The Real Story around Risk Reports

Posted on January 27, 2023 by Marijana Dabic

Risk reports and vulnerability scans can only tell you so much about the level of security across a network. Often having insufficient reach, these overviews can be misleading and result in a far more positive picture than what’s really going on under the hood.

Taking a lead from pioneering pollster George Gallup, who made his name almost 100 years ago by proving that quantity is a distant second to quality when it comes to the value of data.

Gallup surveyed 3,000 people ahead of the 1936 US election. He forecast a win for democrat candidate Franklin D Roosevelt, despite a Literary Digest survey that had canvassed 2.5 million people and predicted a republican landslide.

Gallup was correct and Literary Digest – its credibility shot – was out of business within 18 months.

Data quality

So, how does this relate to cyber insurance? Well, the point is that across the cyber market, vulnerability scans are being given too much weight, first as a measure of an organization’s cyber security, and second as an indicator of their likelihood to have a cyber claim.

Vulnerability scans or risk reports, aim to identify your internet-facing assets and any insecurities they have. Initially, they were used as a means to highlight potential problems and to suggest remedies. This was a good thing. But more recently they’re being used as de facto assessments of a businesses online security rating.

The problem is that these scans or reports produce data that is often limited. For example, they should locate internet-facing servers and identify the software running, but they’re unlikely to pick up all the services, especially those outsourced to third-party cloud providers.

Nor can these scans see inside your network therefore can’t assess the internal safeguards and protocols that may or may not be in place. In short, they’re seeking to provide a definitive assessment of your cyber security credentials on limited data. And that’s not a good basis on which to assess cyber security or to try and predict future attacks.

The good news is that huge strides are being made in the area of threat intelligence, with CFC leading they way, which does offer the ability to prevent attacks and make effective forecasts on likely cyber claim events.

Threat intelligence

While a vulnerability scan provides a survey of an organization’s internet-facing assets, threat intelligence builds up a dynamic picture of the attacks to which your organization is most susceptible.

CFC has established close working relationships with government bodies, law enforcement agencies, private sector organizations and our own proprietary sources. This network gives them access to the online platforms and markets used by criminals to trade data and exchange information.

Their network provides details of companies that have been compromised. It offers information on what’s been stolen and where backdoors have been left open on a system. Is this company on a threat actor’s list? Have their passwords been traded online?

Access to this type of information allows them to be very certain about the likelihood of an organization coming under attack and allows the threat analysis team to be definite about the actions they take to shore up defenses and to keep that system safe.

Cyber criminals are extremely dynamic and continually change both their point and method of attack. Understanding how attacks are evolving and uncovering where they’re likely to be targeted makes it possible to take swift and effective preventative action.

Just as George Gallup discovered in the 1930s, it’s the quality of your data that determines its value. The number of attacks prevented by CFC’s threat intelligence service is beginning to tell its own story on the scale of that value.

Source: www.cfcunderwriting.com

Product Recall Lessons from Big Brands

Posted on December 22, 2022 by Marijana Dabic

Nestlé, Clorox and Unilever all made headlines due to recall incidents. What are some key takeaways for small businesses?

Product recall events can span across a wide range of industries due to errors in processing, contaminated ingredients, faulty machinery or accidental human errors. In the last month alone, we’ve seen no less than three high profile food and beverage and consumer goods recall incidents from leading global brands.

Less than a week ago, Nestlé USA issued a recall on its chocolate chip cookie dough over potential presence of foreign material in the form of soft plastic film within the product. This comes less than a month after a recall of the fudge flavor cookie dough for another foreign body issue.

In the same month, British multinational consumer brand Unilever recalled 19 aerosol dry shampoos from brands including TRESemme, Suave and Dove. This was due to elevated levels of benzene – a chemical that can cause leukemia and blood cancers through skin contact.

Clorox similarly recalled 37 million units of scented surface cleaners and all-purpose cleaners containing bacteria which could pose a risk of infection for people with weakened immune systems. Customers were asked to apply for a reimbursement online.

All manufacturers have product recall exposures, and multinational corporations like Nestlé and Unilever are no strangers to recall incidents. In fact, product recall incidents are more common than not. In Q1 of 2022, the US hit a 10-year record high with over 900 million units of recalled goods across all industries. Studies show both frequency and severity of recalls are on the rise due to the ongoing supply chain issues and cost of living crisis.

It’s important to keep in mind that recall costs – such as the cost of getting the goods off shelves or back from customers – only make up a small percentage of the average loss. When an error or fault is discovered during production, investigations must take place to determine the reason.

Ultimately, recalls of any kind impact cash flow. Smaller businesses often have less financial leverage and are therefore more vulnerable to damage to brand reputation and loss of sales. In many cases, there will also be rectification costs to re-manufacture the products, clean down and repair of the production lines, and re-design the manufacturing process.

They can be one step closer to preventing a crisis by creating recall plans, crisis management plans and conducting mock recalls that are well laid out and frequently tested and ensuring business continuity and balance sheet protection with a product recall policy.

Source: www.cfcunderwriting.com

Avoiding the Underinsurance Surprise

Posted on November 29, 2022 by Marijana Dabic

We thought we’d share an excerpt from an IRMI (International Risk Management Institute) publication in the US on underinsurance. We have noticed the same troubling trend of underinsurance resulting in hefty co-insurance penalties here in Canada.

Author: Ann Rudd Hickman, CPCU, CRIS, ARM, Assistant Vice President, Editorial, IRMI

Over the past 2 years, supply chain disruptions, an ongoing labor shortage, and the war in Ukraine have driven steep increases in the cost of goods and services, including the cost of construction. Last month, we examined the impact of these realities on builders risk insurance, but risk managers must consider the effects of inflation on other coverages as well.

The most obvious question is whether the limits of insurance are still adequate. For property insurance, an estimate of the cost to repair or replace damage to real and personal property is needed to answer this question. Insurance companies have tools for calculating replacement cost, but these are typically only used at renewal and so may not account for inflation during the policy period. For liability insurance, damages incurred by third parties will be equally impacted by inflation; therefore, liability limits should be adjusted to reflect the likelihood of higher awards.

Another potential risk associated with inflation is that coinsurance penalties in a property policy may be triggered. A coinsurance provision reduces the insurance recovery on a claim if the property is not insured to a stated percentage of value at the time of the loss. (The risk of a coinsurance penalty can be eliminated by incorporating an agreed value provision.)

Find more tips for ensuring your policies are protected against the impact of inflation by clicking here.

Intro to FinTech Insurance

Posted on November 1, 2022 by Marijana Dabic

Digital innovation is transforming financial services across the world. New technology and distribution methods are offering customers faster, individually tailored and more accessible financial products.

The insurance industry is on the cusp of a more modernized approach for FinTech businesses. It is now crucial for brokers to advise clients on potential pitfalls in standard insurance policies and source policies tailored to their unique needs.

In the intro you will learn:

What is FinTech?
FinTechs are technology-led financial services companies which provide consumers and businesses with innovative tools and products to manage and control their money, whether it be app-based banking, digital lending, investment platforms, trading platforms or money transfer services.

The need for bespoke insurance
Understanding the unique exposures faced by FinTech businesses as they continue to innovate is key to ensuring the right coverage.

Key exposures for FinTech
FinTech businesses have a unique combination of exposures that don’t fit the typical financial institution (FI). These risks include the ever-evolving regulatory environment, technology failure, cybercrime and more.

Claims examples
A few claims examples involving theft of funds, technology failure, sub-contractor vicarious liability, IP infringement and more.

Click here to request the Intro to FinTech Insurance guide.

Source: www.cfcunderwriting.com

5 Things you Need to Know about NFTs

Posted on September 30, 2022 by Marijana Dabic

Non-fungible tokens (NFT) have taken the digital world by storm in recent years. From Snoop Dogg to high school students, people and their NFTs are making waves.

But what are they? And are they a fad or here to stay? CFC has answered the top 5 questions about NFTs.

What are NFTs?
An NFT is a blockchain held token that at its most simplistic is a certificate of ownership over an original item, typically (but not always) a digital asset, such as artwork, audio, videos or even memes. As digital assets are so easily shared, downloaded or copied this provides ownership to one person for the original. In real art terms think of it like the fact that anyone can own a print of Van Gogh’s, The Starry Night, but there is only one original. The NFT is akin to owning an original digital asset.

By definition, fungible means replaceable or interchangeable, so a non-fungible item is the opposite, meaning it is unique and cannot be replaced by something else. For example, currency (including cryptocurrency) is fungible as you can exchange £1 coin for another and you’ll have the same thing, but an NFT is one of a kind.

Are NFTs and cryptocurrency the same?
No. The confusion usually stems from them both being stored on a blockchain. Cryptocurrency is essentially a coin and operates more like traditional money and is native to a blockchain. NFTs are more like digital deeds and are created on a blockchain. The biggest differentiation between the cryptocurrency or coins is that cryptocurrencies have their own blockchains, whereas NFTs are built on an existing blockchain. So for example on the Ethereum blockchain, the cryptocurrency native to the chain is Ether but the Ethereum blockchain is the most commonly used blockchain for the creation of NFTs.

What is an NFT marketplace?
An NFT marketplace is a platform that allows the buying and selling of NFTs. It’s like any large ecommerce site, but just for NFTs. There are many marketplaces which provide the minting process, which is how an NFT is created and becomes live on a marketplace for sale. Compared to traditional online marketplaces, purchasing fungible assets can be more time consuming and costly. To be a part of the NFT marketplace users are required to have a crypto wallet to store their cryptocurrency after selling an NFT.

Can NFTs be copied?
It’s the token that is the valuable part of the NFT which cannot be copied. However, this does not mean the asset itself cannot. Think of the token as an artist’s signature on a famous painting, while the painting can be copied, it’s the artist’s signature (or token) which makes it authentic.

When did NFTs become so popular?
In 2014 a digital artist minted the first NFT, Quantum. Following this, various other games, and platforms started utilizing NFTs and popularity started to build. But it was 2021 which saw the biggest boom, with the likes of Bored Ape Yacht Club attracting the attention of Eminem, Paris Hilton, and Snoop Dogg. McDonalds created the McRibNFT for a Twitter campaign, and the Kings of Leon’s NFT provided fans with a limited-edition vinyl and front row seats to future concerts. And little old Quantum was sold for over $1.4 million in a Sotheby auction.

The digital transformation of collectibles through NFTs enabled brands to engage with customers in new ways. Companies across the tech and media sectors are finding unique ways to implement NFTs into their products and services – whether this be in their games to add player engagement, or as part of a marketing strategy on behalf of their customers. The virtual platform Decentral held its first fashion show including famous designer brands such as Dolce & Gabbana and Paco Rabanne.

From a brand perspective investing into NFTs may be an inventive way to engage with their users and to build a sense of community. NFTs can be used to raise funds for charitable causes and to deliver unique experiences to their customers.

Source: www.cfcunderwriting.com