This article was produced in partnership with Tokio Marine HCC - Cyber & Professional Lines Group
Karen Surca of Insurance Business America sat down with Desiree Khoury (pictured), Vice President of Marketing and Business Development with Tokio Marine HCC - Cyber & Professional Lines Group to discuss the ongoing cyber security threat as well as potential ways for businesses to protect themselves against ransomware attacks.
We are living in a data-driven world. With sensitive information stored in the databases of companies around the globe, the potential devastation caused by cyber breaches has never been so clear.
The sophistication of cyberattacks is also increasing. Once thought of as a threat facing only large and public organizations, it has become clear that every company is at risk of being “hacked.”
The insurance implications of the heightened vulnerabilities of business to largescale ransomware attacks form the backbone of the work that Tokio Marine HCC - Cyber & Professional Lines Group devotes itself to. It is also the central theme of a whitepaper presented by Tokio Marine HCC - Cyber & Professional Lines Group entitled “Cyber Security Threats 2021”.
The whitepaper explains that understanding the inherent cyber risk is key. Without the full knowledge of the security risk that ransomware poses, companies will not be able to properly safeguard against ongoing and future cyber security risks.
Educating businesses about the different forms of potential cyberattacks is also paramount. The terms that are used in the cyber insurance sector need to be clearly understood.
Ransomware is a term that is often thrown around in cyber insurance circles, but it is not necessarily understood.
Desiree Khoury, Vice President, Marketing & Business Development with Tokio Marine HCC - Cyber & Professional Lines Group provided a definition to help clear up any ambiguities.
“Ransomware is when a hacker uses malware to gain access to a company’s system or network, access their files, with any associated sensitive information or personally identifiable information and uses protected electronic information as ransom to get money in return,” Khoury explained.
“This gives the hacker leverage to threaten a company because companies are held to a high standard when it comes to customer confidentiality and privacy. There are state laws that indicate and regulate what a company can do with private information,” Khoury outlined.
“If the company is unable to safeguard that information, it could be held liable both from a regulatory perspective and a reputational perspective.”
When the customer trust is broken, as it has been in the past with various high profile ransomware attacks on large US companies, then this can also affect the bottom line for a business.
Having the weapons to effectively fight against cybercrime is a crucial link. Making sure that companies have the systems in place to help protect against such attacks when they may happen is another important element highlighted in Tokio Marine HCC - Cyber & Professional Lines Group’s whitepaper.
“These attackers are definitely getting more brazen in how they are attacking companies and exploit vulnerabilities. Working with your cyber security insurance carrier and employing necessary services or software to minimize exposure is important,” Khoury explained.
Tokio Marine HCC - Cyber & Professional Lines Group is taking steps to help protect its policyholders. One such step is to work with partners including CrowdStrike, Datto or Duo, to ensure that companies have access to vital services.
“Services such as multi-factor authentication, cloud backup service providers, and next generation antivirus software - all of these services help protect our policyholders,” Khoury stated.
Echoing Khoury’s views, Cyber Security Threats 2021 outlines vital steps that companies should be taking to tackle ongoing cyber threats. Each step builds on the one before and forms a security paradigm for companies to follow.
“Companies should understand their cybersecurity posture. This ensures that the company is aware of its vulnerabilities, identifies them, and then acts accordingly.” Khoury elaborated.
“There should be a solid plan, administrative and technical safeguards well as the right insurance coverage,” Khoury added.
Of equal importance is ensuring that organizations of any size have a clear exit strategy that will enable the operations to go back online without losing any valuable data or information after a breach occurs. While preparing, using security controls, and providing reliable exit strategies formulate the main portions of any holistic cyber security plan.
Highlighted within the whitepaper are five commonly held misconceptions that may hold back some companies from finding productive solutions to the ongoing cyber threat.
Top of the list is the belief that “I will know whether my organization has been breached,” Khoury stated.
Not only is this belief misleading, Khoury explained, but it is also potentially slowing down many companies from implementing recommended security measures and looking at different cyber insurance coverage options.
Increased digitalization, further reliance on virtual and online business solutions, and the sheer volume of data that exists guarantees that cyber threats are here to stay.
The only thing left to do is to safeguard against them.
“We will continue to work with the insureds on employing proper protocols and services to minimize their cyber exposure. By doing so, I am certain that we are going to find ourselves in a much better place than where we have been in the past couple of years,” Khoury concluded.
Ms. Khoury is vice president of marketing and business development and leads marketing and business development activities. As head of marketing for the division, she is responsible for advertising, PR, media, and internal/external communications. She was awarded the Elite Women in Insurance Award in 2019 for her energy, technical knowledge and “whatever it takes attitude.” She has been with the company for over a decade.