The Cyber Sandbox: Why Managing Your Risk is Non-Negotiable

Tony Mcintosh, Executive Vice President, Liberty Company Insurance Brokers, Inc.

Tony McIntosh, AU, MLIS, CYB, CRIS is the Executive Vice President of the Liberty Company Insurance Brokers, providing leadership and business development services within the Liberty Company offices. He also serves as the President of their MGA, Aura Risk Management Insurance Services, tasked with building and managing programs that support Liberty clients on an exclusive basis and building out programs for select distribution to external broker partners. Of note, McIntosh was named an Insurance Business America (IBA) Hot 100 winner in 2020 and 2021, and most recently, an IBA 2022Global 100 winner.

• Documented change-management procedures

• Encryption tools and policies for data at rest and in transit

• Multi-factor authentication (MFA)

• EDR/XDR (automated endpoint detection and response)

Beyond this, businesses must be able to demonstrate proof of budget allocations for cybersecurity initiatives. This way, companies are equally invested in the outcomes and both sides of the coin are aligned.

How cybersecurity coverage is influencing D&O liability

Oversight and increased requirements for disclosure on cybersecurity are making D&O coverage extremely important. With the rise of data breaches and other cyber-related attacks, Directors & Officers are responsible for ensuring the organization is taking sufficient steps to protect their digital assets. In the case of a data breach, for example, directors can be hit with shareholder suits and derivative actions claiming a breach of their fiduciary duty to the company for failing to put adequate cybersecurity measures in place. Moreover, as a result of the increased regulatory oversight we are now experiencing, many legal experts predict there will be an increase in cyber-related D&O lawsuits.

Why cyber risks remain front & center

As a result of the changes to a remote workplace that typically provides less-secure access points for cybercriminals to exploit, cyber risks are critical now more than ever. The pandemic proved that this transition to a work-from-home environment in all industries, coupled with the introduction and accessibility of crypto currency, has proliferated the volume and damage of many of the cyber-attacks we are experiencing, most of which come from phishing attacks, a lack of MFA, EDR/XDR and the sandbox.

What you should know about cybersecurity& insurance today

In today’s volatile, and frankly scary, world of malware, ransom ware, and ‘bad-actors’ who relentlessly seek to compromise passwords through phishing and other attacks, not having MFA in place, for example, to provide an additional layer of security to user and admin accounts, represents a dereliction of duty on the part of any IT professional charged with protecting data.

The real frightening part is that MFA alone, is no guarantee that the bad guys won’t still find a way to compromise your data. The dark web is filled with sources that can obtain credentials and MFA tokens that have been compromised. Thus, while not having full MFA implementation can ‘ding you’ on a cybersecurity compliance audit or questionnaire, if the real objective is securing data and protecting your company, there has to be something else, which is where EDR/XDR comes in.

EDR or XDR platforms can often be the last line of defense and the difference between stopping malware or ransom ware before an event takes hold of your environment, or a large payout of Bitcoin, public announcements, stock devaluations, and loss of trust with clients.

Overall, when the enterprise has a proper cyber sandbox in place with the tools we mentioned deployed, the risk transfer becomes more of a strategic buy with carrier partners that are sophisticated in cybersecurity. In turn, the carrier can then provide network vulnerability tests and remediation recommendations to bolster the enterprise's cybersecurity on a continual basis – a very necessary and critical function in today’s business landscape.