Cyber insureds ‘getting pulled in a lot of directions’

Businesses need help cutting through the “noise” of cybersecurity, says a senior cyber insurance professional Insurance Business.

“They get a lot of different alerts,” said Lauren Winchester, Corvus SVP, risk and response. “They are being pulled in many directions [when it comes to] what will they spend their cyber money on.”

Corvus revealed what it described as an “industry leading” cyber loss ratio of 36%. Talked to Insurance Business at the cyber summit NetDiligence in Philadelphia in June, Winchester shared how the business achieved this – and how it will develop in the future.

“We’re very proud of what we’ve accomplished,” Winchester said. “We have a 36% loss ratio, which we see as leading the industry, and that’s a testament to our underwriting acumen, the tools we use, the scanning we have, and then our outreach of policyholders and engagements we do. have.”

What’s new in Corvus?

Corvus recently launched a policyholder prevention service, known as Corvus Signal. The proposition is intended to prevent claims, and Corvus found that clients who participated were 20% less likely to have a cyberattack, according to Winchester.

Corvus bundles risk insights from threat intelligence and policyholder alerts, in addition to risk advisory services, with cybersecurity advisors, rapid response advisors, and a outreach team. There’s also the risk dashboard, which Winchester describes as taking “that human intelligence and trying to pour it into a tool”.

“We want to lean into that,” Winchester said.

Corvus is confident it will further reduce its loss ratio, according to Winchester.

“Our data tells us that this engagement is working, and so now we want to say: ‘How do we trust it more?'” Winchester said. “‘What are ways we can drive more engagement with our team and our tech so that policyholders are best positioned against attacks?'”

Cutting through the cyber “noise”

The business looks at vulnerability alerting, where software is used to scan policyholders for vulnerabilities. This helps cut through that cyber “noise” and target insureds who are at risk, rather than bombarding them with blanket warnings.

“If we have a new VPN vulnerability, for example, we can determine which policy holders are actually using VPNs,” Winchester said. “Instead of sending an alert to all of our policyholders, we’re going to reduce it and make it more meaningful, and if they have follow-up questions about it, we’re there to answer.”

Due to an increase in cyber-related contact, as well as malicious scam attempts, businesses sometimes become cautious when they receive notification of a threat.

“We are working with policyholders to determine the best way to frame and convey our alerts,” Winchester said. “Because sometimes they can be met with some skepticism, which is good, right?”

Corvus runs a monthly newsletter and is looking at additional outreach methods, as well as making sure policyholders know what an alert from them looks like, to help reassure clients that the any contact from them is valid.

“Sometimes it can be met with healthy skepticism, and we’re happy about that – hopefully it means something [insureds] don’t click on a lot of phishing emails,” Winchester said.

Corvus has seen a “relatively low frequency” of ransomware within its own acquisition data, Winchester said, but he acknowledged that the business may be “trending”, especially given the leak site activity.

“Ransomware threat actors have their leak sites where they post who their victims are, and since that has become a widespread practice, we can analyze the leak site data and see the trends over time for victims over time,” Winchester said. “That went up a little bit in March, and it stayed high in April and went back up again in May.”

By analyzing these dark web sites and tracking activity, insurers can better predict likely claim activity across the board.

“You can say that the event is over, which means, from an insurance perspective, most of the victims are likely to be insured companies, and in the end the claims will come as a result – luckily we don’t have see that, and [it’s not] that shows up in our book, and hopefully, that’s a testament to the underwriting and outreach that we do,” Winchester said.

“But I expect it to continue in this trend, and it suggests that the threat actors are regrouping, they’re rebuilding their infrastructure, and they’re running and running.”

How well do your cyber clients understand the various threats? Let us know by leaving a comment below.