may involve defense costs,” the report adds.

According to the report, the challenges the cyber insurance market are facing include:

  • Rapid growth in exposure without adequate underwriting controls;
  • The growing sophistication of cyber criminals that have exploited malware and cyber vulnerabilities faster than companies that may have been late in protecting themselves; and
  • The far-reaching implications of the cascading effects of cyber risks and the lack of geographic or commercial boundaries.

See related article, “Federal Lawmakers Probe CNA, Cyber Insurance Payouts,” for a loss ratio ranking of the top 10 U.S. cyber insurers.

Direct written premiums for cyber insurance grew 22 percent in 2020, to $2.7 billion, which AM Best attributes to increases in both rates and demand for cyber insurance in the wake of well-known firms such as SolarWinds, Facebook and Capital One becoming victims. The average annual growth rate in premium has been 20 percent the past four years , while the average growth in claims has been 39.2 percent.

“Rapid growth is viewed with a healthy skepticism, as it comes with underwriting and reserving risks,” the authors comment.

Standalone cyber insurance policies, up 28 percent in 2020, have seen a higher rate of growth compared with packaged policies, which the report indicates signal organizations’ escalating concerns about cyber risk. Frequency on standalone policies also has increased faster than for packaged policies the last three years.

Hackers are becoming more sophisticated in their attacks and moving toward larger targets. The report also notes that hackers’ motives also appear to be changing as well, from stealing identities (third-party claims) to shutting down systems for ransom (first-party claims).

Total claims rose 18 percent in 2020 owing strictly to first-party ransomware claims, which were up 35 percent in 2020 and now account for 75 percent of cyber claims.

“The recent Colonial Pipeline hack—for a multi-million dollar ransom—is an example of first-party claims that have become so prevalent,” said Christopher Graham, senior industry analyst, AM Best.

Although AM Best said it views the industry as being well-capitalized, it also warns that individual insurers that venture into cyber risk without a thorough understanding of the market can find themselves in a vulnerable situation.

Noting that the industry has not yet faced a systemic event that challenges traditional underwriting categories of region, industry, size, the authors urge insurers to hire experts to help with mitigation and to take steps to improve their abilities to quantify their exposure and define their risk appetites.

“An insurer whose risk management approach is deficient can find itself subject to accumulation risk beyond its tolerance and could face ratings pressure,” said Fred Eslami, associate director, AM Best.

SourceRansomware and Aggregation Issues Call for New Approaches to Cyber Risk – AM Best

5 Ways Cyber Business Interruptions Differ from Traditional Interruptions


Content taken from Andrew G. Simpson’s May 2021 article in the Insurance Journal and is a reformatted post

While a typical business interruption can often be a confusing insurance situation, the picture gets even muddier when it involves cyber coverage.

According to Chris Mortifoglio, who is a Certified Public Accountant and a Certified Fraud Examiner (CFE), understanding the “nuances and differences” of a cyber insurance business interruption exposure or claim compared to a traditional one is more important now than ever.

“I will tell you that in my experience business interruption is often the most misunderstood part of property coverage. Part of that has to do with the fact that it can be very subjective. If you have 10 accounts looking at the same set of financial data, you’ll oftentimes receive 10 different calculations or estimates of what a business interruption loss might be,” said Mortifoglio, who has been dealing with business interruption exposure assessments and claims for more than a decade as the director of forensic accounting at Procor Solutions and Consulting in New York.

A cyber business interruption risk can be difficult to estimate and manage. To further the understanding of cyber BI, Mortifoglio identified five areas where cyber BI differs from traditional BI: period of measurement; period of restoration; personnel involved; geographic constraints, and reputational risk.

1. PERIOD OF MEASUREMENT

The differences between traditional and cyber business interruption begin with the period of measurement or evaluation of lost business income, a period that typically runs shorter for cyber. The timing of a cyber incident can have a major effect on the amount of a potential loss. “Traditionally, when you have a property loss, you’re usually valuing the disruption for a period of weeks or months or years as it takes time to physically repair the property damage that was occurring,” he said. In a cyber incident, the loss may last for just a few hours or a few days. This much shorter time period requires detailed or as Mortifoglio refers to it “granular” on the impact and the disruption on a company. “This means that in order to properly evaluate cyber business interruption, you need much more granular levels of data, maybe even hourly revenue data, or certainly daily sales data, as opposed to a traditional business structure loss where, in some cases, monthly profit and loss statements are enough to evaluate the impacts of the loss,” he said. The granular data is particularly important, for example, when the business operates 24 hours a day, 7 days a week making online sales. “There may be much more greater impacts, and there may be more of a need to really drill down into the disruptions that happen at different times of the day. What happened at midnight versus what happened at 8:00 am?” he explained. When comparing traditional versus cyber BI coverage, the waiting periods following an event before coverage begins are usually different as well. The waiting period for a cyber policy is often denoted in hours, whereas a traditional policy is typically for at least a few days, although it may be written as 48 hours or 72 hours, as opposed to perhaps a 12 hour waiting period for a cyber business interruption loss.

2. PERIOD OF RESTORATION

Another difference is the period of restoration. Defining the period of restoration is very important because that drives the ultimate value of a cyber business interruption loss. The period of restoration is defined as starting on the date of loss, which is the date of physical damage, and ending on the date “when the repairs should have been completed if the insured had utilized due diligence and dispatch.” That period of time is the period of time that an insurance policy will provide coverage for any loss of business income. But determining when this period starts or ends is not always easy. “When it comes to property losses, there’s usually a very clearly defined start to that business interruption period, known as the date of loss. We can define very easily what that period of indemnity is and what a potential extended period of indemnity is because it all depends on the physical damage,” he said. If a fire, earthquake or hurricane impacts an organization, it’s not hard to define when that physical damage occurred. That is the starting point for the period of restoration. However, when it comes to cyber, “there is much less certainty, not only to when a cyber event has started, but also when a cyber event ended” including when the system was repaired and there no longer is a breach. These dates are critical to figuring out the period of time that’s going to be evaluated for a cyber business interruption loss. Mortifoglio recited some questions that come up when evaluating cyber business interruption: “When did the loss start? How do we know that it started at this point in time? Was there a full disruption for an organization or just partial. For example, was it a specific system that was impacted, an email system or an accounting system that went down? And then when did this loss end?”

3. PERSONNEL INVOLVED

So in addition to requiring more and different types of data, and presenting complexities around the period of restoration, cyber business interruption also typically calls for more personnel to become involved from an organization. Mortifoglio cited a need for personnel from the risk manager and legal counsel to financial, technology and operations officers as well as others to contribute to the assessment. First and foremost is the risk manager, the “quarterback of the insurance recovery process” who is helping to manage the actual claims process once something happens, not to mention being the purchaser of the insurance on the front end. After a loss has happened, somebody from the accounting or finance department — perhaps the CFO or the controller—should be called upon to provide the financial data required to quantify any business interruption loss. In addition, it’s important to have someone from operations to assure that the full impacts of the loss are being documented and also connected to the actual financial calculation. And there’s more. “You now have to bring in more folks from your organization to help really provide the picture in the story of what happened and help to properly and accurately quantify cyber business interruption,” Mortifoglio added. This means calling in folks from the IT team to help to identify the status of the cyber incident and define the period of indemnity and the period of restoration. “That’s going to help narrow down the exact period of time that we need to evaluate from a financial perspective to quantify the loss,” he said. Also, the chief systems or technology officer may be needed to oversee data privacy and records issues that may come up in a cyber incident. The legal department may also deal with privacy issues, general legal ramifications and coverage issues, as well as interface with outside counsel brought in to help deal with a cyber breach. “The addition to these extra personnel can add to the complexity of the process,” the Procor executive said.

4. GEOGRAPHIC CONSTRAINTS

Whereas a traditional business interruption claim may be geographically constrained, the same is not always true for cyber exposure. In a traditional scenario, the property damage is contained to either a single location or region that has been hit by a widespread catastrophe. “Think of a hurricane that hit the state of Florida, and if you’re an organization that has multiple locations there, you may have multiple instances of damage. You may have multiple locations that are being impacted,” he noted. When it comes to a cyber loss, these geographic constraints do not exist and an entire organization could be impacted around the globe at the same time. “If you are an organization with a global presence and you have systems that are connecting all of your physical locations around the globe, then a cyber incident may impact you around the globe without any sort of restraints as far as geographic regions. With traditional business interruption, organizations can mitigate their risk by spreading out their operations geographically to avoid a catastrophe, really hampering the entire organization. When it comes to a cyber loss, those types of geographic constraints no longer apply,” he said. For risk mitigation purposes, Mortifoglio stressed the importance of understanding that if a global organization is running systems used by the entire workforce, all operations around the globe can be impacted immediately. “It can make it more complex because you can’t just look at a single isolated location. You have to look at the interconnectivity of your systems to see if something were to happen to them, what would the operational impacts be on your organization? And that’s what’s going to help you evaluate the potential cyber business interruption,” he said. In short, there are no geographic constraints with cyber business interruption and therefore it is harder to mitigate.

5. REPUTATIONAL RISK

Finally, cyber BI carries with it a reputational risk that traditional property business interruption does not. When there is a traditional BI loss such as a fire at a factory, customers and the general public usually do not to have any sort of reaction. Most of the time, the general public is not even aware of the fire and here is no effect on the company’s reputation. However, if a company is hacked and customer records are stolen, Mortifoglio said this can result in a “breach of trust in the public’s eye” and the reputation of an organization can be significantly harmed, often resulting in extended financial losses. In the case of a data breach, even though the system has been repaired and the breach fixed quickly, customers may be hesitant to return to do business with the organization “until they have absolute confidence that it won’t happen again. It’s hard to determine how long that might go on.” However, the forensic specialist noted, cyber business interruption policies are building in coverage to help recover any losses tied to the transitional risks, in a way that is similar to the extended period of indemnity coverage in traditional property policies. “The thought is that once a cyber incident is repaired and a breach is fixed, there may be lingering impacts due to some reputational risk” and there should be coverage there to help capture those losses, Mortifoglio said.

“The notion of implied meaning is the root of misunderstanding.”

— Eric Parslow

PEO Compass brings insight to your PEO related business through real-time reporting, application of innovative technologies, and expert opinions on the industry’s most turbulent topics.  Learn about the latest trends in healthcare, risk management, workers’ compensation, and many other topics that affect the PEO community. To register and start receiving breaking industry news, legislative updates, small business, risk management, safety, property casualty, and all things relevant to the industry of professional employment organizations (PEO) click on the link below to register for free.


The Risk with Search Engines

It’s no secret that your technology company depends on the capabilities of your computer systems to function. You should be aware that simple actions your employees take could be putting your company’s equipment and networks at risk of cyber-crime, including cyber-attacks, cyber theft and other computer security incidents. The average cost of a single cyber-attack is incalculable—cyber-attacks can directly target finances and ruin a business’ reputation. Your business is at stake, and you should do everything you can to protect yourself.


The Risks of Web Searches

As an employer, you should educate your employees about searching for certain topics on the internet due to the risk of coming across websites encrypted with viruses or malware that could be detrimental to your computer systems. Stress that the potential for cybercrime could affect employees individually as well as the business as a whole. More than 90 percent of companies surveyed by the DOJ incurred either monetary loss, system downtime loss or both because of cybercrime, so take it upon yourself to put search engine guidelines in place.


The Web’s Most Dangerous Search Terms

Common term searches conducted online one can expose your business to the risk of cyber-crime. Encourage employees to avoid following suspicious results in search engines. Any result that promises free products or materials is suspect. The least risky search terms are usually health-related topics and searches about economic news. It is essential to remember that the number of dangerous search terms is ever changing. Hackers want to impact

the highest amount of people with the least amount of effort, so they aim for popular search terms most. Ill-intentioned hackers also adapt quickly to the fast-paced nature of the internet and the public circle, so oftentimes social or celebrity events popular at a given moment climb quickly to the top of the internet’s most dangerous search terms and are a high risk for infecting your company’s computers. According to the DOJ, industries considered a part of critical infrastructure businesses account for a


Simple actions your employees take could put your company’s equipment and networks at risk of cyber-crime, including cyber-attack, cyber theft and other computer security incidents.


disproportionate amount of computer security incidents. If your company is in any of these industries, be especially careful about internet searches to ensure computer safety and protect against potentially devastating loss, both monetary and in down time:

  • Agriculture
  • Chemical and drug manufacturing
  • Computer system design
  • Finance
  • Health care
  • Internet service providers
  • Petroleum mining and manufacturing
  • Publications/broadcasting
  • Real estate
  • Telecommunications
  • Transportation and pipelines

Take Precautions to Protect Your Business


There are examples of companies and organizations around the globe that had to shut down operations to address a large-scale virus or other malware issue. These problems can affect both large and small businesses and can cost hundreds of thousands of dollars to fix. Avoid putting yourself at risk by doing the following:

  • Enact a stricter internet use policy
  • Put more strict website blockers or filters in place
  • Educate employees about the hazards that risky search engine exploration can present

Some of these solutions may cost you in the short run but lowering your risk will ultimately save your company in potential identity fraud, monetary cyber theft or informational cyber theft in the future.

Friday, May 14th, 2021

Happy Friday Everyone!

As the 19th week of 2021 draws to a close, we would like to remind you of a few great posts from this week – in case you missed them!

Paul Hughes provided us with an excellent update on the PEO footprint across the country at this time.  As Economy and Industry both seek to find firm footing in this new (almost) post-pandemic reality, PEOs will continue to emerge as an intelligent and refreshing solution for employers of mobile, diverse and complex workforces.  Enjoy his piece discussing 10-99 Employee Firms and PEOs via the following link.

Angela Slaney reminded us of the ever present threat of cyber exposures in this tech savvy modern age.  Her piece provided us with some great recommendations on how to be proactive in protecting your organization by implementing some of the latest technology in cyber protection.  Check out her post at the following link.

Stay safe, stay health, and be happy this weekend!! 

Insurers Are Waking Up to Multi-Factor Authentication

Please enjoy this excellent article by Steven Kaye which was originally posted on the Carrier Management website. The original post can be found here.

Insurance use cases for multi-factor authentication (MFA) include distributor access, external user access (e.g., claims vendors, financial advisers), internal user access and policyholder access.

Legislation and regulators are increasingly mandating MFA to ensure greater security as well as to reduce identity theft and other forms of fraud. Examples include the New York State cybersecurity regulation and the NAIC Insurance Data Security Model Law. Insurers have traditionally balanced security against expense and inconvenience to their users, especially if their coverages are marketed to older demographics (e.g., final expense policies). Regulatory mandates combined with growing digital adoption and criminals turning their eyes to life and annuities account takeover means the calculus has changed.

Despite these regulatory mandates, 80 percent of insurers say that risk management, rather than regulatory compliance, is driving their adoption of MFA.

There is minimal variation between size and sector of company when it comes to deployment rates, with the exception of large life/annuity/benefits insurers, which are much more likely to use MFA for policyholders than is any other class of insurer. A low deployment rate of MFA for policyholders among smaller property/casualty insurers reflects the fact that few small P/C insurers offer direct policyholder access at all.

Midsize P/C insurers lag behind other sizes and sectors in deployment of MFA for both distributors and policyholders but are ahead of large life/annuity/benefits insurers in deployment for other external parties. Midsize P/C insurers are also ahead of midsize life/annuity/benefits insurers in deployment internally.

How MFA Helps

As many knowledge workers moved from the office to home during the pandemic, securing infrastructure became another key driver. Hybrid work models that blend office and home working environments are gaining traction, and the need for MFA becomes more crucial to validate that users are actually employees.

In addition to security needs, carriers are obtaining policyholder emails and cellphone numbers as part of the MFA process. These bits of data, which are often difficult to obtain, can provide insurers with the opportunity to digitally connect with customers in their preferred channel.

There is no mandated number of identification methods for MFA, but the consensus is to have two at a minimum. Insurers are starting to use multi-factor or its equivalent for any interaction where an external network is accessing information behind a firewall. Some are taking this a step further to include role-based authentication for internal access as well.

The best defense is a layered approach, combining multiple authentication methods with secure and documented business processes and other security solutions. Some insurers are offering security audit services to agents they work with, while others are working with their distribution executives to change distribution agreements to mandate MFA and other security measures.

Insurers should ensure that MFA processes are documented and that solutions generate auditable logs. Some wholesale brokers require attestations from insurers they work with.Some insurers are offering security audit services to agents they work with, while others are working with their distribution executives to change distribution agreements to mandate MFA and other security measures.

For consumer-facing use cases, depending on the age of policyholders, insurers may wish to opt for MFA methods that are more straightforward (e.g., less complex knowledge-based authentication, voice print). Final expense and Medicare supplement are two lines of business where voice signatures are well established. Many solutions support establishing different access policies based on risk assessment, such as requiring MFA for new devices, or conversely accepting password-free authentication for low-risk access requests.

Types of Authentication

MFA relies on several of the following authentication methods:

  • Physical objects (e.g., laptops, mobile devices, security tokens) in possession of users.
  • Knowledge-based authentication (e.g., answers to questions, passwords or PIN codes, randomly generated authentication codes from authenticator apps).
  • Location (e.g., GPS or IP address).
  • User characteristics (behavioral or biometrics-based).

Some authentication methods are more secure than others. For example, sending codes or passwords via email or SMS runs the risk of interception by man-in-the-middle attacks. With many employees working from home, phishing and other identity theft methods are on the rise. Several solutions support adaptive authentication, with less risky access requests requiring fewer authentication methods than riskier ones, as determined by system-generated risk scoring and predefined security policies.20 percent of CIOs surveyed by Novarica said they are planning to require MFA for distributors and policyholders within six months, adding to 30 percent that already do so.

Novarica recently conducted a survey of insurer CIOs to understand their deployment of MFA, including business drivers, authentication methods and use cases. It is important to keep in mind that solution providers typically offer a range of authentication methods.

Only 30 percent of participants currently require MFA for distributors or policyholders, but another 20 percent are planning to require MFA within six months. Roughly 80 percent of participants require MFA for most or all internal systems users.

Deploying MFA

The most common authentication methods deployed are mobile authenticator apps, used by 80 percent of participants. More than half of participants use SMS. Email and security keys are used by roughly 40 percent and 33 percent of participants, respectively. Behavioral authentication, voice-based authentication, IP location and knowledge-based authentication are used by fewer than a third of insurers.

Note that only 16 percent of insurers report using just one method; overall, insurers said they use an average of 2.8 different authentication methods.Sending codes or passwords via email or SMS runs the risk of interception by man-in-the-middle attacks.

The security threat landscape continues to grow in number and impact. Although many carriers are not currently considering MFA, regulatory scrutiny and enforcement of IT security will only increase. The ability of most solutions to offer different levels of authentication for different access use cases means there is less of a tradeoff between customer experience and security. Many solution providers offer MFA as part of a broader portfolio of identity and access management and IT security solutions.

Insurers should consider MFA approaches as part of a broader IT security strategy.

CONTRIBUTOR

Steven Kaye, Novarica

Steven Kaye is Vice President of Research at Novarica and lead editor of the firm’s Business and Technology Trends in Insurance series. He has managed a wide range of research projects since joining the firm in 2008. Previously, Kaye worked for Accenture as an insurance researcher focused on the U.S. life and property/casualty markets. He also served in both knowledge management and research roles at Gemini Consulting (now part of Capgemini) for several of the firm’s industry practices. Kaye holds MILS and BA degrees from the University of Michigan at Ann Arbor. Reach him directly at skaye@novarica.com.

Challenges or opportunities for brokers placing cyber risk

Content used to write this post was originally written by NU Property Casualty 360’s Managing Editor, Ms. Heather A. Turner

According to a Guidewire report the numbers for cybercrime in 2020, have almost doubled! In addition to an increase in attacks and breaches are the related budgetary allocations being made by small to mid-sized businesses for cyber insurance over the next 2 years. Ramping up cyber sturdy tools and in an effort to prevent cyber attacks are a necessary play in prevention for the ever evolving cyber market and being fought across the property and casualty landscape.


According to a report published by CyberCube, a data-driven cyber analytics company for the insurance industry, the growing cyber market is creating unique opportunities for brokers to set themselves apart from their competitors. By marrying their existing areas of expertise with their new found and or improved fundamental comprehension of insurable cyber risk and exposure, brokers can show and or remind buyers and prospects alike why they are indispensable.

The following list was created by CyberCube to further explore examples of challenges and opportunities brokers face in the cyber market today.

Click here to read the detail following Opportunities 1-4 written by Heather A. Turner, of NU Property Casualty 360. You must register for free account.

  • Opportunity No. 1: Brokers are trusted advisors
  • Opportunity No. 2: Brokers can add value by mapping exposure to coverages and policy terms.
  • Opportunity No. 3: Getting a “yes” from insurers.
  • Opportunity No.4: Standalone cyber is just one aspect of a well rounded insurance program.