Modern Insurance Magazine Issue 65

More documents

Recommendations

Info

INSURTECH Capgemini AXA XL QCaitlin, it was so great to catch up recently and hear your perspectives on the current state of cybersecurity. How have things changed in recent years from an underwriting perspective? A Hi Megan! Likewise, it was great speaking with you, and I’m excited to be here to chat with you today. Things have changed dramatically in cyber insurance over the last few years. The hard cyber insurance marketplace started after an influx of ransomware attacks in 2019. This hard market lasted through 2022, driven by the frequency and severity of these claims. Significant losses forced cyber insurers to increase rates, as well as analyzing the cybersecurity posture of each insured under scrutiny. Now we are back in a soft market, where there’s a lot of insurer competition driven by lofty new business goals. Rates have significantly dropped year after year; meanwhile, claims are trending upward. It will be interesting to see what happens over the next 12 months! QWhat are some emerging cybersecurity trends that we should be aware of, and prepare for? A A trend seemed to take off at the beginning of 2023 around some of the state-level comprehensive privacy laws that are being passed. At the start of 2024, 15 US states enacted stricter privacy laws - Connecticut (where I live) being one of them. It is a significant legal undertaking for companies to ensure that they are staying ahead and remaining compliant. On the underwriting side, we like to understand the different committees and the extent of legal involvement that companies utilize in order to remain in compliance. We also saw the SEC cyber disclosure rules passed last year, which requires public companies to disclose incidents within 4 business days. There is a lot going on in the privacy space! Another trend we have seen is SIM swapping, where threat actors trick a cellular device company or telecom carrier into switching the SIM card of an executive (or an employee with elevated privileges and access, like an administrator) onto the threat actor’s device. The attacker collects info on the victim, whether it’s through social media or phishing, then calls up the cell phone provider and pretends to be the said individual. The provider is then duped into switching the victim’s mobile number to the threat actor’s phone, which means that the attacker can receive incoming calls and texts - including authentication codes for multi-factor authentication (MFA) – in order to gain access to the network. In general, MFA bypass schemes are on the rise, particularly given the world of remote working that we are now living in post-pandemic. Lastly, I would say Artificial Intelligence (AI) is a very hot topic. Every company is looking at how they can incorporate AI into their business, and there are a lot of unknowns to the potential threats in doing so. We are seeing threat actors create sophisticated and believable phishing schemes within large language models, and copyright can be a very complicated element of AI. Ultimately, we look for companies to be approaching AI cautiously, closely tracking any employee usage. QWhat challenges are companies facing when it comes to cybersecurity issues? Vendor management comes to mind immediately as a continuous challenge within cybersecurity and A cyber underwriting. We ask questions around how an insured is vetting third parties prior to working with them, if questionnaires are completed, how often vendors are reassessed, and what contract provisions they might have in place to protect themselves. The supply chain issue is not something that is going away, and the risk is still there even when companies have best practices and procedures in place. Vulnerabilities with VPN products is also an issue. In a world where many companies now have a hybrid workforce, we saw a real increase in VPN vulnerabilities and related exploitations in 2023. In a similar vein, we’re seeing an uptick in Cloud-based attacks, with Cloud environments not being properly configured and secured. I think there is a misconception that the Cloud is safer or more secure, but it’s important for companies to have Cloud security experts on staff, or at least a third-party Cloud expert to assist in ensuring a safe and proper management of that environment. While major Cloud providers do offer many enhanced security features, these are not enabled by default. Therefore, it’s important for companies to check that they have a proper handle on how their Cloud environment is configured, ensuring that the proper features are turned on. The cyber workforce shortage is the final issue to mention here. Companies are struggling in their search for qualified cybersecurity IT professionals. There’s so much demand for expertise and experience in this area, and yet there is a huge talent gap and shortage of trained cybersecurity professionals. The war on talent can also result in significant turnover. 70 | MODERN INSURANCE
INSURTECH QIs AI a friend, foe, or both? Can AI help detect and react to a breach in real time? Conversely, what is the threat of AI in the hands of a cybercriminal? A Definitely both! AI is here to stay, and if companies are not considering how to use AI within their business, they are going to fall behind. I think AI can really help to manage cybersecurity, particularly with the amount of large data that cybersecurity professionals have to continuously comb through. There’s a lot of risk with these large language models given the amount of potential for storage of personal data. We have seen threat actors use AI for social engineering or phishing attacks already, as well as building and embedding malware. We have also seen ‘deep fakes’, where criminals use AI to produce extremely believable fake images or replicate voices to trick employees into transferring funds. There is so much more to come with AI. QWhat advice do you have for the C-suite and Boards of Executives when it comes to working together and collaborating against mounting cybersecurity risk? I think within your question, mention of the word ‘collaboration’ is key. The C-suite, as well as various A business committees and Boards, should be working closely together as they manage their organization’s cybersecurity risk. I would also recommend utilizing a third party for threat intelligence if companies do not have an internal threat intel team on staff. Lastly, I would recommend joining an industry peer group to discuss how similar companies are handling certain exposures. Another company may offer a perspective that they did not consider before. QIn 2022, you were promoted to Senior Cyber Underwriter at AXA XL - congratulations! Do you have any advice for women who are just starting out in their cyber career? A My advice is to be yourself and be confident in your abilities. Ask questions and continue to be a student, especially in cyber where change is constant! Understand your strengths and lead with them, while also challenging yourself to work on your weaknesses. Lastly, be patient with yourself. Growth and success will come if you continue to show up and consistently perform. Q What’s next for Caitlin? A I’m excited to be taking on several new challenges in 2024. I will be participating on my first panel discussion at Cyber Defense Summit, a pre-conference event for InsurTech Hartford. I’m also on the committee for the ‘Women in Cyber Insurance’ group, spearheaded by Willis Towers Watson, and I will be attending the conference in May. I conducted my first webinar training for PLUS University earlier this year, and have another Cyber 101 webinar scheduled for later in 2024. Lastly, I will have my first direct report soon, with our summer intern joining us in June. I’m excited to try new things and get out of my comfort zone with some of these new experiences in order to further my personal growth. I will also continue to be a leader within our underwriting team, and I look forward to helping some of our more junior underwriters starting out in cyber insurance! Caitlin Alpern is a Senior Cyber and Technology E&O underwriter on the Northeast team of AXA XL. She has close to 8 years of experience underwriting cyber and technology risks. Caitlin manages a book of around $20M in premium, working on both new business and renewals. Ms. Alpern has her Cyber COPE Insurance Certification from the Heinz College Information Systems and Public Policy from Carnegie Mellon University. Caitlin is also a Registered Professional Liability Underwriter. She has 12 years of underwriting experience, and was also a broker at Marsh for two years, working as a client advisor on public director’s & officers’ liability. Caitlin recently joined the ‘Women in Cyber Insurance’ Group committee that was recently launched by Willis Towers Watson. Caitlin lives outside Hartford, in the US state of Connecticut. Caitlin Alpern, Senior Cyber Underwriter, AXA XL MODERN INSURANCE | 71
Page 1 and 2:
ISSUE 65 ISSN 2515-3803 I SPY CYBER
Page 3 and 4:
WELCOME Welcome to Issue 65 of Mode
Page 5 and 6:
8 12 14 17 29 38 44 49 51 53 55 Ins
Page 7 and 8:
EUROPCAR NEW BRAND BLOCK Color grad
Page 9 and 10:
Risk sentiment Hiscox Cyber Readine
Page 11 and 12:
Page 07 Impacts of a cyber attack (
Page 13 and 14:
Q Ken - what’s the appeal for hac
Page 15 and 16:
INTERVIEWS that there aren’t some
Page 17 and 18:
EDITORIAL BOARD A Varied Approach t
Page 19 and 20: Consumer Duty Defines the Role EDIT
Page 21 and 22: EDITORIAL BOARD The Vizion Standard
Page 23 and 24: EDITORIAL BOARD Embedding Consumer
Page 25: EDITORIAL BOARD Data Security at ED
Page 28 and 29: BOOKED IT. PACKED IT. WE’RE OFF.
Page 30 and 31: EMPOWERING THE FUTURE OF REPAIR Tec
Page 32 and 33: Straightforward insurance technolog
Page 35 and 36: ASSOCIATIONS ASSEMBLE Fleur Thomas
Page 37 and 38: ASSOCIATIONS ASSEMBLE Sue Brown Tit
Page 39 and 40: COUNTER FRAUD ACTIVITY: UK VS. US T
Page 41 and 42: THE DISTINCT LANDSCAPES OF INSURANC
Page 43 and 44: Jonathan Drake IMPROVING AGILITY, M
Page 45: Keeping insurers fully in the loop
Page 49 and 50: Friction Is the Key to Customer Suc
Page 51 and 52: Put the Sugarin First FEATURES As I
Page 53 and 54: A Total Loss Could Be An Electric G
Page 55: FEATURES THE EVOLVING RISK OF CYBER
Page 58 and 59: A new approach to repair management
Page 60 and 61: Modern Insurance Magazine’s notor
Page 62 and 63: Results INSURER OF THE YEAR WINNER
Page 64 and 65: “The team at Modern Insurance Mag
Page 66 and 67: INSUR. TECH. TALK
Page 68 and 69: INSURTECH Google Cloud QMonica, mor
Page 73 and 74: INSURTECH Munich Re Dikla, what are
Page 75 and 76: INSURTECH Q Is AI a friend, foe, or
Page 77: INSURTECH QWhat are some of the mos
Page 80 and 81: INSURTECH Welcoming… Percayso Inf
Page 83: INSURTECH Strategic Priority: Opera
Page 86 and 87: INSURTECH The Fastest Fish in the O
Page 88: Any me, any place, anywhere... FMG
show all

Modern Insurance Magazine Issue 65

Create successful ePaper yourself

Delete template?

Save as template?