Though most people have a rough grasp of cybersecurity and know not to click on the link sent in a dodgy email, concepts like ransomware, remote access and the dark web are still relatively alien to most individuals - a collection of scary words that belong with intelligence services, not with your average business.
Insurers have been giving their cybersecurity policies more and more attention over the last few years, but, according to forensic technology expert and Incident Response Solutions director Campbell McKenzie, they still have some work to do to.
McKenzie previously led the forensic technology team at PwC for 12 years, and also worked at the Electronic Crime Lab with the New Zealand Police. He now works with insurance companies, lawyers and brokers, providing forensic assistance in cyber-related insurance claims.
“My father was a detective in the New Zealand Police, so I have always been interested in crime fighting,” McKenzie told Insurance Business.
“I initially worked in a general IT role, and tasks I enjoyed the most included recovering lost data and conducting employment investigations. I decided to join the police in 2002 when they founded the Electronic Crime Lab.”
“During my 12 years with PwC, the role developed into a combination between forensic and cybersecurity, as clients not only wanted me to respond to an incident, but also make improvements to their security posture to minimise the risk of future attacks,” he explained. “I am now an expert witness, specialising in forensic technology matters and cybersecurity - we assist by obtaining the facts on what has occurred, and relay this back to the insurance company and their agents.”
McKenzie says the most vital stages of dealing with an event are containment and eradication, which gets the insured back on to their feet and helps minimise any further loss. He says insurers have been quick to catch on to and move with the rapidly rising risks, but that, ultimately, insurers are not cyber experts. As one risk is managed another five may emerge, and more can always be done to give insureds the best possible protection.
“We know, for example, that password breaches have occurred en masse, and the credentials are available for sale on the dark web,” McKenzie explained. “Given the mass migration to the cloud, data that was once only accessible from within the security of four physical walls is now global, and only a simple and possibly breached login away. Combine that with insecure remote access tools, and the situation only worsens.
“The insurance industry should be doing several things: firstly, ensure their pre-insurance questions are robust, and evidence is gathered to confirm compliance. Things change, so this should be repeated regularly.
“Secondly, they should conduct reviews of the insured’s systems when a breach has occurred but the source has not been identified, as this will help prevent recurrences.
“Finally, they should upskill themselves on cyber matters and ensure they keep their own systems in good cyber hygiene,” he concluded. “There are plenty of resources available to help them learn more.”