The Verisk and RMS reports have shown that the cyber insurance market is enjoying a period of profitable growth, bringing the benefits of increased stability and competition for buyers.
According to a report from Verisk, the US commercial cyber liability insurance market is expected to reach USD 6.2 billion by 2020, up from around USD 2.5 billion of written premium in 2016.
The cybersecurity firm predicts average annual growth in take-up rates of around 20-30%.
Significantly, the cyber insurance market is growing profitably; according to a recent study by catastrophe risk modelling firm RMS. It estimates that the industry loss ratio for 2016 was 54.6%, a healthy return compared with more mature insurance markets. However, loss ratios vary between insurers, with some reporting single-digit loss ratios while others have ratios greater than 150%.
With the changing environment, we interviewed Stan Galo, Partner from KPMG Forensics to understand the nuances of the Cyber Market and the effects of its growing nature. Stan will be presenting his insights on building the capability to deliver an effective cyber incident response in the expanding cyber insurance market at the Cyber Insurance One Day Intensive Conference on 4th December in Sydney. Here is what he had to say:
What are the key trends and insights that you see in the cyber forensics market from current claims?
We are still seeing a lot of attacks that focus on a critical business weakness – people.
These attacks are aimed at enticing the victims to take an action e.g. targeted phishing with a link or attachment. Cloud-based email attacks have also risen, with user credentials obtained from phishing, ‘free’ wifi etc. These attacks are often followed by false invoice scams either using invoices found within the email stores or by using the email to send false invoices with modified account numbers.
Pretexting is also coming to attention. This is where attackers initially communicate with the victim for a period of time to build trust before executing their attack.
What do insurers need to know with the trends at the moment?
The insured still have a tendency to call their local IT provider contact first, often before contacting their insurer. We have seen a number of instances whereby machines have been wiped and reset, which is the most common approach, as a result. This process often has a range of consequences:
- It destroys potential evidence as to the specific nature of the attack, including what happened, how it happened and whether there was any data accessed.
- It can destroy the insured’s data which may otherwise have been recoverable
- It can prevent clarity around whether a notifiable data breach has occurred, which now has mandatory reporting obligations.
How did your organisation successfully implement incident responses?
KPMG Forensic Technology has been providing computer investigative services in Australia for almost 20 years, which included electronic file and computer system analysis conducted within an evidentiary framework and supported by a court recognised expertise. As technology evolved over the ensuing years, so too did the skill sets of our team and the service we provide. KPMG now provide rapid Cyber Incident Response Capability in a multitude of countries around the world. This allows us to tap into a globally collective mindset and monitor attack trends, malicious software and develop proactive tools and techniques to enhance cybersecurity.
What are the most efficient ways to respond to incidents in the cyber market?
The insured needs to be actively aware of the cyber risks to their specific environment and have a robust incident response plan that is tested regularly. The value of this is that when (not if) an incident happens they can respond appropriately by having the right team available to provide advice and assistance when it’s most needed. This team will generally include legal advice together with forensic technology advice and on the ground rapid response support. This will maximise the opportunity for data recovery, prevention of further loss (monetary or data) and compliance with any disclosure requirements. Organisations do not want to be trying to scramble around this under the pressure of an incident that just occurred.
Stan Galo is a Partner with KPMG Forensic, National Leader of the Australian KPMG Forensic Technology teams. He leads Cyber Incident Response services for KPMG in Australia and co-leads the services internationally providing strategic direction and crisis management in an ever-changing technology environment.
As a former deep cover police operative, Stan has a unique perspective on all manner of nefarious activities having lived numerous lives including trafficking in narcotics, firearms and electronic data – he has lived these risks. A risk management specialist, Stan combines his unique insights with traditional investigative skills and forensic technology expertise to bring a different perspective to assisting clients in crisis.
Don’t miss the opportunity to learn from Stan Galo, an industry expert at the One Day Intensive Cyber Insurance Conference on 4th December in Sydney.