Tag Archive for: Cyber Insurance

XL Catlin and RedSeal Launch Cyber Insurance Industry’s First Dynamic Measure of Resilience to Gauge Risk, Improve Cybersecurity and Insurance Terms

/by

Collaboration delivers unprecedented, continual insights to help underwriters evaluate cyber risk at policy issuance and during the policy; Companies can use information to improve network resilience and policy terms

 NEW YORK, March 27, 2018 XL Catlin and RedSeal today announced a new, dynamic approach to cyber insurance, which uses an objective measurement of a network’s resilience to help underwriters more thoroughly evaluate their clients’ risks over time, helps clients continue to improve their cybersecurity and potentially improve their insurance terms.

Unlike other cyber insurance risk analyses, which rely on surveys and a general understanding of the network at the time of the initial underwriting, XL Catlin’s approach offers its clients a more accurate, dynamic and helpful service.

RedSeal’s patented network modeling and risk scoring platform creates a network model from the inside out, including physical assets, as well as those in public and private cloud environments. With this insight, RedSeal calculates the Digital Resilience Score, a holistic measure of the network’s resilience, similar to a credit worthiness score. The Score evaluates the client’s network to determine:

  • How weaknesses from incorrectly configured devices and third-party software could impact the network;
  • How accessible a company’s valuable assets are to attackers; and
  • The degree to which the network – including all its devices and their connections – is understood.

More resilient networks deliver higher scores, which means they are potentially lower risks. Once an XL Catlin client installs RedSeal and gets their initial Digital Resilience Score, and again during a mid-term evaluation, XL Catlin will determine if the client’s resilience warrants improved terms.

“We see this collaboration as a win-win for all involved,” said John Coletti, chief underwriting officer, cyber and technology, XL Catlin. “We’re giving our clients the option to create a cycle of continuous improvement in their cyber security efforts. Plus, our underwriters have more in-depth information to evaluate their risk and provide the most appropriate policy terms and pricing – and our customers can use the same information to improve their resilience and lower their risk.”

“The cyber insurance industry is evolving quickly, and technology companies are working to provide useful, data-driven solutions that matter,” said Ray Rothrock, CEO and chairman of RedSeal. “RedSeal’s platform of network modeling and scoring provides unique insights and hard to find issues within digital enterprises for both XL Catlin’s underwriters and their clients, which we expect will benefit both. We’re enabling a new, collaborative era in cyber insurance and cybersecurity.”

For more information on the joint offering from XL Catlin and RedSeal visit www.redseal.net/solutions/cyber-insurance/clients-and-brokers.

About XL Catlin’s Insurance Operations
XL Catlin insurance companies offer property, casualty, professional, financial lines and specialty insurance products globally. Businesses that are moving the world forward choose XL Catlin as their partner. To learn more, visit xlcatlin.com.

About XL Catlin
XL Catlin is the global brand used by XL Group Ltd (NYSE:XL) insurance and reinsurance companies which provide property, casualty, professional and specialty products to industrial, commercial and professional firms, insurance companies and other enterprises throughout the world. Clients look to XL Catlin for answers to their most complex risks and to help move their world forward. To learn more, visit xlcatlin.com.

About RedSeal
RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprises to be resilient to cyber events across public cloud, private cloud and physical network environments. RedSeal helps customers understand their network from the inside out – providing actionable intelligence, situational awareness and a Digital Resilience Score to help enterprises measure and improve their resilience. Government agencies and Global 2000 companies around the world rely on RedSeal to help them validate their overall security posture, accelerate investigation and improve the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California.

Insurance or Assurance

/by

Enterprise Channels MEA – Cyber Sentinels | Feb 4, 2018 | Page 24

Feat. Dr. Mike Lloyd, RedSeal CTO

We all must have heard about the Love bug virus— a cute little love letter, back in 2000, that landed in the inboxes of millions of people and destroyed data with a self-replicating computer worm. Little could be done to meet the aftermath. Well, it was way back in 2000—two decades back when threat awareness or the awareness to cope with it was limited. Earlier, technology companies bought errors and omissions (E&O) insurance that later begin to include coverages for software product creating downtimes, unauthorized access to a client system, data demolition, or a trojan.

Read More

Counting the Cost of Mega Cyber Risk

/by

Computer Business Review | August 10, 2017

It’s clear that corporations want to buy insurance to reduce their exposure to losses from cyber-attacks, and insurers have responded to the need.  However, most buyers are dissatisfied – the coverage amounts are low, and the covered events are too narrow.  From the insurer’s point of view, it had to be this way, due to historic challenges with visibility into cyber risk and liability.

When everyone wants the same kind of policy, the insurer has to think about the systemic risk, and if that systemic risk is poorly understood, each individual policy has to stay small.  Think of everyone in a Medieval town wanting to buy fire insurance at the same time – individually, they all want the same thing, but the insurer can’t take on the combined risk without understanding whether the houses are all in the same town, or made of the same flammable material.

Read Article

SC Media asks the industry: Is cyber attack insurance worth it?

/by

SC Media UK | July 13, 2017

Featuring Dr. Mike Lloyd, RedSeal CTO

UK financial services body the Prudential Regulation Authority (PRA) has issued a warning to insurers regarding the risk of claims for damages arising from cyber-attacks on their customers.

The PRA recommendations include the carrying out of stress testing of their capability to respond to a large number of claims at once – no doubt inspired by the recent WannaCry and notPetya attacks.

Read Article

Data Dearth Hobbles Cyber Insurance Market

/by

The Deloitte Center for Financial Services just issued a report discussing why cyber insurance has yet to take off. “Demystifying cyber insurance” is an excellent summary of the challenges facing the nascent cyber insurance industry. The authors identify a fundamental problem early in the report: a dearth of data creates a vicious circle that limits both underwriters and customers. Briefly, while cyber insurance underwriters have access to external assessments of the cyber threats a customer faces, the customer’s network itself is a black box.

The situation is analogous to underwriting a life insurance policy based only on the neighborhood the customer lives in. Underwriters ask: Does the neighborhood have indoor plumbing and a modern sewer system?  Is garbage disposed of properly?  Is the community suffering from serious communicable diseases? What criminal activity exists?

All this information is relevant and helpful, but the key missing element is a physical exam of the customer to determine his or her current health profile. Is the applicant overweight? A smoker? An active athlete?  Such an exam provides a much more specific (and actionable) assessment of a customer’s health risk to inform life insurance underwriting.

The same applies to cyber insurance. Underwriters need to understand not only cyber threats in the environment, but also the health of a specific network.  Are all parts of the network identified? Are all network devices set up properly?  Are known vulnerabilities reachable for exploitation?

Ideally, this assessment would involve modeling the network and distilling complicated network security risks into an understandable and comparable score, similar to a credit-worthiness score.  Of course, modeling a network requires a customer’s approval, so the approach must be fast, accurate, and cost-effective.

Cyber insurance promises to be a critical element in effective cyber security management.  The “dearth of data” is a significant obstacle to cyber insurance development, but the effective use of network risk scoring will be crucial to break the vicious circle.