On the Front Lines: Dispatches From a Cyber Insurance Practice

When it comes to the ever-evolving world of Cyber insurance, the RPS Cyber team sees it all and is ready to share. Here's a look at their encounters in their daily handling of Cyber insurance submissions, quotes, renewals and claims. These anecdotes can be great nuggets for retail agents to share with their insureds when asked about new developments (or important reminders) in the Cyber insurance arena.

Moratoriums and No-Loss Attestations

One insurer issued a brief moratorium on all new business submissions after the recent highly publicized failure of a security software vendor's software update. Additionally, several insurers required no-loss attestations relative to this event as a condition of binding new business and renewals.

Carrier Fees

We're seeing various approaches to carrier fees on Cyber policies. One market is offsetting the cost of their risk management offerings by adding new fees to their policy. The fees range from $250 to $2,500, depending on the size of the insured and their associated premium. Conversely, another market is doing away with fees. As Cyber insurers continue to expand risk management offerings, it will be interesting to see how these offerings are financed.

Employee Training

We can't emphasize enough the importance of training employees to recognize fund transfer scams. Just last week, an insured received an email requesting what they thought was a change in payment instructions from a fellow employee, appearing to come from their internal accounting department. Moments later, that same "employee" sent another internal email claiming they had called the requestor and validated the authenticity of the request, with instructions to process immediately. Seeing these message as reasonable evidence of check and balance, the employee sent the funds, learning later that both emails were from a fraudster, and the money was diverted to a criminal's bank account. Criminals are increasingly learning their victims' protocols to prevent fraud and are developing ways to circumvent them.

Cryptocurrency

A hacker gained unauthorized access to an insured's network and obtained passwords for the CEO's cryptocurrency wallet, stealing $70,000. Some policies address this exposure, but many do not.

Business Interruption

A legacy top-tier insurer for auto dealers recently amended their dependent business interruption (BI) waiting period to 24 hours on all accounts after a recent SaaS provider ransomware attack. Conversely, a newer specialty entrant is offering full policy limits for dependent BI, with an eight-hour waiting period. This example illustrates the current dichotomy that often exists among players in the Cyber insurance market.

Healthcare Breach Fallout

As claims related to the February 2024 ransomware attack on a medical billing software vendor continue to develop, we're hearing differing interpretations among carriers about the description of services that the vendor provided to its healthcare provider customers. Dependent/contingent BI insuring agreements in Cyber insurance policies address coverage via defined terms such as "service provider" or "outsourced provider," while some assign meaning within the definition of "computer system." These nuances become important as carriers interpret the work that this vendor provided, delineating between clearinghouse claims services and more literal IT services such as cloud hosting and processing digital assets.

AI and the Continued Impact on Communications and Claims

Switching gears from the very real to the very fake, in our 2024 Q2 Cyber Market Update, we warned of the anticipated use of generative artificial intelligence (AI) in attempts to influence outcomes of the 2024 US elections. We're seeing this play out in various ways.

• Within mere minutes of the attempted assassination of Donald Trump on July 13, deepfake videos appeared depicting Secret Service agents smiling as they protected the former president, insinuating satisfaction with things "going as planned," and memes circulating on X (formerly Twitter) showing President Biden holding an assault rifle as if he had been the one pulling the trigger.
• As the English National Football team slugged their way towards the 2024 Euro finals, in what many believed to be an unimpressive fashion, deepfake videos of then-manager Gareth Southgate saying highly controversial things about his players were widely distributed on Instagram and other social media platforms.
• From manipulated videos of the President and Vice President making statements they never made, to AI-generated photos falsely depicting former President Trump in compromising situations, to the use of synthetic speech in attempts to incite financial instability in the US economy, these new technologies are being widely used for nefarious purposes both inside and outside of politics. More recently, X (formerly Twitter) CEO Elon Musk has caught heat for his reposting of a deepfake campaign ad depicting Vice President Kamala Harris saying things as the new Democratic nominee for president that she didn't say.

Whether politics or business, it's clear to see the impact of these technologies on both reputations and finances. While fraudulent payment claims on Cyber insurance policies represent the highest frequency, we can expect the use of AI to exacerbate this trend. As threat actors employ new methods to make their schemes more believable, the importance of old-fashioned human intervention, due diligence and employee training becomes even more important.