Insurance – not computer security – is probably your core business as a broker. But with cyber threats on the rise, some brokers are seeking information-security partners to help them manage their commercial clients’ cyber risk.
WTW has several relationships with information technology and cybersecurity providers, said Michélle Lawson, the company’s cyber practice leader for Canada.
One of them is New York City-based SecurityScorecard, a tech vendor that assesses clients’ cybersecurity using several risk categories, including web application security, network security, and patching.
“SecurityScorecard reviews a company’s technical security posture and assigns a score to that,” said Lawson. “We actively explore relationships with additional vendors to continuously broaden our breadth of cyber risk data we consider in assessing a client’s cyber risk.”
More insurance buyers are becoming aware of cyber threats, observes Annamaria Landaverde, senior vice president and cyber team lead for Munich Re U.S. She addressed the topic in a 2021 webinar.
Many companies store confidential information about themselves, their customers or other companies, as Travelers Companies Inc. notes. So, your clients face potential liability risk if confidential information is exposed in a data breach.
Another corporate cyber risk is financial loss if malware is downloaded from an email. Malware can cause files to be lost, encrypted or otherwise damaged, said Travelers.
For its part, WTW offers Cyber Quantified, a tool designed to make clients aware of their exposure to data breach and network outages.
“When an insurer is underwriting the risk, they’re looking for clients who are proactively addressing cyber issues consistently,” said Lawson. “A client who is well-informed and addressing these risks proactively will differentiate themselves from the rest of the pack.”
Integrating Cyber Quantified with SecurityScorecard at no additional cost is offered as a value-added service to WTW’s clients.
“We provide this type of integration because we understand that cyber insurance buying decisions need to go beyond just traditional benchmarking,” said Lawson. “Cyber risk is complex. We want to provide our clients with as much insight and data as is prudent to ensure that they can make an informed buying decision.”
SecurityScorecard allows a client to review cybersecurity issues and highlight any related internet protocol addresses or domains. “Addressing such issues assists the client in improving their cyber hygiene and security rating, reducing their cyber exposure and helping to protect them against potential cyber events,” said Lawson.
Northbridge lists some business practices that can affect a client’s cyber risk, including:
A lax policy on regularly updating passwords.
Employees or customers accessing the client’s systems from remote locations.
Staff using company-owned devices at their homes or while traveling.
Allowing the public to access the client’s building without an ID card.
Employees using computers to access bank accounts or initiate money transfers.
Cyber threats continue to evolve, as Munich Re speakers note during a 2021 webinar hosted by A.M. Best Company Inc. “The frustration is, you can’t nail down the exposure,” said Landaverde. “Cyber threats will continue to evolve.”
This article is excerpted from one that appeared in the February/March issue of Canadian Underwriter.