<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Cyber News | Insurance Advocate</title> <atom:link href="https://www.insurance-advocate.com/tag/cyber-news/feed/" rel="self" type="application/rss+xml" /> <link>https://www.insurance-advocate.com</link> <description>Since 1889</description> <lastBuildDate>Mon, 28 Oct 2024 13:13:05 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod> hourly </sy:updatePeriod> <sy:updateFrequency> 1 </sy:updateFrequency> <generator>https://wordpress.org/?v=6.7.2</generator> <item> <title>London-Based Insuramore Measures Insurers by Cyber Insurance Direct Premiums Written</title> <link>https://www.insurance-advocate.com/2024/09/15/london-based-insuramore-measures-insurers-by-cyber-insurance-direct-premiums-written/</link> <dc:creator><![CDATA[Insurance Advocate]]></dc:creator> <pubDate>Sun, 15 Sep 2024 05:30:30 +0000</pubDate> <category><![CDATA[2024]]></category> <category><![CDATA[September 2024]]></category> <category><![CDATA[Cyber News]]></category> <guid isPermaLink="false">https://www.insurance-advocate.com/?p=14937</guid> <description><![CDATA[<p>As an extension of its rankings of insurance providers worldwide, and based in part on guidance from some of the largest underwriters in the sector, Insuramore has updated its global ranking of insurer (carrier) groups as measured by cyber insurance gross direct premiums written (GDPW) in 2023 (see www.insuramore.com/rankings/insurers/premiums-cyber). This analysis indicates that GDPW for cyber insurance can be […]</p> The post <a href="https://www.insurance-advocate.com/2024/09/15/london-based-insuramore-measures-insurers-by-cyber-insurance-direct-premiums-written/">London-Based Insuramore Measures Insurers by Cyber Insurance Direct Premiums Written</a> first appeared on <a href="https://www.insurance-advocate.com">Insurance Advocate</a>.]]></description> <content:encoded><![CDATA[<p class="p1">As an extension of its rankings of insurance providers worldwide, and based in part on guidance from some of the largest underwriters in the sector, <b>Insuramore</b> has updated its global ranking of insurer (carrier) groups as measured by cyber insurance gross direct premiums written (GDPW) in 2023 (see www.insuramore.com/rankings/insurers/premiums-cyber).</p> <p class="p1"> This analysis indicates that GDPW for cyber insurance can be estimated globally at just over USD 15.7 billion in 2023 rising to more than USD 16 billion if captive insurers are also included, and with the US continuing to account for over a half of the total once underwriters operating in Bermuda and at Lloyd’s of London are added to those based in the US itself.</p> <blockquote> <p class="p1"><i>With regard to the competitive structure of the market, it shows that the top 20 groups for this class are likely to have accounted for 64.9% of premiums worldwide and the top 50 for 89.6%, down from a respective 70.3% and 92.3% in 2022. Beazley is likely to have been the global market leader with over USD 1 billion in GDPW and was followed in descending order by Chubb, Munich Re, AXA and Fairfax Financial Holdings.</i></p> </blockquote> <p class="p1">Overall, the research established that close to 300 insurer groups were underwriting cyber risks on a direct basis by the end of 2023. This signifies a mean (average) GDPW per group of USD 53 million but a median of just USD 3.3 million which shows the degree to which there is a very long tail of insurers with small books of cyber insurance activity. Furthermore, Insuramore has also identified over 400 individual MGA, MGU and cover-holder enterprises (a.k.a. underwriting agencies) around the world writing cyber insurance on a delegated underwriting authority basis including several (such as At-Bay, CFC Group and Coalition) making partial use of their own underwriting vehicles.</p> <p class="p1"> Looking ahead, the trend towards fragmentation implied by the preceding comparison of the global market share of the top 20 and top 50 groups in 2022 and 2023 is likely to continue in 2024 as cyber business expands more rapidly outside of the US, where premium rates have tended to decline in recent months. On the other hand, modelling a reliable future trajectory for the value of cyber insurance worldwide remains problematic due to the multiple factors impacting the sector. These include, for example, the global outage incident which occurred on 19th July 2024, the implications of which will become clearer in the coming months.</p>The post <a href="https://www.insurance-advocate.com/2024/09/15/london-based-insuramore-measures-insurers-by-cyber-insurance-direct-premiums-written/">London-Based Insuramore Measures Insurers by Cyber Insurance Direct Premiums Written</a> first appeared on <a href="https://www.insurance-advocate.com">Insurance Advocate</a>.]]></content:encoded> </item> <item> <title>Mitigating Cyber Risks for the Insurance Industry with the Right Security Controls</title> <link>https://www.insurance-advocate.com/2017/05/08/mitigating-cyber-risks-for-the-insurance-industry-with-the-right-security-controls/</link> <dc:creator><![CDATA[Guest Author]]></dc:creator> <pubDate>Mon, 08 May 2017 14:45:03 +0000</pubDate> <category><![CDATA[2017]]></category> <category><![CDATA[May 8]]></category> <category><![CDATA[Past Issues]]></category> <category><![CDATA[Cyber News]]></category> <guid isPermaLink="false">https://www.insurance-advocate.com/?p=7947</guid> <description><![CDATA[<p>By: Chris Moschovitis, CEO, tmg-emedia It is no secret that cyber security risks add complexities that often restrict the process of seamlessly carrying out business transactions. Firms and institutions in the insurance industry need solutions that ensure confidentiality, availability, and integrity of sensitive data to avert significant damages to their business. However, companies should never […]</p> The post <a href="https://www.insurance-advocate.com/2017/05/08/mitigating-cyber-risks-for-the-insurance-industry-with-the-right-security-controls/">Mitigating Cyber Risks for the Insurance Industry with the Right Security Controls</a> first appeared on <a href="https://www.insurance-advocate.com">Insurance Advocate</a>.]]></description> <content:encoded><![CDATA[<p><strong><em>By: Chris Moschovitis, CEO, <a href="http://tmg-emedia.com/">tmg-emedia</a></em> </strong></p> <p>It is no secret that cyber security risks add complexities that often restrict the process of seamlessly carrying out business transactions. Firms and institutions in the insurance industry need solutions that ensure confidentiality, availability, and integrity of sensitive data to avert significant damages to their business. However, companies should never fall into the trap of thinking that a set of solutions today will deliver them safely from the cyber security threats of tomorrow.</p> <p>Unfortunately, many managers are becoming tone-deaf to the constant narrative of “it’s not a matter of if you’ll be hacked–it is a matter of when” and are being seduced by vendors that promise “peace of mind.” These promises are dangerous and expensive fantasies that deliver a false sense of security. That said, business must go on, and we are all responsible for taking pragmatic steps to mitigate cyber security risk. We do this by selecting and applying the right security controls for our businesses.</p> <p>First things first, though: We need to recognize that there is no “one size fits all” solution. Each sector is different and each business is different, even within the same industry. Moreover, each business has a different risk appetite than its peers. The right controls for one business will prove excessive for the next, and not enough for the third. Therefore, the first thing that must be established is the risk appetite of the organization. That is set either by the board, or by the owner.</p> <p>The next thing we need to do is get a grip on business assets. What, exactly, are the things of value we are trying to protect, and what are the threats against them? Is it a matter of protecting intellectual property? Customer data? Classified information? Reputation? Is it a question of physical security? Insider threats? In short, what does your world look like, and where are the threats coming from?</p> <p>It is no accident that the National Institute of Standards and Technology (NIST) framework for improving critical infrastructure cybersecurity leads with “Identify” and not with “Prevent.” There is no “Prevent” in cyber security, and the sooner we get comfortable with that, the sooner we’ll get to the real work of Identifying, Protecting, Detecting, Responding, and Recovering (the five NIST framework functions) from cyber security events.</p> <p>Once you have identified what it is that warrants protection, the real work begins. Accounting for your organization’s risk appetite and armed with your asset valuation and threat assessments, you are now ready to apply the right controls. Remember: Controls “do” things. They are not some abstract notion, they do-the-do! There are four kinds of controls: Preventive, Detective, Corrective, and Compensatory. Now, you’ll argue what’s with the “Preventive” controls when one paragraph ago you claimed there is no “Prevent” in cyber security? You’re right, but remember, controls “do things.” A preventive control, therefore, acts like a barrier to an attack. It hasn’t prevented the attack, but just like the barrier on the street that hopes to stop the runaway truck from hitting the building: it hopes to prevent an aspect of the attack. Think of it as a locked door. Another example of a preventive control is segregation of duties. Your systems administrator shouldn’t know the database password, and the database administrator shouldn’t know the systems password. Security awareness training is another excellent example of a preventive control.</p> <p>Detective controls are easier to understand. They detect. They know the door has been opened (e.g., a motion detector), and they do something about it. Either they close it, or alert someone that the door has been opened. Other examples of detective controls include system monitoring applications, intrusion detection systems, even anti-virus and anti-malware solutions.</p> <p>Corrective controls fix or restore the environment. For example, applying the right security patches and upgrades is a corrective control. Restoring your data from backup is another corrective control.</p> <p>Finally, compensatory controls are those designed to compensate for some of the damage. A disaster recovery site is a compensatory control. Cyber insurance can also be a compensatory control. Even a backup generator, a second set of servers or computers, or the ability to switch over operations at another country, are all compensatory controls.</p> <p>Keep in mind that there are some solutions that span control classes. For example, an anti-virus/anti-malware solution can be a preventative control, a detective control, and a corrective one all at the same time. Exactly like in real life, you get your flu shot each year in hopes to prevent the onset of this year’s flu strain. You hope that armed with the inoculation your body will detect the attack of the flu virus and will take corrective action to keep you healthy. Unless, sadly, the new strain is so different than the previous year’s that you still end up in bed sneezing and wheezing away. Which is where your compensatory chicken soup control kicks in, making life a little less miserable.</p> <p>What is the right blend of controls for your organization? As we discussed, it depends on risk appetite, type of asset, type of threat, regulatory environment, budget, and skill sets. You need to take all of this into consideration in developing your defense-in-depth cyber security strategy.</p> <p>Remember: You have a tremendous advantage over your attacker, or any expert: You know your business better than anyone else, and you know what’s of value that needs protection. So, more than any solution out there, trust yourself and your judgment and apply pragmatic controls for this cyber season. Because next season, you’ll have to do this all over again.</p> <p>_______________________________________________________________________</p> <p><strong><em><a href="https://www.insurance-advocate.com/wp-content/uploads/2017/02/Chris-Moschovitis-photo-e1487189182613.jpg"><img decoding="async" class="wp-image-7274 alignright" src="https://www.insurance-advocate.com/wp-content/uploads/2017/02/Chris-Moschovitis-photo-300x300.jpg" alt="" width="144" height="144"></a>Chris </em>Moschovitis</strong><em> is co-author of the critically acclaimed “</em>History of the Internet: 1843 to the Present<em>” as well as a contributor to the “</em>Encyclopedia of Computers and Computer History<em>” and the “</em>Encyclopedia of New Media<em>.” He is cyber security and governance certified (CSX, CISM, and CGEIT), and an active member of ISACA, ISSA, and IEEE. Chris, in addition to his duties as CEO of </em>tmg-emedia<em>, personally leads the cyber security and consulting teams and delivers cyber security awareness training and consulting. He is an active speaker and writer, and delivers workshops on a variety of topics, including Cyber Security, Information Technology Strategy, Governance, and Execution. Chris is working on his latest book “</em>How I Stopped Worrying and Learned to Love the Hackers<em>,” to be published in early 2017. He can be reached at </em><a href="mailto:Chris.Moschovitis@tmg-emedia.com"><em>Chris.Moschovitis@tmg-emedia.com</em></a></p> <p><em>For additional information, contact Jeffrey Sussman, 212-421-4475</em>, <a href="mailto:marketingpro@aol.com"><em>marketingpro@aol.com</em></a><em> , </em><a href="http://www.powerpublicity.com"><em>www.powerpublicity.com</em></a></p> <p> </p> <p><span style="border-radius: 2px; text-indent: 20px; width: auto; padding: 0px 4px 0px 0px; text-align: center; font: bold 11px/20px 'Helvetica Neue',Helvetica,sans-serif; color: #ffffff; background: #bd081c no-repeat scroll 3px 50% / 14px 14px; position: absolute; opacity: 1; z-index: 8675309; display: none; cursor: pointer;">Save</span></p> <p><span style="border-radius: 2px; text-indent: 20px; width: auto; padding: 0px 4px 0px 0px; text-align: center; font: bold 11px/20px 'Helvetica Neue',Helvetica,sans-serif; color: #ffffff; background: #bd081c no-repeat scroll 3px 50% / 14px 14px; position: absolute; opacity: 1; z-index: 8675309; display: none; cursor: pointer;">Save</span></p>The post <a href="https://www.insurance-advocate.com/2017/05/08/mitigating-cyber-risks-for-the-insurance-industry-with-the-right-security-controls/">Mitigating Cyber Risks for the Insurance Industry with the Right Security Controls</a> first appeared on <a href="https://www.insurance-advocate.com">Insurance Advocate</a>.]]></content:encoded> </item> </channel> </rss>