October Risk Roundup: Which will prevail — legacy insurance or insurtech?

by Stephanie Mangold.
The Risk Roundup is our weekly collection of curated content that relates to all things digital risk management. Members of the Coalition team have pulled together their favorite posts from the week that highlight relevant trends in cybersecurity and cyber insurance. Enjoy our TL;DR and useful snippets on topics we’re keeping a close eye on.

Technology-enabled startups have revolutionized many aspects of business where legacy incumbents have stagnated due to dominant market positions. Startups have disrupted standard business functions like hiring and expense management with products that are easier to use and offer more targeted functionality than incumbents. So what role can insurance technology (insurtech) play in disrupting the legacy insurance market?

1. "Hype" or technology-enabled risk management?

The use of technology, and insurtechs themselves, is not “hype” and it is shortsighted to think so. At Coalition, we apply technology ways not identified in this article. Instead of underwriting blindly, we harness technology to solve cyber risk and beyond. We accurately and consistently score risks of a potential insured using algorithmic decision making. We scan the entire internet for vulnerabilities, such as open ports or exposed networks, to help our customers avoid cyber incidents. We also use technology to alert our customers of potential risks and assist in fixing it before it becomes a cyber event. Yes, the fundamental part of insurance is “taking risk,” we just do it better than traditional insurance with technology. – Kirsten Mickelson, Claims Counsel

View article here

2. Extortion without ransomware

Hackers are finding simpler and faster ways to extort their victims — a recent attack by a gang called SnapMC went from breach to ransom in less than thirty minutes. They exploited a known vulnerability called Blue Mockingbird, which can be fixed with an easily available patch. A report by Randori shows that a significant number of organizations are running outdated versions of technologies like Solarwinds, Citrix Netscaler, and even old versions of Microsoft IIS; this outdated software contains known vulnerabilities that make attacker’s jobs easy. This is entirely avoidable, but the problem stems from the fact that small businesses, education systems, hospitals lack basic cybersecurity knowledge and hygiene practices to fix these avoidable issues.

The most sophisticated security software isn’t necessary to avoid attacks — simple awareness and proactive action are effective in solving cyber risk. Simple things like having a firewall or automatically applying available patches might have prevented the SnapMC attack. Every small business should ask: How likely am I to get hacked, what vulnerabilities do I have, and how robust is my cybersecurity maturity? The answers to these questions and your technology environment (such as the number of internet-connected devices) will drive the measures you need to take to secure your business. - Payal Chakravarty, Head of Global SaaS

View tweet here

3. Former U.S. Navy engineer, wife face judge in submarine espionage case

Though there were many humorous takes, the financial motivation for attackers to exploit trusted insiders is a very real and pressing concern. If you’ve undergone a government background investigation, your finances were reviewed to identify avenues of exploit, such as outstanding debts or living beyond your means. This situation highlights the need to continuously monitor, evaluate, and take action to mitigate risks — in this case, trusted insiders who are authorized to access sensitive information and can be incentivized to sell it. Of course, not every company has access to nuclear submarine secrets, but confidential information like your new product R&D or customer list could be a target. Aaron Kraus, Security Engagement Manager

View tweet here

If you enjoyed this post be sure to check our blog weekly; the Risk Roundup runs Friday mornings in addition to more enlightening content we post related to the ever-evolving landscape of digital risk. Follow us on Twitter (@SolveCyberRisk), LinkedIn (Coalition Inc), and Youtube. If you have any suggestions for content that we should be adding to our reading list, let us know!