Q&A: CFC on the value of cyber threat prevention services

1. Why is risk mitigation vital for cyber insurance products?

Cyber insurance has gone from a promise to pay to a promise to protect. The thinking here is simple. No policyholder wants to suffer a cyber attack and everybody benefits from reducing the number of claims. So if we have the capability and technology to protect businesses from attacks, why wouldn’t we?

Risk mitigation is vital because it’s possible.

Through a range of cyber security services and an advanced incident response team, we can assess exposures, identify threats, notify our policyholders and remove the trauma of the incident.

Cyber threats are becoming increasingly dangerous and disruptive, so the proactive ability to stop them cold is a significant benefit.

2. What are the challenges in providing risk mitigation services in cyber lines?

Proactive cyber insurance uses data to detect and analyse cyber threats, but the sheer volume of data in the cyber world can make it difficult to know which threats to pay attention to.

Traditional cyber security providers can inundate businesses with information that’s not relevant or important, which is why we created our mobile app – Response.

Response allows us to cut through the noise and engage directly with our policyholders about the threats that matter.

Through the app, we can instantly notify them of threats and vulnerabilities that require action, while the app’s ‘Ask the expert’ service is like having a free CISO in their pocket, able to provide technical support 24/7, help build response plans and answer technical questions.

3. When cyber attacks occur, speed of notification can be the difference in minimising their impact. How do you achieve this?

The Response app is designed as a secure and direct line of communication, so our in-house team can deliver critical threat alerts to policyholders in real time. Equally, it allows our policyholders to contact us whenever they suspect they’re experiencing an incident, 24/7/365.

Our technical incident response team will get in touch within 15 minutes to triage, contain and remediate the issue.

Using CrowdStrike as an example, we swiftly detected which customers were susceptible to the threat and notified them through the app, cutting through the noise of what was a chaotic outage. This ensured our policyholders were immediately aware of the risk.

4. How do you communicate with policyholders in the event of a cyber attack and throughout the proceeding claim?

Not only is the Response app the quickest form of communication, it’s also reliable and creates ease. Cyber incidents often cause system-wide outages, preventing policyholders from accessing their insurance documents.

In this scenario, they also may not know who to call. The app empowers policyholders to reach our incident response team in just a few taps on their phone. We recommend several employees within the business download it on their phone, so even if key people are out, we’re still able to alert and remediate quickly.

Throughout the process, we also keep brokers up to speed, whether that’s over the phone or email. Keeping all parties aligned means we can take the necessary steps with full clarity, ensuring a fast response that minimises the incident’s impact.

5. Do you provide further cyber security tools to help policyholders?

Real-time threat alerts are the first wall of protection, but we also offer a suite of cyber security tools through the Response app. These tools enable a deeper level of protection for our policyholders, are entirely free and can be turned on and off at will.

Included is a phishing simulation tool, for businesses to help improve awareness and vigilance among employees against this cyber crime tactic, continuous dark web monitoring, to scour the dark web for compromised credentials hackers use to sell or gain access to the business’s network and deep scanning services, to actively check the insured’s networks to identify vulnerabilities.