With “a lack of controls at [an] insurer, [you] could have catastrophic damage to an entire portfolio, ”said Jack Kudale, founder and CEO of Cowbell Cyber, an insurtech and general management agency (MGA) that provides cyber insurance and related services to small and medium-sized businesses.
Kudale, speaking at a CEO panel at the 2021 Global Insurance Symposium in Des Moines on June 29, called cyber risks the “next digital pandemic” and said insurers must protect at the both their customers and themselves with the same measure.
In other words, insurers themselves are now targets.
“It is imperative that not only do we protect with the modern technology and innovation needed in this market, but that you also protect your own infrastructure, because cybercriminals are looking for crown jewels, and where would you go if not an insurer? – even that insures cyber risks, ”Kudale added.
Panelist Jessica Snyder, President and CEO of GuideOne Insurance, agrees.
Free Webinar: How to personalise insurance with dynamic policies
- What are some of the considerations and challenges when implementing dynamic policies?
- Are some customisations only possible with human expertise?
- Where are dynamic policies heading next?
“We just went through our own internal cyber risk assessment,” Snyder said. “[Ransomware criminals] can take control of data centers and encrypt how to access backups… This is a real issue our industry needs to be concerned about.
Snyder said that GuideOne, a specialty insurer for churches, spends about 6% of its total budget on IT issues, focusing on areas such as general protection, two-factor authentication and other related employee training. But these efforts, she said, are “just table stakes.” Insurers do not understand the true costs of cyber risk at this stage, she added.
“We insure parts that we really don’t understand the cost,” Snyder said. “This is a huge issue that we CEOs need to be aware of, to be aware of what’s out there and the threats. “
The comments from the two executives follow a massive ransomware attack on Chicago-based insurer TBEN earlier this year. The company reportedly paid a ransom of $ 40 million to stop the incident.
Colonial Pipeline was also the victim of a massive ransomware attack in May, compromising oil deliveries to much of the east coast of the United States. The company paid a ransom of $ 4.4 million to put the pipeline back into service, according to reports.
Supply Line Ransomware Targets
Kudale said ransomware threats will remain in the insurance industry for a long time, although he admitted that the frequency and severity “will be very different as we move forward.”
Third party or supply chain risks to businesses are agreed to be the next big cyber risk. The critical issue, he said, is how to proactively patrol to ensure cybersecurity, but also understand the nature of those risks.
“Preventive detection remains the most important action,” he said.
Source: The Bharat
