Travelers lead on reducing cyber exposure as the coronavirus pandemic rolls on

As an attorney in the United States, head of cyber at Travelers Europe, Davis Kessler (pictured), was working on litigating coverage disputes, mainly on crime policies, when he saw that an increased number of those claims were computer related. This prompted his natural transition into the cyber world, he said, and when Travelers first put together its UK cyber offering, which launched in 2018, he was asked to lead the business’s European cyber underwriting line-up.

The UK cyber market is widely understood to be behind the US in terms of penetration and cyber purchasing rates, he said, but he has noted that uptake is increasing rapidly, and that the gap is closing rapidly. The role of cyber insurance policies throughout the world has never been under quite so much pressure or scrutiny as it has been during the coronavirus (COVID-19) outbreak with increased numbers of employees working from home, and, speaking with Insurance Business, Kessler highlighted how cyber exposure has been impacted by this development.

“Even before the COVID-19 pandemic occurred,” he said,

“one of the things that we, as underwriters, would look at when we’re examining a submission, was if it would apply to working from home or remote working. Just to put it bluntly, remote working increases cyber exposure.”

Though he highlighted that he is not an information security expert, Kessler has a good working comprehension of the security mechanisms which increase cyber exposure and said that, when staff remove themselves from the protection of a business’s network, they must be extremely considerate of the resulting cyber risks. From the use of a VPN to multi-factor authentication for staff accessing web-based email, there are several added protections that can be implemented to protect against phishing attacks, he said.

These are all things considered before the occurrence of COVID-19, Kessler said, but now that companies have been forced to send workers home unexpectedly and quite rapidly, many firms have found that they simply are not ready for this implementation.

“You have to keep working,” he said.

“And these companies need to keep conducting business and they need their employees to work - but if they’re not ready, they’re really exposing themselves to these increased potential risks.”

Employees may be using non-corporate email services which will not afford them the same level of protection as internal networks, he said, or they may simply be connecting to the internet via a less secure wireless connection, and these factors can lead to exposures which would not be an issue in the traditional workplace. Employees also still need to share files with each other to get business done, he said, and if not done securely it can lead to an increased number of breaches.

The National Cyber Security Center (NCSC) in the UK, the FBI in the US and other international security organizations have highlighted an uptick in cybercrime activity. With the increased strain on IT systems, the weakened security infrastructure of most remote working setups and the increased activity of cyber criminals using the pandemic to their advantage, this crisis is something of a perfect storm for cybercrime.

Kessler paid tribute to the IT department at Travelers who, he stated, are doing an outstanding job at handling the situation as it develops but noted that at many organizations these departments have been completely overwhelmed. Firms need to have a clear demarcation between a traditional IT role and an IT security role, he said, as many men and women working in IT departments globally are currently being severely over-worked. With so many IT team members burning the candle at both ends, he said, the question is whether these individuals are going to be able to effectively respond when a breach occurs.

For companies in the thick of the current crisis, Kessler said, there is the need to continually adapt to the new reality of doing business. Unfortunately, it is difficult for many companies to implement the actual hardware infrastructure required unless they have done so already, he said, but this is not to say that there is nothing that businesses can do to protect themselves at this time.

Kessler pointed to the advisory material published to assist businesses when it comes to such matters, particularly a guide released by the NCSC which outlines the approach organizations should be taking when implementing remote working and several high-level guides that Travelers has made available to its insureds. Much of the advice available to businesses showcases simple procedural changes which don’t necessarily involve the purchase of new hardware or software solutions, he said, and companies should also be taking this opportunity to think about what they can do for future situations.

The benefits of being prepared for an event such as the coronavirus are being felt by businesses, Kessler noted, highlighting that Travelers’ preparations have allowed the business to adjust to its new environment. He outlined how firms which do not make the right preparations, particularly when it comes to cyber security, run the risk of not being in business when the next outage occurs.

“The firms that do the right things and have the right protections and have employees that are mindful of these areas can really get a leg up versus their competition,” he said.

“If I’m a consumer, or I’m looking for a business-to-business partner, and there’s two or three firms offering the same thing, but one of them stands out from a cybersecurity or privacy protection standpoint then I’m going to go with that company every day of the week. So, it’s not just avoiding disaster, it’s about how you set yourself apart from your competitors.”

Source: Insurance Business America 4/6/20   Author: Mia Wallace

Pandemic heightens urgency of brokerages and agencies to digitalize

With the novel coronavirus (COVID-19) now making its way through every continent except Antarctica, businesses where possible, have moved to remote work to align themselves with government measures. In fact, there have been so many people moving to work from home that Microsoft’s Teams chat and conferencing app saw a 37.5% jump in its daily users over the course of one week.

In line with social distancing protocols, brokerages and agencies in many countries have moved their employees to work from home while continuing to provide key services to policyholders, many of whom have questions about their business interruption coverage (especially as losses related to BI are forecast to hit $383 billion a month), travel insurance, and other policies. After all, renewal dates don’t disappear because of a pandemic.

Nonetheless, some brokers and agents are faring better than others at adopting to this massive change in their day-to-day operations. For instance, some businesses have already had much of their staff working remotely pre-pandemic or have been using digital platforms for years in the lead-up to this crisis, which has put many of their services online so that customers can make important changes using portals. One brokerage told Insurance Business that they’ve been working to establish their contingency planning for any kind of catastrophe that could put a dent in their regular operations for the last five to 10 years.

On the other hand, another brokerage reported that it started taking stock of the digital tools its staff would need a few months back, when it seemed like this epidemic was becoming a more serious issue. Similar to other regional brokerages and agencies, it has employees working from fairly remote geographic areas who encounter issues with poor internet connections and other connectivity problems – and it’s likely not alone in this struggle.

The speed at which brokerages and agencies have transformed into digital hubs has been fast, to say the least. As a client-focused role, brokers often share face-to-face contact with their insureds and even more so in smaller towns or rural regions, where use of digital tools for communication is often not as high as in metropolitan areas. As brokerages and agencies move to social distancing, digital tools become a primary way of keeping in touch with policyholders, providing crucial services, and accessing their management systems.

In the throes of this pandemic, brokerages and agencies have done well to adopt quickly and do the best they can to continue servicing policyholders. But, once the worst of this global health catastrophe is over, businesses that ran into significant hurdles moving to remote working due to lower levels of digitalization should consider where to go from here. With the average score for digital technology adoption coming in at 43% at independent brokerages and agencies in 2019 –1% lower than 2018, according to an annual Applied Systems survey – many businesses clearly have a lot of work to do to upgrade their platforms in this digital direction.

Questions brokerages and agencies might want to ask themselves following this crisis include: What weaknesses did this pandemic expose in their contingency planning and/or general operations? How did clients adapt to digital or phone-only communications and does this show their readiness for moving to digital platforms that they perhaps didn’t have or see before? Are there opportunities to introduce mobile or cloud-based platforms to ease both customers’ access to their policies and employees’ access to their management systems in case of similar situations down the road?

While brokers and agents in natural catastrophe-prone areas would have likely already had to consider how to move their operations quickly if a storm or wildfire was coming their way, the pandemic threat introduces a whole new set of challenges since moving all staff from one office to another is simply not an option during a society-wide lockdown. The need to go digital will also likely not go away after the current pandemic has passed, underscoring the urgency of moving to digitalization if brokers and agents haven’t already done so.

And if technology becomes even more ubiquitous in the coming years, as it probably will, the long-term survival of brokerages and agencies is dependent on re-evaluating and evolving their digital readiness now. Indeed, it might be hard to hold on to traditional ways of doing business for much longer.