Digital dangers, and how to defeat them
THE ARTICLES ON THESE PAGES ARE PRODUCED BY BUSINESS REPORTER, WHICH TAKES SOLE RESPONSIBILITY FOR THE CONTENTS
EmergIn Risk is a Business Reporter client
Every business has become reliant on digital interactions to keep the wheels turning, but systems go down. The cause may be criminal activities, or something more mundane: a lost laptop, a coding error or a vendor’s disruption, for example. Business may then halt, with lost revenue measured per minute. As digital interactions increase, businesses and institutions are increasingly exposed to the world’s evolving technologies. Each new business process broadens the threat of disruption and therefore is a potential source of loss. Assessment of probable disruptions and calculation of their potential financial impacts are essential. Risk management and insurance are imperative.
Every firm is different
Every organisation’s digital footprint is different, so some may benefit from tailored insurance solutions. To advise on what insurance solutions are available, a comprehensive analysis may be beneficial. At EmergIn Risk, we begin with a focus on the sector, as companies within that sector tend to have a broadly similar technological profile. Next, extensive consultation with our clients helps us understand their individual networks and workflows within their sector, overarching operational technologies, logistics and the architecture of industrial control systems. We focus intently on external connections to build up a personalised picture of our client.
Loss scenarios
Once we thoroughly understand how an organisation uses technologies, where its systems investments are made, and what vulnerabilities could lead to disruptions, we consider various realistic loss scenarios and their potential impacts. Among many others, these could include:
- A ransom event at the operational level which corrupts core systems, halts orders and accounting functions and denies access to critical information
- An accidental disruption arising from an IT failure that halts production
- A raw material supply stoppage caused by a third-party disruption interrupting production once existing inventory is exhausted
- A failure of first- or third-party delivery systems causing delayed shipments and warehousing stresses
We work to identify each client’s exposures, and then calculate the ultimate possible cost for those which cannot be averted. That understanding allows us to design and price appropriate cyber-insurance protection intended to respond to any identified disruption, and even to others which may be unidentified.
EmergIn is primarily an excess insurance underwriter. We collaborate with primary insurers to provide solutions for each client to meet their specific needs. A range of cyber-threats could lead to losses of a magnitude that requires higher levels of coverage. To name just a few:
- Many production-focused firms have suffered very large losses after only an hour’s interruption. This especially applies to clients who are conducting high-volume trading, such as stock exchanges
- In cases of cyber-extortion arising from ransomware, criminals frequently demand payments in the millions of dollars to restore systems and allow operations to resume. For example, a large US P&C insurance carrier paid a ransomware group $40 million for the release of its systems and data that the hackers had exfiltrated
- Service-oriented retail and hospitality firms regularly suffer large revenue losses when they are unable to meet customer demand for 24 hours because of a systems failure. In late 2018, a large hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. This hack caused huge reputational damage, loss of clients, and accrued multimillion-dollar losses through notifications, business interruption and ICO fines
- Business-to-business suppliers may lose contracts valued at orders of magnitude more than actual contracts due to loss of reputation following a cyber-disruption. Recent attacks on US oil and gas infrastructure will have damaged their clients’ confidence and, as a result could have resulted in a loss of business contracts
The cyber-threat landscape is in constant flux and develops at a precipitous pace. So too does the insurance protection, which insurers are willing to offer in support of their clients. At EmergIn, we seek to understand each client’s unique cyber-risk profile, mitigate and manage that risk where possible, and provide insurance solutions for severe residual risks.
EmergIn’s understanding of the entire process provides us with added insight into the large losses that could impact specific firms. For this reason, complex technology-dependent businesses may not be well-served by automated insurance platforms for bespoke cyber-risks. For the work it does, EmergIn believes that technology is an enhancement, but not a substitute for an analytical underwriting process founded on understanding.
Organisations continue to evolve rapidly, and digital interactions multiply and become increasingly embedded in every business interaction. The number of ways that systems may fail and the multifarious ways in which criminals may exploit them is changing at an equally breakneck speed. To keep pace, the cyber-insurance industry is moving just as fast. As our clients invest in the latest technologies, we at EmergIn work tirelessly to understand how those investments introduce vulnerabilities, and to create coverage that helps meets new technological risk profiles head-on.
Learn more about EmergIn Risk’s innovative, enterprise-wide solutions at EmerginRisk.com
EmergIn Risk’s operations are conducted through several legal entities, the choice of which depends on where the entities are authorised to operate. In the UK, EmergIn Risk is a tradename of Ryan Specialty International Limited, authorised and regulated by the Financial Conduct Authority (FRN 733324). Company number 07164987. In the EEA, EmergIn Risk Europe is a tradename of Ryan Specialty Nordics AB (Ryan Specialty Nordics), authorised by the Swedish Financial Services Authority. Org nr 556741-6572. In the US, EmergIn Risk’s operations are conducted by EmergIn Risk, a series of RSG Underwriting Managers, LLC, a Delaware limited liability company (Ryan Specialty Underwriting Managers). Ryan Specialty International, Ryan Specialty Nordics and Ryan Specialty Underwriting Managers are subsidiaries of Ryan Specialty, LLC. EmergIn Risk works directly with brokers, agents and insurance carriers, and as such does not solicit insurance from the public. Some products may only be available in certain jurisdictions, and some products may only be available in the US from surplus lines insurers. In California: RSG Insurance Services, LLC (License #0E50879). ©2022 Ryan Specialty, LLC (NYSE: RYAN)
Originally published on Business Reporter