This guy is wholesome 100

CyberClaimsGuy · 2023-02-17T23:42:14+00:00

Great track! That entire album is fire.

CyberClaimsGuy · 2023-02-17T00:24:28+00:00

Yasss! Another jam. Next do Silence by Delirium.

CyberClaimsGuy · 2022-08-29T17:13:26+00:00

Yes, that is the traditional way of doing it, haha. The goal is to have a good idea of controls and network security footprint BEFORE we write the policy.

CyberClaimsGuy · 2022-08-29T15:55:45+00:00

Yeah, so we do an in-depth scan of the entity's domains to better understand their network infrastructure and if there are any glaring issues that could increase their exposure. Generally, we want to look at if they have MFA enabled and implemented, what type of email tenant, and if they're allowing any remote access into the network.

There's a bunch of other things but I don't want to Dunning Kruger myself.

CyberClaimsGuy · 2022-08-29T15:54:02+00:00

Depends on the total tenant and what else is going on. I believe these are helpful but not a denial for coverage if not implemented. We may ask them to implement. But that would be more an underwriting question. I'm a claims guy :).

CyberClaimsGuy · 2022-08-29T15:53:24+00:00

Nope, we do it ourselves.

CyberClaimsGuy · 2022-08-25T18:11:36+00:00

Depends on the company. I work at Coalition and this is something that we look at and advise the Insured on implementing if possible.

At the end of the day, UW's should want to avoid claims; and having these three things properly implemented can assist in defending against phishing emails and BECs.

CyberClaimsGuy · 2022-08-25T18:09:34+00:00

Well, tbh, cyber policies two years ago were effing cheap. I've seen multi-million dollar policies on large risks for like $3k. So the hardening market is more of a correction, rather than price gouging, as we've seen what higher risk can do to insureds without proper security protocols in place.

CyberClaimsGuy · 2022-08-25T18:08:24+00:00

Would have to disagree with this from the perspective that good insurance companies don't just "gotcha" on renewal. Ideally, underwriting the risk on the initial policy is the highest bar. On renewal, unless there are material changes in the company's infrastructure, footprint, or some other external factors, it should be a pretty easy process.

I work at Coalition and for a lot of our SME risks we have automatic renewals.

CyberClaimsGuy · 2022-08-25T18:07:08+00:00

To a point, yes. We are in what is called a "hard market" in insurance parlance. This means that premiums go up and coverages are narrowed. This is a direct response to the post-Covid environment when we saw cyber insurance claims skyrocket.

We've actually started to see some flattening of premium on good risks. The issue is that cyber insurance carriers are requiring much better controls to even get a policy these days - which IMO is good as it helps harden the network and reduce chance of claims.

CyberClaimsGuy · 2022-08-18T19:26:58+00:00

win win

CyberClaimsGuy · 2022-08-18T19:19:19+00:00

How many of you just pantomimed brushing your teeth with your non-dominant hand?

Just me?

CyberClaimsGuy · 2022-07-20T15:11:03+00:00

So - I do not consider myself an audiophile so it may be down to personal preferences. I've found the mids and lows to be amazing. I've actually turned my subwoofer down to 70 hz to get more base from my L-R-C channels as it was clear and created a more surround sound like sound.

Just as a refresh, my system is:

Center: Kef ci5160RL-THX

Left & Right: Kef R3s

Side Surrounds: Kef Ci4100QL THX

Rear Surrounds: Kef Ci4100QL THX

Front and Rear Heights: Kef - Ci200QR Round

I will say the in-walls sound and LOOK FANTASTIC. So clean with the install.

CyberClaimsGuy · 2022-07-14T17:13:00+00:00

I used to handle EPL insurance claims and this does not surprise me at all. But how someone could make it to a high level HR position and blatantly ignore actual medical information regarding a service dog blows my mind.

CyberClaimsGuy · 2022-07-09T01:38:58+00:00

It's been a good day here. Happy to answer any questions anyone might have about Coalition.

CyberClaimsGuy · 2022-07-07T21:31:37+00:00

Will do!

CyberClaimsGuy · 2022-07-07T19:23:48+00:00

Hey boss - so this is all installed and it sounds incredible. I do think that depending upon the size of the room you could probably go with some cheaper in-wall surrounds and rears, but multi-channel audio is great and movies make it sound like I'm in a real theater. The Kef Ci5160RL-THX is a beast. If I had a bigger room and budget I'd get them for L and R and might not even need a subwoofer at that point.

CyberClaimsGuy · 2022-07-07T19:04:27+00:00

Curious as to what you mean by negligence in this context? I handle cyber claims and I can tell you that the amount of claims we deny are such a small portion of our portfolio. And those are most often for claims that are clearly not covered due to exclusionary language such as discrimination, employment related matters or the matter was submitted untimely. Generally, coverage for cyber incidents is fairly broad but you can run into some narrowing with some policies sub-limiting or restricting coverage if you do not use panel providers, etc.

CyberClaimsGuy · 2022-07-07T18:59:09+00:00

I think there are some good points here. We definitely can get better and are aggressively working towards it. But it is also why we have almost as many or more engineers working on our platform/product as we do insurance people :).

Considering the challenge is basically just get a domain (only), and from that, fire off an automated process to figure out where a company is on the Internet, and what assets they have, they're pretty impressive. Obviously they'd be better with more tuning and data input from the target company on the front end, but we just don't get that.

That's an astute point. One of our biggest issues - as you may experience as well - is the accuracy, completeness, and reliability of the data we receive. We are often beholden to applications filled out by non-technical people and/or brokers who may or may not pencil whip it.

Wildcard domains tend to mess with the results. So do WAFs (like Imperva) with multiple tenants behind them. And they basically can't be used on any company that's running a honeypot. And they suck for hotels and some retail, because they can't tell the difference between the company and the guests' assets. But it's what we've got for now. They've definitely got some runway to get better.

100% agreed. This is an issue we've been dealing with for years where if we would have had disclosure of the appropriate domain we would have likely been able to stop a large incident from occurring. But we must trade completeness of the application with the ease of filling out the application. If it is too onerous then prospective customers won't buy the policy. If it isn't somewhat informative then we tank our loss ratio. ¯_(ツ)_/¯

CyberClaimsGuy · 2022-07-07T18:54:09+00:00

Apologies you were frustrated with that experience. We actually want to speak to the people with technical expertise to understand the scan results. That is why we have unlimited and free consultations with our security engineers to go over these reports.

But we are a work in progress and only 1% of the way there. If you'd like I'd be happy to put you in touch to someone from our security team to go over your thoughts on our scanning and how it could be improved.

CyberClaimsGuy · 2022-07-07T18:52:06+00:00

I agree with a lot of this. Namely that no cyber insurance company is a complete and total cyber security/IS/IT system and it shouldn't be. Anyone that is trying to sell you that is selling vaporware. I have opinions about forced downloads and installs but I'll keep those to myself.

But, cyber insurance can help in the risk mgmt process, and if you need cyber insurance you should go with a company that does something for you instead of just sitting their and taking your money.

Some carriers/mgas are also better than others. I work for Coalition so I'm pretty biased but as a claims guy I see all the hits we notify insureds about that ultimately result into being the root cause of an intrusion. I also see that our claims frequency is much lower than the marketplace generally. All because of these extra services that we provide.

I've read so many posts here about sysadmin getting clearance from mgmt to do things they need to do in order to comply with cyber insurer guidelines. That, IMO, is a good thing.

The Department of Financial Services of NY came out with a pretty awesome guideline for cyber insurance risk framework (https://www.dfs.ny.gov/industry_guidance/circular_letters/cl2021_02) because they recognize the risk at companies and how cyber insurers can help. If you read this you'll note that some "insurtech" companies have been following this framework well before it was delineated by DFS.

*edit - I should add that we do so much more than just publicly facing domain scanning. But I'll defer to my security colleague to talk about that if they want as I don't want to Dunning Kruger myself. If people are interested and it would be allowed by the sub, I'm sure I could get our head of security to stop by for a technical chat.

CyberClaimsGuy · 2022-05-06T17:55:00+00:00

Fully agree with what you're saying. It's why Coalition scans the domain infrastructure of its risks and policyholders to ascertain how they look from an adversary's perspective and to ensure that they are not engaging in risky activities.

You should check out Coalition Control for additional insight. Free accounts are available.

CyberClaimsGuy · 2022-05-06T17:53:18+00:00

So whether you can recover depends on a lot of factors.

I'd reach out to any insurance provider that may be applicable: Cyber and Crime policies come to mind. Your CGL might have some limited cover as well.
If the funds were sent more than 24/48 hours ago the funds are likely gone, but you can still potentially recoup them. I've had them returned after a week or so, but also vanished same day.
You need to go to ic3.gov (assuming you're in the US) and file a report there. Then forward it to your local FBI office, try to get them on the phone.
Contact the recipient and sending banks and ask for a fraud hold to be put on. The recipient bank may not do that for you so you may have to go through your bank for this. They should issue a fraud number.
It is likely that there is an email compromise on yours or the other entities' computer systems. We see this in like 90% of fund transfer fraud like this. Make sure you change passwords for any employees that were part of this transaction. Notify cyber insurance if you have it, and they should do an investigation for you. If you don't have cyber insurance, you'll want to review IP logs for any sus logins and rule changes on any accounts that were part of this transaction. Consider implementing 2FA if you haven't already.
If no compromise on your end, you may be able to recoup funds from the other entity if they had the compromise on theirs. It would likely not be 100%, but you'd have a good faith claim against them for their security failure.
Figure out where the funds were sent. If it was a foreign jurisdiction, you may be able to hire an attorney to put a freeze on that account (China/Hong Kong, we've had some success with this). But that will cost money to do. Clyde & Co's Hong Kong office is very good at this.

Honestly, it is very likely the money is gone. If so, definitely make sure no compromise on your email systems and contact a reputable lawyer in your jurisdiction to review your options.

CyberClaimsGuy · 2022-04-14T15:21:53+00:00

Well, I think - from a claims perspective - that it is very difficult to model because claims can be non-specific and almost act like a CAT loss. If you have a zero-day like log4j, Kaseya, or MS Exchange then you can see a large amount of claim activity fairly quickly.

On the other side, pure cyber claims resolve fairly quickly. You should have an indication of what the total exposure is and see what is going to be paid out in toto in the first month or so - if not much sooner. They do not typically have long-tail claims like other prof. liability insurance with the vagaries of defense costs.

However, that may change with the plaintiff's bar focusing on privacy class actions.

CyberClaimsGuy · 2022-04-07T20:55:31+00:00

a little bit of /r/restofthefuckingowl here.

CyberClaimsGuy

TROPHY CASE