Webinars

The escalating ransomware problem has put a strong focus on existing issues in the cyber insurance sector. After analyzing current trends, this presentation will examine to what extent government regulation of the sector can offer possible solutions for three longstanding issues and foster a more mature industry.

1. Has the possibility of claiming ransom payments on cyber insurance policies contributed to the current problem, and should regulators ban such coverage?

2. Are the ways in which the insurance industry measures the cyber risk of companies still appropriate for the current threat environment? How valuable is old data, and will future approaches emphasize automated technical solutions, threat assessments, or ratings provided by external auditing agencies?

3. While big companies getting hit grab the headlines, ransomware is just as big a problem for small and medium-sized companies. With notoriously low IT security standards and typically no cyber insurance cover or bank credit line to recover from an attack, they are particularly vulnerable. Finding IT certifications designed for more mature companies hard to implement and their budgets stretched, many of them struggle to improve their defences. Could a new minimum IT security standard designed for SME’s combined with compulsory cyber insurance provide meaningful support for this group of companies?

Alice Hutchings is a University Lecturer in the Security Group at the Computer Laboratory, University of Cambridge. She is also Deputy-Director of the Cambridge Cybercrime Centre, an interdisciplinary initiative combining expertise from computer science, criminology, and law. Specialising in cybercrime, she bridges the gap between criminology and computer science. Generally, her research interests include understanding cybercrime offenders, cybercrime events, and the prevention and disruption of online crime.

Every day, hundreds of people fly on airline tickets that have been obtained fraudulently, and much of this is facilitated by cybercrime. I will use this example to explore cybercrime in more depth, and understand its real-world impacts. I will explore the trade in these tickets, drawing on interviews with industry and law enforcement, and an analysis of an online black market. Tickets are purchased by complicit travellers or resellers from the online black market. Victim travellers obtain tickets from fake travel agencies or malicious insiders. Compromised credit cards used to be the main method to purchase tickets illegitimately. However, as fraud detection systems improved, offenders displaced to other methods, including compromised loyalty point accounts, phishing, and compromised business accounts. In addition to complicit and victim travellers, fraudulently obtained tickets are used for transporting mules, and for trafficking and smuggling.

Additional Resources:

• https://link.springer.com/article/10.1007/s10611-018-9777-8
• https://academic.oup.com/policing/advance-article/doi/10.1093/police/pay063/5094543

Daniel researches the economics of security and privacy with recent research on risk quantification, cyber insurance and online consent. He is currently a post-doctoral fellow at the University of Innsbruck, Austria. He received his PhD "The Economics of Cyber Risk Transfer" from the University of Oxford's Computer Science Department.

Thousands of incidents each year are now managed by external law firms. Victim firms can call a hotline and delegate incident response to external counsel without a pre-existing relationship. We draw on expert interviews and industry reports to describe how this model breaks from conventional incident response, the role of cyber insurance and outline questions for future research. Preliminary evidence suggests this form of IR is less responsive and less efficient, cyber insurers control who gets work, and that litigation risk is prioritized over technical risk. This is a work in progress, so audience participation is encouraged.

Kara C. Owens, CPCU, RPLU, ARe Managing Director, Global Cyber Underwriting Executive – Markel Corporation (USA) Kara graduated magna cum laude from Temple University where she majored in risk management, insurance and marketing. She holds her RPLU, CPCU, ARe and ARM designations. Kara has more than 10 years in the insurance industry and her most recent position was at TransRe where she was the Global Head of Cyber Risk. In this role, she was responsible for underwriting, risk management, communication and new product development. Prior to TransRe, Kara was a broker at Guy Carpenter. Kara is active in the Advancement of Professional Insurance Women (APIW) where she serves on the membership committee and founded TransRe’s women’s group, WiRe. She also serves as a mentor for St. John’s University and Temple University risk management students. Kara joined Markel in March of 2018 and serves as the Managing Director for Global Cyber Underwriting. In this role, Kara is responsible for establishing and leading Markel’s cyber market strategy and working with cyber underwriters across the company to achieve growth and profit initiatives. She will also develop best practices for cyber underwriting and reinsurance strategies worldwide in all Markel divisions.

Silent or non-affirmative cyber across traditional insurance policies within the insurance industry is not so silent anymore. Regulators, rating agencies, and Lloyd's are asking insurers more and more questions and, in some cases, are enforcing eradication of silent cyber. The industry is seeing more cyber security and privacy related claims being notified on property and casualty policies. Exposures continue to show themselves as the Internet of Things and Internet of Bodies expand. This webinar will discuss exposures across insurance product lines, from cyber security and privacy risk, as well as how the industry is reacting to these exposures.