Demystifying Cyber Risk - Travelers webinar review


Authored by Travelers

The language around cyber risk can be complex – both because of the amount of jargon involved and the lack of consistency when it comes to cyber insurance policy wordings.

Use this document as a reference to help you decode terminology and be aware of aspects of policies that can be misinterpreted.

Translate jargon

While it’s helpful to have a solid understanding of cyber terminology to come across as cyber savvy, you’ll best build trust with clients if you’re able to explain terms in plain English. Here is a list of common cyber acronyms you are likely to encounter:

  • CIRP: Cyber incident response plan
  • CISO: Chief information security officer
  • DDoS: Distributed denial of service (attack)
  • DLP: Data loss prevention (system)
  • DRP: Disaster recovery plan
  • EDR: Endpoint detection & response
  • IDS: Intrusion detection system
  • MFA: Multi-factor authentication system
  • PCI-DSS: Payment card industry data security standard
  • PHI: Protected health information
  • PII: Personally identifiable information
  • VPN: Virtual private network
  • RDP: Remote desk protocol

Now think about how you can translate this jargon into plain terms. For example, an IDS is like a bouncer checking IDs at the door of a club to confirm that everyone who enters is above age and allowed to come in. Think of an EDR as someone who detects suspicious activity at the club and can toss a person out if needed. MFA, which typically includes the use of a user name/password and PIN to log into company systems, helps you confirm that your employees are who they say they are when they log in.

Understand the types of attacks

Malware is a catch-all term for many types of malicious software including worms, viruses, spyware, trojan horse, ransomware, bots and botnets. It’s delivered by adware and scams, spam, phishing (via email and text) and open ports (gaps in a firewall). Small companies can be deceptively appealing malware targets because they may have insufficient cybersecurity protections in place.

The key types of ransomware are Blocker and Crypto ransomware: Blocker ransomware blocks users out of basic computer functions. While the computer can be used to pay the ransom, it’s otherwise rendered useless. Crypto ransomware encrypts your critical data, such as documents and videos, while leaving basic computer functions untouched. (Ransomware attacks in the news include MAZE, Locky, Jigsaw, GoldenEye, Cryptolocker, GandCrab and WannaCry.)

Take the best precautions

All companies have cyber exposure of some kind. Planning your response with employees can help you respond quickly, efficiently and with minimal business interruption or financial loss.

Consider these examples from insureds:

  1. At a CRM software company, a senior manager fell victim to a phishing attack and thousands of email addresses were compromised. The company promptly notified those affected. The ICO – happy with the speed of the company’s response to secure and protect its data – didn’t take action. Key learnings from this incident: The insured believed early notification and prompt action helped with the positive ICO response. They also credited phishing exercises and other employee training for mitigating their exposure, as well as an open culture where employees are urged to report incidents without repercussions. Going forward, multi-factor authentication is a key consideration for the company, particularly with more employees working remotely.
  2. An IT managed service provider client was hacked and the client claimed against the insured for failing to patch their system update. The insurance contract contained a liability cap that limited the insured’s liability to less than £250,000 (vs £1 million without the cap). Key learnings from this incident: Timely reporting is essential, as are regular data backups (and checking to make sure those backups are working) to mitigate data exposure. Professionally written terms and conditions can provide protection too.

Get to know cyber policy wordings

The language around cyber policies aren’t yet consistent – and will take time to become so. But that shouldn’t deter brokers from trying to understand it. Understanding policy terms and what the wording means in practice will go far in helping to protect the insured’s business.

Common misunderstandings arise around business interruption cover vs reputational harm. Some policies have both and some have one or the other. Both deal with the loss of income following a breach and pay to close the gap between the income the insured would have earned if no event had occurred and what the insured actually earned due to the event.

However, business interruption requires that the income loss stems from the insured’s computers being down, while reputational harm doesn’t necessitate that. Further, business interruption is subject to a waiting period (often 8-12 hours but sometimes up to 24 hours) before coverage kicks in, while reputational harm is subject to monetary excess.

It’s critical to scrutinise the wording of policies to understand when cover becomes active and what is covered. For example, wording referring to the interruption to an insured’s “systems” vs the insured’s “operations” can make a difference in cover. Words are often more important than numbers: A policy that promises system restorations within 180 days as opposed to 365 won’t make a difference when the vast majority of system restorations in the UK are resolved within a week after a breach. Be mindful of policy conditions like maintaining systems with up-to-date patching management – if your client is generally conscientious about protecting its systems but there was a slip-up, you want to make sure their coverage applies.

Finally, policy wording will generally reference the cover of extra expenses incurred as a result of a breach. For example, an insured may need to have IT personnel work around the clock or hire additional staff due to a cyber incident. A good cyber policy should say that extra expenses cover comes with “bricking” cover, which replaces non-functional equipment with functional equipment. Just ensure that, if bricking cover is added, the property damage exclusion has been amended to include a writeback for bricked equipment.

“There is still a low take-up of cyber insurance and a lot of future growth available in this space,” said Davis Kessler, Head of Cyber at Travelers Europe. “Brokers who make the effort to recognise what a good policy looks like and how that could meet client exposures will gain the confidence of insureds.”

CLICK HERE to watch the Travelers webinar


About Travelers

We wrote the first auto insurance, the first aircraft liability insurance, and even the first personal accident cover for astronauts.

In today’s fast-changing world, this  heritage of adventure really counts. With an extended network of underwriting, claims management, and industry experts in 125 countries, we’re here to insure your clients’ ambitions – no matter their size and scope. Our expertise and experience deliver policies that help them continue their journey.

With businesses facing ever more emerging and evolving issues, our suite of insurance products offers bespoke cover for each risk, and our commitment to genuine, caring partnerships means we’ll always be there to advise and support our clients and our broker partners, – whatever the future holds.

The Travelers Companies, Inc. (“TRV”) is a leading provider of property liability insurance for motor, home and business. The Group has more than 30,000 employees and operations in the United States, Canada, UK and Ireland.

The group has total assets of approximately $110 billion, shareholders’ equity of $26 billion and total revenue of $32 billion, as of December 31, 2019. Our European based operations offer our customers a wide range of coverage through Travelers Insurance Company Limited, Travelers Syndicate Management Limited (Syndicate 5000 at Lloyd’s), Travelers Underwriting Agency Limited and Travelers Insurance Designated Activity Company.