Episode 6

The Rise of Cyber Risks

What cyberthreats are businesses facing, and how can insurance help?

Joshua Motta, CEO and co-founder of Coalition, an insurance and cybersecurity firm, says today’s cybercriminals are more collaborative and creative than ever. Hackers’ techniques and motivations are wide-ranging – and small and medium-sized businesses are especially at risk today.

On this episode of The Future of Insurance podcast, Motta joins Simon White, senior vice president, group head of cyber at Argo Group, for a conversation about the increasing frequency and severity of cyberattacks – and how a combination of technology and risk transfer can provide the best defense.

Narrator: Welcome to The Future of Insurance, the podcast that looks at technology, innovation and the evolution of the insurance industry. The Future of Insurance is presented by Argo Group, a specialty insurance company that helps businesses stay in business.

Gordon Bass: I think it’s safe to say that almost everybody has been affected by cybercrime, and that could be a data breach at your business or simply getting an email from your credit card company saying that your data has been compromised. So, today we want to talk about how the insurance industry is responding. Simon White is senior vice president and group head of cyber at Argo Group. And Joshua Motta is CEO and co-founder of Coalition, a new company that provides cyber coverage and security for small to mid-size companies.

Simon, I’m going to start with you. It seems like cyberattacks are increasing in frequency and severity. Why is that?

Simon White: The primary motivation for the majority of the attacks is financial gain. Some cybercriminals are looking for either an immediate or an indirect financial gain, either through a corporate entity or through individuals. And, you know, some of it is also egotistical as well. So, not necessarily looking for financial gain but looking for internal recognition within their hacking peer groups. So, there’s all sorts of interesting aspects to why the severity and frequency’s increasing. And you look at things like the internet of things in the increased connectivity amongst various networks and individual software and pieces of hardware. So, it’s an interesting dynamic.

Gordon Bass: What are hackers looking for? Are they looking for money? Are they looking for data? And if so, if they’re looking for data, what are they using it for?

Simon White: I mean traditionally, in order to get some kind of financial gain, what’s the easiest way to do that? Data. That’s tended to be the way that they can either manipulate a network to obtain, whether it be credit card information, medical records, whether it be benefit information. There’s all sorts of dynamics that are in play here, in order for them to take that information and manipulate it in a way that they can get some kind of financial gain out of the end user.

Gordon Bass: So you joined Argo last year. What’s been your focus as the group head of cyber?

Simon White: It’s a number of things. Obviously, we want to grow the cyber book. At the moment, within the U.S., it’s a two-and-a-half-billion-dollar industry; that’s the estimation. And in 2025, that number’s gonna increase to 20 billion. So, we want to be part of the mix. We want to do it in a very disciplined manner, and really look for niches within the marketplace. That’s, kind of, one of the reasons why we wanted to partner with Coalition and Joshua’s team, because they really have an innovative way of approaching risk. I think it’s a great partnership. I’m really looking forward to it.

Gordon Bass: Joshua, Coalition focuses on small and medium businesses. So, first of all, why those specific segments, and why not the bigger companies, and what makes you different?

Joshua Motta: So, when you think about small and medium businesses, they’re among the most susceptible and among the most targeted group of businesses. That’s really because there are two types of targets: there are targets of choice, and there are targets of opportunity. Very rarely is a smaller/mid-size business a target of choice. More frequently, they are a target of opportunity. By that, I mean, if you take the hammer-and-nail analogy, small businesses often have a significant number of vulnerabilities, right? They simply aren’t investing, or don’t have as deep of an expertise, in managing the new technological risk exposures they’re taking on. As a result, the criminals, who have the hammers, if you will, the exploits are able to take advantage of those vulnerabilities, the nails. And they’re scanning the internet and routinely looking for vulnerabilities that smaller/mid-size businesses have and using those for criminal gain.

That’s why no matter what industry you’re in, no matter what size company, this risk exposure really is pervasive. It affects all companies, and one bad decision can make you a target of opportunity. If small businesses and mid-size businesses do not adopt to technology, they die. Right? The competitive advantages are so large that they’re being forced to do so to remain competitive. On the other hand, by adopting new technology, they now have, all [of a] sudden, new risk exposures.

New data, new infrastructure, if they don’t manage those properly, they can die as well. So the cost can absolutely be severe. But talking about the individual exposures, this can be anything from phishing attacks, it can be social engineering to convince a controller or CFO to wire funds, or wire fraud, if you will. It can be debilitating ransomware attacks, where all the company’s data and computer systems are encrypted and locked away.

And again, the cost to respond can be, in some cases, relatively mundane, particularly for a small business. But, on the other hand, they can be very severe. Particularly in this sector, small businesses are not as resilient; they’re not as prepared to have an unforeseen expense that very often [can be in the] hundreds of thousands, if not millions, of dollars, depending on what the scale of the attack is. That’s why insurance is such a critical piece of the solution in this part of the market.

Gordon Bass: You said, the last time we spoke, that the traditional approach to cybersecurity is broken. What do you mean by that?

Joshua Motta: When I say that cybersecurity is broken, I mean that the existing approach, treating it as a technology problem, is broken. Companies that do that are implicitly accepting quite a bit of risk because, at the end of the day, a company has three choices: they can accept the risk; they can mitigate the risk, in which case technology does play a role; or they can transfer it, which is really where insurance comes in.

So again, going back to cybersecurity being broken, we’re advocates of small/mid-size businesses thinking of this really as a risk management problem. In helping advise them on how they can use technology to mitigate their risk, while providing them with a transfer solution in the form of a comprehensive insurance policy.

Gordon Bass: Simon, tell me a bit more about Argo and Coalition and how you’re working together and how what Coalition offers complements what Argo is doing.

Simon White: Traditionally, the way we built our book of business on the cyber side was to really focus on large, national accounts and participating on large towers of insurance.

We, as in Argo Pro, here in the U.S., started writing some SME business two or three years ago, and we’ve had some modest success in terms of building our book.

But, what we’re really interested in really kind of goes to what Argo Pro is all about, in terms of looking at IT and a digital platform to look at technologies, in terms of growing our capabilities. And these are things that Coalition had in abundance.

Gordon Bass: Simon, when you look ahead, what do you see as emerging risks? What’s changing, and what’s new on the landscape?

Simon White: Yeah, I mean, a kind of a big ticket item, and we saw this in 2017, is the real advent of ransomware as an attack vector. So, everybody heard about WannaCry and NotPetya. I think we’re gonna see an uptick in those kind of threat environments going forward. And that’s really married with the internet of things and the increasing connectivity between insureds, and between networks and platforms. It just gives the hacking community, for example, much more scope to be disruptive in terms of looking at ways of extracting data or interrupting business.

Coupled with that, and this is something we’ve seen in the marketplace over the past six to nine months, historically, cyber insurance products really focused on the data loss piece. Now we’re looking at this as a business interruption and bodily injury, property damages as a result of the cyber hack.

So, they were traditionally exposures that may have been encompassed within a property or casualty policy form, but there was all sorts of exclusionary language within those policy forms that meant insureds were often going without any coverage at all from those fiscal aspects of a cyber loss.

Gordon Bass: Joshua, is there anything that you’re thinking about or that’s keeping you up at night as you think about the evolving cyber risk landscape?

Joshua Motta: Absolutely, I mean, I think there is. Simon mentioned there is a growing realization that cyber risk encompasses literally the entire spectrum of known risk, right? Not only can it result in data loss or business interruption, supply-chain interruption, so on, it can actually result in physical property damage, bodily injury, even pollution.

On the actual threat front, I think what has been under-reported and what we’re seeing is an increasing efficiency and collaboration in the criminal marketplace. There are now websites where, as a criminal, you can purchase access to a particular machine of a user, down to the amount of bandwidth they have and what state they’re located, what their profession is, for the purposes of launching a cyberattack.

By that, I mean there is an increasing coordination among cybercriminals, where those hackers who are great on getting remote access to someone’s machine can now sell it to another criminal who’s looking to launch a ransomware attack, and these marketplaces are flourishing.

Gordon Bass: So, you’re saying that while we’re sitting here talking, someone could theoretically get access to my machine and use it to launch a ransomware attack, or something like that?

Joshua Motta: So, I’ll give you a tangible example. We’ve witnessed a specific instance related to a certified professional accountant. In this case, there’s been one individual, one criminal actor, who has gained remote access to an accountant’s machine and is then able to sell access to that machine to another criminal actor who may wish to use that access to either launch some sort of ransomware campaign against that accountant’s customers to commit tax fraud or commit any other number of crimes. You know, what we’re witnessing is really an incredible division of labor in the criminal marketplace, where they are cooperating and actively facilitating crime, and this is affecting everyone.

Gordon Bass: Well it’s an absolutely fascinating topic, and it’s really incredible to hear what you’re both doing and what your companies are doing, separately and together, to help protect small and medium businesses and help them stay in business. Simon and Joshua, thanks so much for taking time to talk today.

Joshua Motta: Thank you for having us.

Simon White: Thank you.

Narrator: You’ve been listening to The Future of Insurance from Argo Group. To learn more go to argolimited.com.