With an increasing number of employees working from home, there has also been an alarming increase in personal and professional cybercrime exposure. At the September 2020 AAIS Pulse, AAIS Personal Lines Product Manager Linda Jancik hosted a panel of cyber-focused leaders, including CyberScout’s Eric Warbasse and Berkley Re Solutions’ Jeff Cron and Chris Ellis to discuss the rise of cyber threats, future predictions, and how carriers can protect their customers from emerging digital exposures.
With the sudden shift from working in-office to working from home as a result of the COVID-19 pandemic, cyber risk has significantly changed in volume. According to Mr. Cron, we’re all online more, seeing content, and clicking links to different articles, videos, and other forms of media. While the actual risk hasn’t changed, volume has magnified on both ends, Cron says, with the combination of more scams and more screen time. To combat this increased volume of risk, users need to be extra careful and think twice before clicking on links. This is especially important for employees working from home on personal computers. Personal computers already have less security and protections than company devices, so one wrong click could become a cyber crisis for a user’s employer.
When it comes to cyber risks, many people live with the mindset that “It’ll never happen to me” and that “cyber threats only impact the elderly,” but according to Mr. Cron, this couldn’t be more wrong. While, research shows that people over 60 lose the most money to cybercrime, the second most victimized group are people aged 30-39, followed by those aged 40-49, and then people aged 50-59. While older folks typically have more money to lose and less concern about financial implications, scammers don’t care about age, only about how much money you have and how quickly they can get it. “No one is immune. Fraud risk doesn’t discriminate,” Cron says.
With advancements in technology come advancements in risk, but traditional digital risks like computer viruses have gone away. According to Mr. Ellis, computer viruses are still a major concern, with bad actors using smaller nets to trap victims. In Mr. Ellis’ view, software have learned more learning from experience how to take care of security patches and increased awareness from users…but there’s still work to be done as hackers also change their tactics.
Another risk that isn’t going away any time soon is cyber theft. According to Mr. Cron, individuals and businesses are facing emerging and common cyber threats. Ransomware, for example, continues to be problematic for individuals and businesses, and while we may not hear about it in the news very often, the cost of ransomware is increasing for individuals over 40.
Bad actors are becoming more sophisticated in their techniques and have begun to tailor scams to individuals. Social engineering is becoming increasingly costly, at an average loss of $18,000 per scam. Cyber bullying persists as a problematic cyber threat, impacting teens at increasingly alarming rates. With the increase in social platforms and the ways in which teens communicate online, it is only becoming harder for parents to stay on top of their kids’ online social behavior. According to Mr. Cron, Berkley Re carriers and partners have emphasized the importance of coverage offering both traditional financial protections and education and proactive services.
The insurance industry has numerous responsibilities in respect to identity theft and cyber risks. According to Mr. Cron, the industry needs to remain current with risks and provide meaningful protections behind them. Mr. Ellis, agreed, adding that it is the industry’s job to understand what risks are and to try to help the insured solve them, whether it be risk management or the insurance coverage or the education. Mr. Ellis added, however, that the industry needs to improve collaboration between carriers and reinsurers, as reinsurers can help streamline the process of moving product into the marketplace. Mr. Warbasse highlighted the essential need for carriers to be forthright with coverages and services available. This means that carriers must ensure policyholders, or insureds, are aware of what coverages and services they have available to them, whether reimbursement of theft losses, having their credit restored, or simply help recovering photos from a malware infested computer.
In the long-term Mr. Warbasse and Mr. Ellis see numerous evolving threats the industry will be forced to confront. Mr. Ellis said he sees the Internet of Things, or IoT, as being an emerging threat, as Internet-connected devices become more and more popular in the home. Mr. Warbasse noted that artificial intelligence (AI), machine learning spear phishing attacks, fake email attacks that are specifically crafted to appear to an individual victim and deep fake technology as the greatest consumer threats. Deep fake technology takes existing audio, images and videos and “replaces them with someone else’s likeliness and creates entirely new vectors of an attack,” according to Warbasse. For example, with deep fake technology, bad agents are able to make videos of politicians saying things they never actually said. This technology is dangerous and can be used in a multitude of different ways, targeting anyone caught on camera or audio.
2020 and the COVID-19 pandemic have brought countless new challenges to cyber insurers. As technology continues to advance and threats continue to emerge, it’s up to the insurance industry to stay on top of these issues and ensure insureds know they’re protected.