RISQ Consulting

  • Solutions
    • Employee Benefits
    • Employer Services
    • Property & Casualty
    • Individual & Family Insurance
  • Resources
    • Past Webinars
  • Our Story
    • Our History
    • Our Team
    • Careers
  • Events
  • Blog
  • Business HealthIQ™
  • Contact
Get My Business HealthIQ™

Tag: cyber security

War Exclusions and Cyber Coverage

Tuesday, 19 April 2022 by RISQ Consulting
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.

Wars can cause widespread devastation and emotional turmoil among affected communities. These conflicts may also result in significant losses for impacted businesses. Yet, securing adequate insurance coverage for damages stemming from acts of war could prove particularly challenging. In fact, war exclusions are commonly found within commercial insurance policies. Although these exclusions are fact-specific and often vary between policies and insurers, they generally state that damages from “hostile or warlike actions” by a nation-state or its agents won’t receive coverage. Such exclusions were created to help protect insurers against potentially systemic losses that may arise amid attacks by governments, their militaries or associated groups.

Cyber insurance policies are no exception to war exclusions. However, the rise of nation-state cyberattacks and the increased instances of international cyberthreats have posed questions regarding how these exclusions should be interpreted in the realm of digital warfare. Additionally, recent court cases and insurance industry adjustments have both broadened and narrowed the scope of war exclusions, thus further muddying the waters for policyholders.

Considering the continued expansion of digital exposures, the complexities of cyber coverage and the evolving policy language surrounding war exclusions, businesses must think proactively when evaluating their insurance programs for proper protection against cyberwarfare. This article provides more information on war exclusion developments and related cyber insurance implications, as well as best practices businesses can use to better safeguard themselves against nation-state cyberattacks.

Court Case Developments

In recent years, court cases regarding insurance claims filed for damages resulting from the 2017 NotPetya cyber incident have narrowed war exclusions as they pertain to digital warfare. Specifically, a New Jersey trial court’s 2021 ruling in the case of Merck & Co. v. ACE American Insurance Co. determined the insured’s “all-risk” property policy should provide coverage for damages caused by the alleged nation-state incident, highlighting that the policy’s war exclusion failed to include language on digital warfare.

The NotPetya incident involved a series of global ransomware attacks that targeted thousands of systems and hundreds of companies across several countries, costing billions of dollars in damages. The majority of the attacks occurred in Ukraine shortly before the country’s Constitution Day, leading cybersecurity experts to believe the incident was a politically motivated event perpetuated by the Russian government. In addition to Ukraine, affected countries included France, Italy, Poland, Germany, the United Kingdom and the United States.

Merck & Co., a U.S. pharmaceutical company, was among the companies impacted by the incident. The company reported damages to nearly 40,000 of its computers, totaling $1.4 billion in overall losses. Although the company’s $1.75 billion all-risk property insurance policy offered coverage for damages resulting from the destruction or corruption of computer data and software, its claim for the incident was denied. The company’s insurer, ACE American Insurance Co., cited the policy’s war exclusion as justification for denying the claim, categorizing the incident as an act of hostility on behalf of the Russian government.

Following the rejected claim, Merck & Co. filed a lawsuit and took its insurer to court. The court ultimately ruled in favor of the insured, explaining that the policy’s war exclusion wording didn’t specifically address digital warfare, causing the insured to reasonably believe that the exclusion only applied to losses resulting from traditional, physical acts of hostility.

The court also emphasized that, with nation-state cyberattacks on the rise, the insurer should have changed the policy’s language to clearly incorporate digital hostilities within its war exclusion if it wanted to negate such coverage. Because it failed to do so, ACE American Insurance Co. was ordered to pay out the insured’s claim.

Insurance Industry Developments

In response to the previously mentioned court case (and similar rulings), insurers have made various adjustments to protect themselves from facing unanticipated claims and subsequent losses related to cyberwarfare. Primarily, insurers are increasingly apprehensive in selecting policyholders, thus utilizing more extensive application processes and requiring insureds to provide detailed documentation on their cybersecurity practices. Furthermore, insurers are exploring ways to ensure their policy language—namely, the wording within war exclusions—provides clear and consistent guidelines for what is and isn’t covered, particularly in the scope of digital warfare.

Global insurance industry leaders have also adopted initiatives aimed at addressing coverage concerns related to cyberwarfare. For example, global insurance marketplace Lloyd’s Market Association (LMA) recently introduced four new coverage exclusions for insurers to consider. These exclusions, which were designed specifically for standalone cyber insurance policies, contain varying restrictions regarding protection against losses caused by digital warfare—ranging from no coverage whatsoever to limited coverage for incidents that fall below certain thresholds.

Insurers across the globe can adopt these exclusions directly or use them as a reference point for crafting their own specific policy exclusions. These exclusions are intended to help insurers possess greater certainty in determining possible cyberwarfare liabilities and broaden the scope of war exclusions as a whole. Yet, it’s important to note that the LMA’s exclusions may still present clarity issues and misinterpretation concerns regarding the extent of coverage provided amid various incidents.

After all, some industry experts have argued these exclusions’ introduction of ambiguous terms and use of vague guidelines for identifying attack attribution could lead to further coverage confusion. In addition, it’s unclear whether they will create conflicting or overlapping coverage complications when applied within wider insurance programs.

As a result, it’s critical for insurers and insureds to openly communicate about policy definitions and specific coverage capabilities, especially as it pertains to protection against digital warfare. Such communication will help ensure both parties are on the same page, minimizing potential issues when claims arise.

Cybersecurity Best Practices

Apart from fostering open communication with their insurers about coverage for losses stemming from digital warfare, it’s also vital for businesses to take steps to prevent and mitigate these losses. Such steps may also reduce potential insurer apprehensions when it comes to providing adequate coverage for damages caused by cyberwarfare.

Businesses can leverage the following best practices to help avoid and effectively respond to nation-state cyberattacks:

  • Understand specific exposures. Different businesses have varying digital exposures to nation-state cyberthreats. Therefore, it’s best for businesses to assess their specific operations and determine their likelihood of being targeted by foreign attackers. Senior leadership teams and trusted IT professionals should be actively involved in conducting these assessments. From there, businesses should adopt security measures and digital procedures catered to their particular exposures.
  • Have a plan. Cyber incident response plans are essential for businesses across industry lines. These plans establish timely response protocols for remaining operational and mitigating losses amid cyber incidents. Successful incident response plans should outline potential cyberattack scenarios (including those involving foreign attackers) and methods for maintaining key functions during these scenarios, as well as individuals responsible for doing so. These plans should also help determine when to contact external parties (e.g., law enforcement, legal counsel, IT specialists and insurance professionals) for assistance in investigating and resolving cyber incidents. Plans should be properly communicated and routinely reviewed through various activities—such as penetration testing and tabletop exercises—to ensure effectiveness and identify ongoing security gaps. Based on the results from these activities, response plans should be adjusted as needed.
  • Utilize proper security software. A wide range of security software can help businesses better detect and deter nation-state cyberattacks. Essential software to consider includes network monitoring systems, data backup and encryption services, antivirus programs, firewalls, multifactor authentication capabilities, endpoint detection products and patch management tools. Such software should be utilized on all workplace technology and updated regularly.
  • Follow government guidance. Lastly, businesses should ensure their cybersecurity practices align with guidance from applicable government agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA).

Conclusion

In summary, digital warfare has become a growing concern amid expanding nation-station cyberthreats. By understanding how their insurance policies will respond to losses stemming from cyberwarfare and taking action to minimize these losses, businesses can successfully navigate this evolving risk landscape.

For additional insurance guidance and solutions, contact us today.

coveragecyber coveragecyber securityrisk management
Read more
  • Published in Blog
No Comments

Officials Saw More Professional Cybercriminals and Infrastructure Attacks in 2021

Wednesday, 16 February 2022 by RISQ Consulting
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.

Ransomware attacks on critical infrastructure increased in 2021, hitting 14 of the 16 critical infrastructure sectors in the United States, according to a report from cybersecurity authorities in multiple countries.

Ransomware trends and recommendations were laid out in a Joint Cybersecurity Advisory, coauthored by cybersecurity agencies in the United States, United Kingdom and Australia. The report noted that evolving tactics and techniques of cybercriminals demonstrated their growing sophistication and their increased threat to organizations globally.

Officials cited attacks on critical sectors like the defense industrial base, emergency services, food and agriculture, government facilities and information technology.

Authorities recognized ransomware as the biggest cyberthreat facing the United States, with the education sector being one of the top targets. Other targeted sectors included businesses, charities, legal professionals, and public services in the local government and health sectors.

Cybersecurity authorities observed an increasingly professional field of ransomware actors in 2021.

Along with the increased use of ransomware-as-a-service (RaaS), threat actors employed independent services to negotiate payments, assist victims in making payments and arbitrate payment disputes with other cybercriminals. Criminal groups in Europe and Asia have also shared victim information with each other.

According to the report, authorities observed that “some ransomware threat actors offered their victims the services of a 24/7 help center to expedite ransom payment and restoration of encrypted systems or data.”

In the United States, ransomware actors shifted their focus from “big game” organizations to midsize victims halfway through 2021 after they suffered disruptions from cyber authorities. The switch was to reduce scrutiny, officials said.

Most commonly, cybercriminals continued to initiate ransomware attacks via phishing emails, stolen remote desktop protocols (RDP) credentials and exploited software vulnerabilities.

“These infection vectors likely remain popular because of the increased use of remote work and schooling starting in 2020 and continuing through 2021,” the report stated. “This increase expanded the remote attack surface and left network defenders struggling to keep pace with routine software patching.”

Cybercriminals increased their impact through a few methods—such as by targeting the cloud, managed service providers (MSPs) and software supply chain entities—and several groups have begun attacking industrial processes. More attacks against U.S. entities occurred on holidays and weekends.

Criminals also expanded methods to extort money from victims. They would threaten to release stolen information publicly, disrupt victims’ internet access, and/or inform the victims’ partners or shareholders of the incident.

Authorities had several recommendations to reduce the likelihood and impact of ransomware attacks. Organizations should keep all operating systems and software up to date; secure and monitor potentially risky services (e.g., RDP); implement user training programs and phishing exercises; require multifactor authentication (MFA); require strong and unique passwords; protect cloud storage by backing up to multiple locations; and encrypt cloud data.

For more cybersecurity guidance, contact RISQ Consulting today.

 

attackcybercyber securityinsurance
Read more
  • Published in Blog
No Comments

Cyber Risks & Liabilities

Wednesday, 27 October 2021 by RISQ Consulting
This article is from RISQ Consulting’s Zywave client portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.

Research Shows Malicious Document Downloads Are Surging Overview

Using malicious software—also called malware—to compromise a victim’s data or technology is one of the most common cyberattack methods. Malware is typically triggered by clicking on the deceptive links or dangerous attachments that often accompany phishing emails. In fact, recent research found that malicious document downloads are currently on the rise.

According to Netskope Threat Lab’s latest report, 40% of malware attacks have been deployed through the medium of harmful email attachments during 2021, representing a 20% rise over last year’s data. Specifically, these email attachments have been disguised as office documents—including Microsoft Office files, PDFs and Google Docs.

This rise in malicious document downloads is likely tied to cybercriminals taking advantage of shifting work arrangements during the ongoing COVID-19 pandemic. After all, the significant increase in remote operations over the past year has led to more employees relying on digital platforms (e.g., email and online messaging) to communicate with their co-workers.

With remote employees using virtual mediums to share important information and files, cybercriminals have been able to trick some of these workers into downloading malicious office documents via deceitful emails. For instance, a cybercriminal may impersonate a victim’s co-worker and email them a harmful file titled “Monthly Financial Report” in order to manipulate them into downloading it.

In light of this trend, it’s critical for employers to take the following steps to protect against malicious document downloads:

  • Educate employees on how to recognize and respond to phishing emails. In particular, workers should always verify the sender’s identity by double-checking their address before interacting with an email and avoid opening any attachments from unknown sources. Further, employees should report any suspicious email activity to the IT department.
  • Implement antivirus programs and endpoint detection and response systems on workplace technology to help minimize malware threats. Update this software regularly.
  • Install email security features (e.g., spam filters) to help prevent malicious messages from landing in employees’ inboxes altogether.

Cybersecurity Considerations for Hybrid Work

COVID-19 pandemic has greatly changed how employees across the country work and live. That is, the past year saw a substantial proportion of the workforce transition to remote operations. Looking ahead, a recent study found that the majority of remote employees (83%) are wanting to continue working from home in some capacity. As a result, nearly half (45%) of employers are planning to implement hybrid work arrangements in the near future. Such arrangements allow for employees to split their time between working remotely and on-site. For example, employees may work in the office every Monday and stay remote for the remainder of the week.

While hybrid work models can offer various benefits to both employers and their workforces, these arrangements also carry unique cybersecurity risks. First, remote work environments often provide less secure network settings than on-site setups, leaving employees more vulnerable to cloud-based cyberattacks. In fact, such attacks have skyrocketed by over 600% since the pandemic began.

What’s worse, by alternating between remote and on-site networks, employees could potentially expose a greater proportion of workplace technology and assets amid a cyber incident. In other words, if an employee unknowingly has their laptop hacked by cybercriminals while working remotely and connects that device to an on-site network a few days later while working in the office, all workplace technology is then at risk of being compromised by the hackers.

If you are considering a hybrid work model within your organization, consider these best practices to help minimize cybersecurity exposures:

  • Utilize a virtual private network (VPN). Having a VPN provides your employees with a private, protected network connection—both remotely and on-site. VPNs offer various cybersecurity features, such as hiding users’ IP addresses, encrypting data transfers and masking users’ locations. If you don’t already have a VPN, this is a crucial step in developing a secure hybrid work model, as it can reduce network vulnerabilities when employees work remotely. If you already have a VPN, be sure it is fully patched.
  • Train employees. Require staff to participate in routine cybersecurity training. This training should help employees stay up to date on the latest cyberthreats, emerging attack methods and top tips for protecting against these concerns. Additionally, this training should address specific risks related to hybrid work arrangements and how to properly mitigate them.
  • Safeguard all devices. Make sure all workplace devices—including those used remotely—are equipped with adequate security software (e.g., antivirus programs, firewalls, endpoint detection and response systems, and patch management products). Ensure this software is updated as needed to maintain its effectiveness.
  • Foster open communication. Lastly, encourage employees to consult the IT department if they encounter any cybersecurity issues or suspect a potential cyberattack.

Educate Employees on This Emerging Phishing Scam

While phishing scams have been a persistent issue for employers of varying sizes and sectors, cybersecurity experts recently confirmed that a new phishing tactic has emerged.

This scam entails cybercriminals impersonating a trusted cybersecurity company and emailing their victims a “secure message.” The email then asks victims to click on a harmful link to view their “secure message.” However, clicking on the link opens a malicious website that attempts to compromise victims’ devices.

So far, this emerging phishing tactic has been detected in over 75,000 employees’ email inboxes across industry lines. The message is typically sent to multiple employees within the same organization, often from different departments. Targeted employees have included both individual contributors and those in leadership positions.

It’s vital for employers like you to educate workers on the latest phishing tactic. Be sure to show employees the key signs of this scam and encourage them to report suspicious messages to the IT department.

Contact us today for additional cybersecurity resources.

cyber securitydataonlinescam
Read more
  • Published in Blog
No Comments

Copyright © 2018. RISQ Consulting all rights reserved.

California License #0G47886

Privacy Policy

TOP