As Cybercriminals Act More Like Businesses, Insurers Must Think More Like Criminals

As Cybercriminals Act More Like Businesses, Insurers Must Think More Like Criminals

Cybersecurity is no longer an emerging risk but a clear and present one for organizations of all sizes, panelists on a panel at Triple-I’s Joint Industry Forum (JIF) said. This is due in large part to the fact that cybercriminals are increasingly thinking and behaving like businesspeople.

“We’ve seen a large increase in ransomware attacks for the sensible economic reason that they are lucrative,” said Milliman managing director Chris Beck. Cybercriminals also are becoming more sophisticated, adapting their techniques to every move insurers, insureds, and regulators make in response to the latest attack trends. “Because this is a lucrative area for cyber bad actors to be in, specialization is happening. The people behind these attacks are becoming better at their jobs.”

As a result, the challenges facing insurers and the customers are increasing and becoming more complex and costly. Cyber insurance purchase rates reflect the growing awareness of this risk, with one global insurance broker finding that the percentage of its clients who purchased this coverage rose from 26 percent in 2016 to 47 percent in 2020, the U.S. Government Accountability Office (GAO) stated in a May 2021 report.

Panel moderator Dale Porfilio, Triple-I’s chief insurance officer, asked whether cyber is even an insurable risk for the private market. Panelist Paul Miskovich, global business leader for the Pango Group, said cyber insurance has been profitable almost every year for most insurers. Most cyber risk has been managed through more controls in underwriting, changes in cybersecurity tools, and modifications in IT maintenance for employees, he said.

By 2026, projections indicate insurers will be writing $28 billion annually in gross written premium for cyber insurance, according to Miskovich. He said he believes all the pieces are in place for insurers to adapt to the challenges presented by cyber and that part of the industry’s evolution will rely on recruiting new talent.

“I think the first step is bringing more young people into the industry who are more facile with technology,” he said. “Where insurance companies can’t move fast enough, we need partnerships with managing general agents, with technology and data analytics, who are going to bring in data and new information.”

“Reinsurers are in the game,” said Catherine Mulligan, Aon’s global head of cyber, stressing that reinsurers have been doing a lot of work to advance their understanding of cyber issues. “The attack vectors have largely remained unchanged over the last few years, and that’s good news because underwriters can pay more attention to those particular exposures and can close that gap in cybersecurity.”

Mulligan said reinsurers are committed to the cyber insurance space and believe it is insurable. “Let’s just keep refining our understanding of the risk,” she said.

When thinking about the future, Milliman’s Beck stressed the importance of understanding the business-driven logic of the cybercriminals.

If, for example, “insurance contracts will not pay if the insured pays the ransom, the logic for the bad actor is, ‘I need to come up with a ransom schema that I’m still making money’,” but the insured can still pay without using the insurance contract.

This could lead to a scenario in which the ransom demands become smaller, but the frequency of attacks increases. Under such circumstances, insurers might have to respond to demand for a new kind of product.

Originally posted on Insurance Information Institute

Cyber Security: Think Before You Click

Cyber Security: Think Before You Click

If you are concerned about your cyber security – and you should be – it’s essential to know the biggest threats to you right now.  So, what is cyber security anyway?  And how can you protect yourself?

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Global cyber threat continues to increase at a rapid pace.  Most, but not all, cybercrime is committed by hackers who want to make money.  As the result of the COVID-19 pandemic, Cybercrime, which includes everything from embezzlement to data hacking and destruction, is up 600%.

Types of Cyber Threats:

Malware, short for “malicious software”, refers to any intrusive software developed by cybercriminals or hackers to steal data and damage computers and computer systems.  Malware is often activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software.  There are several types of malware:

  • Virus: A self-replicating program that attaches itself to clean files and spreads throughout a computer system, infecting files with malicious code.
  • Trojans: A type of malware that conceals its true content to fool a user into thinking it’s a harmless file. Cybercriminals trick users into uploading Trojans onto their computer where they can collect data or cause damage.
  • Worms: Malicious software that spreads copies of itself from computer to computer within a network. Worms exploit vulnerabilities in your security software to steal sensitive information and corrupt files. A worm is different from a virus, however, because a worm can operate on its own while a virus needs a host computer.
  • Spyware: A program that secretly records what a user does, so that cybercriminals can make use of this information. Spyware is often used to steal personal or financial information.
  • Ransomware: Malicious software which locks down a user’s files and data with the threat of erasing it unless a ransom is paid.
  • Adware: Unwanted software that displays advertisements on your screen. Adware collects personal information from you to serve you with personalized ads. While adware is not always dangerous, it can redirect your browser to unsafe sites and can even contain Trojans and spyware.
  • Rootkits: Malicious software that is extremely difficult to spot and also very hard to remove. A rootkit allows someone to maintain control over a computer without the computer owner knowing about it.  Once a rootkit has been installed, nothing on your computer is secure.

Where does malware come from?

The most common sources of malware are malicious websites, email attachments, and shared networks.

  • Phishing: E-mails that appear to be from a legitimate company asking for sensitive information. Phishing attacks are often used to trick people into handing over personal information or credit card data.
  • Shared Networks: A malware infected computer on your shared network can spread malware onto all devices on the network.
  • Malicious Websites: Some websites may install malware onto your computer – usually through advertisements on popular sites (malvertising) or malicious links.

How to Prevent Malware – 7 Things You Should Start Doing Now:

  1. Install Anti-virus Software: Anti-virus software will scan your computer to detect and clean the malware and provide enhanced protection against newly created viruses.
  2. Regularly Update Software: Keep your software updated to stop attackers gaining access to your computer through vulnerabilities in outdated systems.
  3. Install a Firewall: A firewall blocks all unauthorized access to or from a private computer network.
  4. Use Secure Authentication Methods: Use strong passwords with at least 8 characters, including an uppercase letter, a lowercase letter, and a number or symbol. You should also enable multi-factor authentication, such as a security question in addition to a password.
  5. Don’t Open Emails From Unknown Sources: Hackers often send emails with links that are sure to send malware your way and hack into your important information. It is better to delete the email than to suffer the consequences of opening it.
  6. Avoid Using Unsecure WiFi Networks in Public Places: On an unsecure network, a cybercriminal can intercept communication between two individuals to steal data.
  7. Maintain Regular Backups of Your Data: Backups do not secure your network from attacks but they help when you face a malware attack.

Jeh Johnson, former U.S. Secretary of Homeland Security, stated “Cyberattacks of all manner and from multiple sources are going to get worse before they get better.  In this realm and at this moment, those on offense have the upper hand.  Whether it’s cyber-criminals, hacktivists, or nation-state actors, those on offense are ingenious, tenacious, agile, and getting better all the time.  Those on defense struggle to keep up.”

It is imperative that you protect yourself and your family from cybercriminals.  With technology increasing, criminals don’t have to rob stores or banks, nor do they have to be outside to commit a crime – they have everything they need on their lap.  Their weapons are no longer guns, they attack with a computer mouse and passwords.

Spam and Phishing

Spam and Phishing

Malicious Email

A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency or any other service or business.

It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is another urgent matter to address.

If you are unsure whether an email request is legitimate, try to verify it with these steps:

  • Contact the company directly – using information provided on an account statement, on the company’s official website or on the back of a credit card.
  • Search for the company online – but not with information provided in the email.


Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Here are ways to reduce spam:

  • Enable filters on your email programs: Most internet service providers (ISPs) and email providers offer spam filters; however, depending on the level you set, you may end up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.
  • Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox.
  • Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information. 


Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.

Spear Phishing

Spear phishing involves highly specialized attacks against specific targets or small groups of targets to collect information or gain access to systems. For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.

The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.

Spam & Phishing on Social Networks

Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts. Here are ways to report spam and phishing on major social networks:

Tips for Avoiding Being a Victim

  • Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Before sending or entering sensitive information online, check the security of the website.
  • Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Check out the Anti-Phishing Working Group (APWG) to learn about known phishing attacks and/or report phishing.
  • Keep a clean machine. Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.

What to Do if You Are a Victim

  • Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
  • Watch for any unauthorized charges to your account.
  • Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the Internet Crime Complaint Center.

Protect Yourself With These STOP. THINK. CONNECT.™ Tips

  • When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or – if appropriate – mark it as junk.
  • Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.
  • Make your passphrase a sentence: A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
  • Unique account, unique passphrase: Having separate passphrases for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passphrases.
  • Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passphrases are not enough to protect key accounts like email, banking and social media.

Additional Resources

Originally posted on Stay Safe Online

Workplace Cybersecurity Begins with Employees

Workplace Cybersecurity Begins with Employees

I’ve looked at clouds from both sides now
From up and down and still somehow
It’s cloud illusions I recall
I really don’t know clouds at all

— Joni Mitchell, “Both Sides, Now”
And like that song from 1969, it appears that most employees really don’t know cloud computing at all. In an article on the Society for Human Resource Management’s website titled, “Public Enemy No. 1 for Employers? Careless Cloud Users, Study Says,” a North American IT solutions and managed services provider called Softchoice found that 1 in 3 users of cloud-based apps (e.g., Google Docs and Dropbox) download the app without letting their IT department know. Cloud computing became popular a few years ago because people could store all their documents, photos, and other information and then access that data from anywhere at any time and on any device.
What makes this such a bad situation is not the cloud computing itself, but that the vast majority of employees lack any sense of cybersecurity. That same study found that 1 in 5 employees:

  • Keep their passwords in plain sight (e.g., on Post-it Notes on their desks).
  • Have accessed work files from a device that was not password-protected.
  • Have lost devices that weren’t password-protected.

Complicating this further is that the employees who actually do use passwords usually have weak passwords. That is, they are easy to guess (e.g., “1234,” “password,” or their username). Rather than leave a company and its network vulnerable to attack, some IT people suggest a ban on cloud accounts for work.
Security breaches involving a company’s intellectual property can be very costly. Sometimes referred to as “ransomware,” the important data of an organization will either be stolen or encrypted and will not be released until a fee is paid.
A better solution to a ban on cloud accounts would be to educate employees on the necessity for cyber security, train them to improve their online security habits, and remind them that IT rules are in place to make a company more secure, not make it more difficult for employees to be productive. Cyber thieves are clever and when they can’t break into a system using technology, they often rely on the flaws of human nature.
As we become more and more connected to the Internet, we leave ourselves and the companies where we work more accessible to cyber threats. It’s imperative that employees keep everything locked down.

By Tara Marshall, Originally Published By United Benefit Advisors