☰ Navigation

1-888-643-2217 Email ABEX
Keeping you updated

Archives

Unlimited Reinstatements under Cyber Coverage

Posted on by

With cyber attacks rising in number, how can businesses protect themselves against the risk of suffering multiple incidents in a single policy period? Discover the value of a new limit for every unrelated claim.

Today’s stark reality is that cyber attacks are growing in both number and impact, increasing the risk of businesses falling victim to multiple attacks in a single year. In this environment, only having access to a single aggregate limit can leave businesses exposed, with a single incident entirely capable of using the full policy limit. To give businesses reliable protection and peace of mind, they need cover for multiple events in the same policy period.

Many cyber insurance policies fall short in this way but at CFC they built unlimited reinstatements into the core of their insurance product. If a first cyber event wipes out the original policy limit, to ensure a second cyber event is covered they reinstate the limit—helping businesses remain resilient to whatever’s round the corner.

What are unlimited reinstatements?
The majority of cyber insurance providers work with an aggregate limit. Each claim erodes this limit, until the point where no money is left to protect the business—despite them still being a policyholder. If cyber attacks were simple and inexpensive to manage, this wouldn’t be so much of an issue. However, this is far from the case. Increasingly disruptive attack techniques mean that often a single event can max out a policy limit, especially when you take into account the cost of forensics, business interruption loss, remediation costs legal expenses and so on.

It’s easy to see how this can be a significant benefit. Say one month a ransomware attack hits, taking up the full $1 million limit agreed in the policy—no exaggeration considering the average length of downtime after a ransomware attack is 24 days. When three months later the business is disrupted by a second, unrelated fund transfer fraud incident, the policyholder is given a fresh $1 million limit to cover the costs of this new attack.

Business benefits: Multiple limits for the price of one
With a CFC cyber policy, if an initial cyber claim exhausts the full policy limit and the business then needs to make a second, unrelated claim, they’ll receive a new reinstated limit,  allowing for multiple limits, at the cost single premium payment. Not only does this represent better value for money, but it offers vital, long-term protection throughout the lifespan of the policy. Ensuring the business can operate with peace of mind, even after suffering a cyber attack, knowing that their cyber policy will respond to its full capacity if another, unrelated cyber attack hits.

Unlimited reinstatements in action
A manufacturing firm suffered two cyber incidents in as many months, starting with a ransomware attack. The threat actor exploited a VPN vulnerability, deploying ransomware and leaving an extortion note demanding $750,000. After the firm notified CFC, their in-house cyber claims and cyber security team determined the ransom did not need to be paid, and instead helped rebuild impacted systems. In total, the financial losses—including loss of income from downtime, forensic investigation and legal counsel—came to just over $1 million. Luckily the entire cost was covered by the firm’s policy with CFC.

Unfortunately, the firm then fell victim to funds transfer fraud. Acting on a fraudulent email, an employee directed a significant payment to an account owned by the cybercriminal, leaving the firm out of pocket. Since CFC’s cyber policy provided unlimited reinstatements, the firm still had access to the full policy limit, ensuring they were fully reimbursed.

Market-leading cyber cover
With cyber incidents posing a constant threat, unlimited reinstatements for unconnected claims in the policy period is a vital tool for businesses everywhere.

At CFC they also don’t impose any warranties or conditions specifying security controls or callback provisions for businesses at the time of an incident. This allows them to focus on what matters, getting a business back online.

To see unlimited reinstatements in action, check out this full case study.

Source: www.cfc.com

Cyber Lessons from the Ashley Madison Affair

Posted on by

A new Netflix series has revived one of the most controversial cyber attacks in history, serving as a stark reminder of the data privacy issues faced by consumer technology companies—the Ashley Madison data breach.

It’s hard to convince people to hand over their personal data without assurances it will be kept safe; something the founders of infamous dating website Ashely Madison were well aware of.

A website for infidelity and married dating, Ashley Madison promised anonymity and privacy for its millions of users, billing itself as ‘100% discreet’. To access its services users handed over personal information including their names and email addresses, their privacy concerns no doubt eased by the dating website’s message of discretion and security. Except in the world of cyber, every business is at risk—particularly those that hold extremely sensitive, personal information.

In 2015 the worst happened; hackers under the name Impact Team infiltrated Ashley Madison’s systems and threatened to release details of its entire user base to the public. In what can be described as a moral attack, Impact Team demanded the owners of Ashley Madison and its companion site to take both websites offline. The owners refused to comply, and the hackers made good on their threat by publishing the stolen data online.

Navigating the fallout: An alarm call for all tech companies
Almost a decade on, the impact of this data breach is more relevant than ever. As portrayed in the popular Netflix docuseries, the hack disrupted the lives of many of its victims, leading to resignations, divorces and, tragically, suicides.

While names and email addresses are not typically classified as highly sensitive, the nature of the website in question placed greater weight behind the need for privacy. Even users who took precautionary measures when signing up to Ashley Madison, such as using fake names and phone numbers, found themselves exposed as Impact Team published credit card details—with other users able to be identified through data such as their height, weight or personal preferences on the site.

It didn’t take long for cybercriminals belonging to other threat groups to take advantage. Sextortion refers to a highly personalized extortion scam, where the threat actor emails individuals their data from a data breach and claims to possess personal videos or photos which they will distribute unless a ransom is paid. The Ashley Madison breach was the perfect breeding ground for this type of attack, with many of its victims being targeted even 5 years after the breach—not only resulting in the stress of managing a ransom demand, but resurfacing the scandal as a whole.

This entire episode raises critical questions for all types of business—not least tech companies storing user data. Do you manage, store and use data? Are you following the privacy laws? Can you do more to keep data safe?

Cyber security: Why it should be top of the agenda
Unfortunately where user data is concerned it’s easy to run into trouble. Earlier this year company review site Glassdoor was found to have attached real names to profiles without the user’s consent. Again, names are not considered sensitive data. But the context of the website makes this data more sensitive, as users may fear retaliation from an employer should they be identified. While Glassdoor claimed that users can choose to remain anonymous, since the website now requires and stores the names of all users, a data breach could see them being linked to their reviews.

This data risk is everywhere. Grindr, a dating website for the gay, bi, trans and queer community, allows the option for users to share their HIV status with other users. While this is a fundamental step in creating a safe community, it’s not information the that user would necessarily share beyond that context. Grindr are currently facing litigation from hundreds of users alleging the company shared their private information, including their HIV status, with third parties without consent.

Like Ashley Madison, all platform and tech providers that hold personal or sensitive information on clients come with significant cyber risk. These companies need to be incredibly mindful of how they collect, store and use information, following data privacy laws and giving customers confidence that data privacy is a priority.

Mitigating cyber risk: Steps for today’s tech companies
Who can say how many companies that store data know how to protect that data. What’s certain is that cybercriminals are becoming increasingly cunning in their tactics, able to steal vast volumes of data at rapid speed and at big consequences. Ashley Madison faced no financial ransom given the moral motive, yet the majority of data breaches do culminate in a hefty demand. This alone can be a huge burden for any business working alone to bear, and when you consider the additional costs that come with a cyber incident—remediation and recovery, restoring data, legal fees, reputational harm, business interruption and so on—it’s no surprise that for some businesses there’s no coming back.

Data breaches are of course just one type of cyber incident. High-profile cases like the Ashley Madison hack demonstrate this risk, however it’s vital that businesses understand the full picture of cyber risk—with ransomware, social engineering and theft of funds attacks growing in frequency and severity—and take steps to protect themselves and their customers.

That’s why comprehensive cyber cover is a vital part of risk management for all technology companies. If you’re responsible for large amounts of data, including third-party data, cyber insurance can offer robust network and privacy liability protection, also providing cover for a wide variety of cybercrime events. More than that, the best policies also come with cyber security and incident response services that can stop cyber incidents from happening in the first place.

Source: www.cfcunderwriting.com

Why Demand is on the Rise for IP Insurance

Posted on by

Intellectual property (IP) assets are now a cornerstone of the business world, making IP insurance more important than ever before. From the current state of the IP market to how IP insurance as a product is evolving, here are five top reasons behind the surge in demand.

The value of intangible assets increased by 8% in 2023 to $61.9 trillion, as inventors and creators worldwide seek exclusive rights to reap the benefits of their works. But there are two sides to this story. While intellectual property (IP) is playing an increasing role in the business world, businesses are becoming more vulnerable to new and evolving risks.

Step forwards IP insurance. Now seen as a vital part of risk management, many are turning to IP insurance for the protection—and confidence—to navigate this ever-changing landscape. Read on for five top reasons why the time is now for IP insurance.

  1. IP assets are vital to modern businessBe it patents, trademarks, copyrights or trade secrets, IP is now a significant asset for many businesses. Start-ups and SMEs in particular use IP as a foothold to gain market share and stave off competition, leading to heavy investment in both developing and protecting IP assets.

    As the value of these assets continues to grow, so do the risks. From infringement claims to challenges of ownership, businesses need confidence that their ideas will be protected effectively and fairly. Just as you wouldn’t leave physical assets with high value uninsured, intangible assets need protection too.

  2. IP disputes are everywhereMarkets are becoming more competitive and global, driving the number of IP disputes. Today, businesses can face all sorts of challenges from patent trolls and aggressive competitors to complex legal landscapes, raising the possibility of litigation action—both for businesses defending their IP and those facing an infringement claim.

    IP insurance provides a financial safety net in the event of a dispute. By covering legal expenses and potential damages, businesses can help mitigate the risks of costly litigation, empowering them to operate with confidence.

  3. Awareness for IP risks is growingConsidering IP’s growing role as a business asset and the IP disputes making headlines, it’s no surprise businesses and investors are becoming more aware of the risks associated with IP—including the financial implications of infringement claims and lawsuits.

    Nobody wants to think about making or facing a claim. But businesses simply can’t afford to leave their IP unprotected. This need is driving demand for insurance products that specifically address risks and provide protection against unforeseen legal expenses.

  4. IP markets are expandingIn this globalized world of multinational corporations, there’s a growing need to manage and protect IP assets in multiple jurisdictions, each potentially with its own set of rules and ways of doing things.

    This creates a more complex and costly endeavor compared to portfolios relating to a single legal system, raising the need for specialist support. As such, demand is growing for insurance products that cover different regions and legal systems.

  5. Insurance is evolving to keep paceThe IP landscape is changing fast, surfacing new risks for businesses everywhere. It’s vital that IP insurance matches this pace of change, by evolving to offer the broader cover that businesses need.

    CFC has designed a comprehensive IP insurance product that covers defense (incoming claims) and pursuit (outgoing claims). It features IP right protection coverages including invalidation, opposition and title rights, and ensures businesses have full protection right to the end by covering loss of IP rights and loss of future profits.

There’s never been a better time for IP insurance

The rise of IP insurance is not down to one factor alone. It’s more a response to converging trends, designed ultimately to empower businesses to protect their intangible assets the same way they do their physical ones. Only with comprehensive protection from a proactive insurance provider can businesses get the peace of mind to continue investing in IP creation, to not just survive but thrive in this ever-changing world.

Source: www.cfcunderwriting.com

Debunking Management Liability Insurance Myths

Posted on by

Management liability insurance is built to benefit all businesses, yet common myths can make them turn a blind eye. Here are the top five myths, debunked by CFC experts.

“I don’t need management liability insurance because…”

Every time we come across this statement, we find it’s more the result of misinformation around management liability (ML) insurance as a product, rather than a genuine lack of need.

That’s because ML is designed to close a key protection gap for today’s modern businesses: protecting the management of the company, employees and sometimes the entity itself from any allegation for potential wrongdoing which needs to be investigated or defended. As a modular insurance product, it covers directors and officers liability (D&O) including full entity cover, employment practices liability (EPL), fiduciary liability and crime, and also includes CFC’s innovative new executive coverages tailored specifically for senior executive officers including executive reputation protection, executive cyber and executive kidnap and ransom.

To help you convey the full value of ML, CFC asked their experts to state their top myths and reveal how you can respond to them effectively.

1. ‘We’re not big enough…’
Company size is no indication of whether a business will experience an ML claim or not. All it takes is for an allegation of wrongdoing to be made against any director or officer in the course of their management duties, which may need to be investigated or defended—even if the case doesn’t reach court.

Investigating and defending allegation can not only be costly, but the director or officer in question may need to foot the bill themselves if the company is unable or unwilling to assist, or if D&O cover is not in place to protect them.

2. ‘We outsource our HR…’
Some companies choose to outsource their HR departments to a third party, at a lower cost than building a department in house. However, while the third party can establish policies, support recruitment, help with employee relations and so on, it cannot absolve the company from liability for employment-related issues.

In fact, as the third party is not fully immersed in the company’s culture, they are unlikely to recognize issues as they develop. And when the problem is eventually found, it may be too late to resolve. Here, EPL insurance is key in giving support in what could amount to very significant defense and potential settlement costs.

3. ‘We’re a family-run business…’
It’s tempting to think that as a family-run business, there is little chance of any allegations of wrongdoing being made against anyone. However, CFC’s claims data shows this is not the case. In fact, some of their most contentious claims stem from family-run businesses, be it a husband and wife-led business or one that has been passed down through the generations.

It’s possible for family members to pull in different directions, and since the claims that result are often emotive, they can take more time than usual to resolve—and as a result, cost more money. Therefore it’s vital to get the right cover in place, giving the business confidence of financial stability if this type of event does arise.

4. ‘We’re a private company…’
A common belief is that if a business is private, then its liability is limited. However, this applies more to shareholders, who are protected to the extent of their investments, than directors and officers whose liability remains unlimited.

If the company is experiencing an allegation of wrongdoing, does not have D&O insurance in place, and is unable or unwilling to protect them, the directors and officers will have no choice but to support their own defense.

5. ‘It’s too expensive…’
The majority of small to mid-market companies do not require a bespoke product. ML insurance can be fairly standardized, therefore coming at an inexpensive price.

If a company is publicly traded operating in multiple territories, then it stands to reason that its D&O requirements will be more bespoke, influencing the price of the product the company needs. Using the CFC Connect platform, you can now get a bindable ML quote with just a website, revenues and headcount.

Getting started with management liability insurance
Today’s directors and officers are under more scrutiny than ever, as the companies they work for face an increasingly complex landscape of risk. Taking out ML insurance is the best way of transferring away risk, empowering individuals and entities to focus on what matters: their business.

Source: www.cfcunderwriting.com

Five Reasons to Buy Cyber

Posted on by

Making the case for cyber insurance can be tough even if it’s clear that nearly all companies would benefit from it. So to help your conversations, CFC has put together the top five reasons to buy cyber.

Here are the top five reasons every business should have a cyber insurance policy.

Cyber security and incident response services come free
Cyber insurance doesn’t just cover financial loss when an incident occurs. A good policy offers proactive protection to stop attacks from happening in the first place, and reactive support to respond efficiently and effectively when they do occur.

From the moment a CFC cyber policy is bound, their global team of cyber experts works around the clock to detect and alert customers to cyber threats targeting their business. If they discover a cyber security issue, their team notifies the impacted business through their app, Response, and takes steps to remediate the threat before it escalates.

The value these services offer to small businesses in particular might just be the greatest benefit a cyber policy can provide.

Cybercrime is growing rapidly
Our increasing reliance on technology and the internet is exposing any business that uses a computer to a world cybercriminals—who work around the clock to identify vulnerabilities and launch attacks. You’ve likely heard of ransomware, but social engineering scams are also on the rise, leading to significant losses for companies of all types.

At the forefront of protecting against this new wave of crime, cybercrime provides invaluable cover for a wide range of electronic perils, from wire transfer fraud to ransomware.

System downtime is missed by standard business interruption insurance
When computer systems are brought down, a traditional business interruption policy is unlikely to respond. Considering how almost all businesses rely on technology to some extent, this can result in significant financial loss the business has to bear alone.

Cyber insurance can provide cover for loss of income and extra expenses associated with a cyber event, including legal fees, the cost of remediating the incident, the hiring of expert teams, reputational harm and so on.

Your data is not covered
Data is one of today’s most important business assets, often worth many times more than the equipment it’s stored upon. Yet business owners are often unaware that a standard property policy would not respond if data is damaged, lost or destroyed.

Taking out a cyber policy is a great way to get comprehensive cover for data restoration and even re-creation in the event of a loss.

Complying with breach notification laws cost time and money
Breach notification laws are now commonplace across many territories, and require businesses that fail to protect personal data to notify affected individuals or risk hefty fines and penalties. Australia’s Notifiable Data Breaches Act, Canada’s Digital Privacy Act, Europe’s General Data Protection Regulation, and numerous US state laws make it a legal obligation to notify, and there is also a growing trend towards voluntary notification in order to protect your brand and reputation.

Cyber policies can provide cover for the costs associated with providing a breach notice even if it’s not legally required, and can also cover associated regulatory fines and penalties.

Source: www.cfcunderwriting.com

Blog

FOLLOW OUR BLOG

Receive notifications of new posts automatically.

ABEX - AFFILIATED BROKERS EXCHANGE IS ON FACEBOOK.

Like us on Facebook
Connect with us on LinkedIn

CONNECT WITH US ON LINKEDIN