Massive database of leaked records underscores need for Cyber Liability Insurance

The cybersecurity researchers and journalists who discovered it in late January call it the “Mother of All Breaches,” or MOAB – a database of 26 billion leaked records including personal information stolen from such popular platforms as Dropbox, LinkedIn and X (formerly Twitter). That the stunning discovery came on the heels of a cybercrime surge in 2023 only served to underscore the need for organizations to protect themselves with Cyber Liability Insurance. 

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the SecurityDiscovery.com researchers involved in the discovery told Cybernews, the publication whose journalists also worked on the investigation. 

The discovery of the database made another report, Cyberint’s Ransomware Recap 2023, look prescient. In addition to noting a 55.5% increase from the previous year in the number of 2023 ransomware victims, Cyberint predicted, “Ransomware groups will climb to new heights in 2024, targeting supply chain infrastructures while still sticking to ‘old habits’ by applying phishing, leaked credentials, and social engineering techniques.” 

Cyber Liability Insurance, combined with a purposeful risk management program, is your best defense. 

Underwriting preparation, a continuous journey 

While Property Insurance underwriters use robust modeling for hurricanes and windstorms, similar sophistication is largely lacking  when it comes to cybercrime. Predicting the next malicious innovation or identifying the next hacker group remains challenging in what essentially is a perpetual cat-and-mouse game. It is crucial, therefore, to present your organization as a desirable risk to underwriters.  

Here are five strategies to optimize your next renewal:  

1. Acknowledge the dynamic nature of cyber threats. The realm of cybersecurity is a perpetual journey without a fixed destination. Given hacker ingenuity, the advent of AI further amplifies vulnerabilities. The Cyber Liability Insurance renewal cycle is nearly continuous, as new loss-control measures may require six to nine months to implement. 
2. Identify sector-specific protection needs. Different sectors and niche businesses have distinct cybersecurity requirements. Use a cybersecurity service to conduct a comprehensive analysis that will identify key assets and operations requiring protection. 
3. Evaluate your cyber hygiene practices. A risk-vulnerability assessment will identify deficiencies and provide a foundation for making informed decisions. Cybersecurity firms can conduct controlled tests and provide benchmarking reports.  
4. Implement comprehensive cybersecurity measures. Adopt critical risk management plans to address any deficiencies identified during the cyber hygiene review.  
5. Partner with a skilled broker for optimal coverage. Engage with a knowledgeable broker who can advocate on your behalf with leading Cyber Liability Insurance carriers.  

Businesses with strict cybersecurity protocols, a managed cybersecurity service and good loss histories will present favorably to discerning underwriters. 

Elevate your marketability with the right broker  

A broker represents your interests to insurance carriers. When you partner with a savvy and experienced broker, you enhance your marketability to secure favorable pricing, limits and policy terms. A skilled broker with a comprehensive approach will:   

• Conduct an initial risk vulnerability assessment. This important first step establishes your organization as a high-quality risk to underwriters, validates your credibility and strengthens your negotiating position.  
• Guide you through the application process. The application process for Cyber Liability Insurance is more complex than in past years, with separate forms for ransomware coverage. A seasoned broker will guide you through the process at a granular level. When a top executive signs the application, it serves as a policy warranty, attesting to the truthfulness of the information. Organizations should validate answers to avoid potential coverage rescission, as exemplified by the Travelers v. ICS case.  
• Craft a compelling narrative for underwriters. Developing a narrative to provide insurers with a clear risk picture helps manage underwriter expectations and can positively influence rates and coverage terms. An experienced broker plays a pivotal role in enriching the narrative by consistently providing updates about cybersecurity enhancements to your underwriter throughout the policy year.  
• Explain coverage options and critical changes. This once-broad coverage is shrinking, and every option must be thoroughly reviewed for coverage, limits, exclusions, deductibles and coinsurance as insurers redefine terms and conditions to address emerging threats. A proactive broker will alert you to changes such as new war-exclusion definitions and new wire-transfer protocols for triggering phishing coverage. 
• Transform the risk management assessment into an investment tool. Assessment results can facilitate alignment between management and IT. An astute broker will advise on how to budget the tool as an investment in cybersecurity and resource allocation.   

What’s ahead  

Here’s what Alera Group said in our 2024 Property and Casualty Market Outlook about factors influencing the market for Cyber Liability Insurance:  

“Buyers can anticipate greater stability as insurers gain claim experience and can fine-tune their coverage forms, underwriting guidelines and pricing.  

“Pricing will not shock buyers in 2024. Following two years of heavy rate increases, the market has stabilized and, in some cases, softened to the point where accounts without losses could see rates decrease. The pricing of excess limits will be targeted as continued softening of rates in the upper layers is anticipated. 

“Availability will be favorable as new carriers enter the market and current providers expand their offerings. As this line of business matures, new exclusionary language or limitations will be introduced, including: 

• Biometric privacy 
• Widespread events 
• Limitations to end-of-life products 
• Non-fungible token (NFT) exclusions 
• Refinement of war exclusions with an emphasis on eliminating actions by nation-state-sponsored events 
• A requirement that wire transfers be confirmed by connecting with the payor using known-to-be-correct emails or telephone numbers. 

“Capacity is forecast to be broadly available. The combination of new players in the market and increased appetite from existing insurers is expected to increase capacity. Buyers who struggled to purchase limits above $5 million in 2023 will likely find the capacity they need at more competitive rates. 

“The underwriting process will be similar to 2023. As more accounts have gone through multiple renewal cycles, underwriters have gained sufficient familiarity and comfort with their pricing and coverage requirements, foregoing extensive re-evaluations. 

“Underwriting scrutiny will continue. Underwriters will maintain underwriting discipline, including ransomware supplemental applications. There will likely be some loosening of stringent control requirements for smaller risks, given competitive pressures for market share. Usual security protocols will be required — such as multifactor authentication (MFA), endpoint detection and response solutions (EDRs), and SSL certificates — and underwriters will want to scrutinize open ports and end-of-life (EOL) software.” 

Employee education key to thwart phishing attacks 

The escalating sophistication of scams — including mimicking legitimate vendors and inquiring about actual outstanding accounts payable — underscores the necessity for comprehensive employee education. Phishing, a targeted and relatively simple cybercrime, relies on exploiting a single human error, such as clicking on a link or pressing a button, to create a breach that could result in financial losses ranging from thousands to millions of dollars.  

Employee education programs that focus on recognizing potential phishing attacks can help fortify your organization. Train employees on protocols that safeguard wire transfers and control access to company assets. The National Cybersecurity Alliance offers tips for preventing business email compromise. For more in-depth instruction, insurance carriers and cybersecurity firms offer training in protection against phishing, often including simulated phishing exercises. 

Continue strengthening your cyber risk management strategy through ongoing employee education to counter evolving tactics of today’s phishers. Additionally, proactive measures can elevate your application with underwriters, showcasing your commitment to robust cybersecurity practices.  

For a broader look at navigating insurance market conditions, download Alera Group’s 2024 Property and Casualty Market Outlook. The report provides valuable information on factors driving the current P&C market, with analysis categorized by lines of coverage, personal as well as commercial. 

To speak with a local broker who specializes in Cyber Liability Insurance and has access to resources nationwide, contact Alera Group. 

CONTACT AN ALERA GROUP SPECIALIST 

About the author 

Stephen Paulin, CIC  
Cyber Risk Strategist 
Orion Risk Management, an Alera Group Company   

Steve Paulin has more than 35 years of experience enhancing client business profitability through strategic risk management. His expertise focuses on optimizing insurance program financial efficiency to improve overall business performance.  In addition to tenured proficiency in property and casualty coverage lines, Steve has distinguished himself as a cyber risk expert for more than two decades and is highly regarded for his insights and solutions in this rapidly evolving area.  He has authored articles and contributed thought leadership to publications including Business Insurance, National Underwriter, Insurance Journal and Constructor Magazine. 

Contact information:    

• stephen.paulin@aleragroup.com
• Connect with Stephen on LinkedIn