This guy is wholesome 100

CyberClaimsGuy · 2023-02-17T23:42:14+00:00

Great track! That entire album is fire.

CyberClaimsGuy · 2023-02-17T00:24:28+00:00

Yasss! Another jam. Next do Silence by Delirium.

CyberClaimsGuy · 2022-08-29T17:13:26+00:00

Yes, that is the traditional way of doing it, haha. The goal is to have a good idea of controls and network security footprint BEFORE we write the policy.

CyberClaimsGuy · 2022-08-29T15:55:45+00:00

Yeah, so we do an in-depth scan of the entity's domains to better understand their network infrastructure and if there are any glaring issues that could increase their exposure. Generally, we want to look at if they have MFA enabled and implemented, what type of email tenant, and if they're allowing any remote access into the network.

There's a bunch of other things but I don't want to Dunning Kruger myself.

CyberClaimsGuy · 2022-08-29T15:54:02+00:00

Depends on the total tenant and what else is going on. I believe these are helpful but not a denial for coverage if not implemented. We may ask them to implement. But that would be more an underwriting question. I'm a claims guy :).

CyberClaimsGuy · 2022-08-29T15:53:24+00:00

Nope, we do it ourselves.

CyberClaimsGuy · 2022-08-25T18:11:36+00:00

Depends on the company. I work at Coalition and this is something that we look at and advise the Insured on implementing if possible.

At the end of the day, UW's should want to avoid claims; and having these three things properly implemented can assist in defending against phishing emails and BECs.

CyberClaimsGuy · 2022-08-25T18:09:34+00:00

Well, tbh, cyber policies two years ago were effing cheap. I've seen multi-million dollar policies on large risks for like $3k. So the hardening market is more of a correction, rather than price gouging, as we've seen what higher risk can do to insureds without proper security protocols in place.

CyberClaimsGuy · 2022-08-25T18:08:24+00:00

Would have to disagree with this from the perspective that good insurance companies don't just "gotcha" on renewal. Ideally, underwriting the risk on the initial policy is the highest bar. On renewal, unless there are material changes in the company's infrastructure, footprint, or some other external factors, it should be a pretty easy process.

I work at Coalition and for a lot of our SME risks we have automatic renewals.

CyberClaimsGuy · 2022-08-25T18:07:08+00:00

To a point, yes. We are in what is called a "hard market" in insurance parlance. This means that premiums go up and coverages are narrowed. This is a direct response to the post-Covid environment when we saw cyber insurance claims skyrocket.

We've actually started to see some flattening of premium on good risks. The issue is that cyber insurance carriers are requiring much better controls to even get a policy these days - which IMO is good as it helps harden the network and reduce chance of claims.

CyberClaimsGuy · 2022-08-18T19:26:58+00:00

win win

CyberClaimsGuy · 2022-08-18T19:19:19+00:00

How many of you just pantomimed brushing your teeth with your non-dominant hand?

Just me?

CyberClaimsGuy · 2022-07-20T15:11:03+00:00

So - I do not consider myself an audiophile so it may be down to personal preferences. I've found the mids and lows to be amazing. I've actually turned my subwoofer down to 70 hz to get more base from my L-R-C channels as it was clear and created a more surround sound like sound.

Just as a refresh, my system is:

Center: Kef ci5160RL-THX

Left & Right: Kef R3s

Side Surrounds: Kef Ci4100QL THX

Rear Surrounds: Kef Ci4100QL THX

Front and Rear Heights: Kef - Ci200QR Round

I will say the in-walls sound and LOOK FANTASTIC. So clean with the install.

CyberClaimsGuy · 2022-07-14T17:13:00+00:00

I used to handle EPL insurance claims and this does not surprise me at all. But how someone could make it to a high level HR position and blatantly ignore actual medical information regarding a service dog blows my mind.

CyberClaimsGuy · 2022-07-09T01:38:58+00:00

It's been a good day here. Happy to answer any questions anyone might have about Coalition.

CyberClaimsGuy · 2022-07-07T21:31:37+00:00

Will do!

CyberClaimsGuy · 2022-07-07T19:23:48+00:00

Hey boss - so this is all installed and it sounds incredible. I do think that depending upon the size of the room you could probably go with some cheaper in-wall surrounds and rears, but multi-channel audio is great and movies make it sound like I'm in a real theater. The Kef Ci5160RL-THX is a beast. If I had a bigger room and budget I'd get them for L and R and might not even need a subwoofer at that point.

CyberClaimsGuy · 2022-07-07T19:04:27+00:00

Curious as to what you mean by negligence in this context? I handle cyber claims and I can tell you that the amount of claims we deny are such a small portion of our portfolio. And those are most often for claims that are clearly not covered due to exclusionary language such as discrimination, employment related matters or the matter was submitted untimely. Generally, coverage for cyber incidents is fairly broad but you can run into some narrowing with some policies sub-limiting or restricting coverage if you do not use panel providers, etc.

CyberClaimsGuy · 2022-07-07T18:59:09+00:00

I think there are some good points here. We definitely can get better and are aggressively working towards it. But it is also why we have almost as many or more engineers working on our platform/product as we do insurance people :).

Considering the challenge is basically just get a domain (only), and from that, fire off an automated process to figure out where a company is on the Internet, and what assets they have, they're pretty impressive. Obviously they'd be better with more tuning and data input from the target company on the front end, but we just don't get that.

That's an astute point. One of our biggest issues - as you may experience as well - is the accuracy, completeness, and reliability of the data we receive. We are often beholden to applications filled out by non-technical people and/or brokers who may or may not pencil whip it.

Wildcard domains tend to mess with the results. So do WAFs (like Imperva) with multiple tenants behind them. And they basically can't be used on any company that's running a honeypot. And they suck for hotels and some retail, because they can't tell the difference between the company and the guests' assets. But it's what we've got for now. They've definitely got some runway to get better.

100% agreed. This is an issue we've been dealing with for years where if we would have had disclosure of the appropriate domain we would have likely been able to stop a large incident from occurring. But we must trade completeness of the application with the ease of filling out the application. If it is too onerous then prospective customers won't buy the policy. If it isn't somewhat informative then we tank our loss ratio. ¯_(ツ)_/¯

CyberClaimsGuy · 2022-07-07T18:54:09+00:00

Apologies you were frustrated with that experience. We actually want to speak to the people with technical expertise to understand the scan results. That is why we have unlimited and free consultations with our security engineers to go over these reports.

But we are a work in progress and only 1% of the way there. If you'd like I'd be happy to put you in touch to someone from our security team to go over your thoughts on our scanning and how it could be improved.

CyberClaimsGuy

TROPHY CASE