HOT TAKES. ONE PLACE.

There's a LOT to know about insurance. So, whether you've got a specific question or just want the 411 on what we do, click around on the articles below.

Laptop and glasses
 
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

The Value of Cyber Insurance

As cyberattacks become more frequent and costly, it’s crucial for organizations to maximize their financial protection against related losses by purchasing sufficient insurance. Cyber coverage, also known as cyber liability insurance, can help organizations pay for a range of expenses that may result from cyber incidents—including (but not limited to) data breaches, ransomware attacks and phishing scams.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

10 Essential Cybersecurity Controls

Cyber incidents—including data breaches, ransomware attacks and social engineering scams—have become increasingly prevalent, impacting organizations of all sizes and industries. Such incidents have largely been brought on by additional cyberthreat vectors and growing attacker sophistication.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Creating a Cybersecurity Culture

Employees are an organization’s first line of defense against cybercriminals. For this reason, they are also commonly targeted. In fact, the vast majority (88%) of data breaches are caused by employee mistakes, according to Stanford University. Unfortunately for organizations, a single mistake can result in costly losses, reputational damage and lost or stolen data.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Managing End-of-Life Software

At some point, all software will reach the end of its life. This means manufacturers will no longer develop or service the product, discontinuing all technical support, upgrades, bug fixes and security fixes. As a result, end-of-life (EOL) software will have known vulnerabilities that cybercriminals can easily exploit. This article discusses the risks of continuing to use EOL software and discusses best practices for organizations to mitigate this risk.

Read More
Cyber, Personal Lines, Risk Management Megan Henderson Cyber, Personal Lines, Risk Management Megan Henderson

General Cybersecurity Best Practices for Modern Vehicles

Modern vehicle technology has transformed in the past several years as autonomous driving, vehicle electrification and car connectivity features have become more common. While these digital innovations in the automotive industry have added significant customer value, they have also exposed vehicles to cybercriminals attempting to gain access to critical in-vehicle electronic units and data.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Attack Surface Management Explained

An attack surface is the total possible entry points (a.k.a. attack vectors) for unauthorized access into any system. The recent increase in remote and hybrid work combined with the shift to the cloud and widespread implementation of software-as-a-service (SAAS) applications have made attack surfaces increasingly large, complex and difficult to defend against cyberattacks.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Patch Management Explained

Patch management is the process of acquiring and applying software updates to a variety of endpoints, including mobile devices, computers, servers and embedded devices. Installing patches regularly is necessary to correct errors, help protect data and optimize system functions. This article provides information on how a consistent approach to patching and updating software can limit exposure to various exploits.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Endpoint Detection and Response Explained

Endpoint detection and response (EDR) is a cybersecurity solution that continuously monitors security-related threat information and endpoint data to detect and respond to ransomware and other kinds of malware. It provides visibility into security incidents occurring on endpoints—such as mobile devices, desktop computers, laptops, embedded devices and servers—to prevent damage and future attacks.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Clear and Precise Policy Wording: The Key to a Mature Cyber Insurance Market

According to a recent analysis from S&P Global Ratings (S&P), the cyber insurance sector needs “clear and precise policy wording” to build a sustainable market and encourage contract certainty for buyers and insurers. The cyber coverage segment has grown faster than any other subsector of the insurance market, reaching $9.2 billion in global premiums in 2021.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Median Ransom Payment Drops 51% in Second Quarter

Fewer ransomware victims paid to retrieve access to their systems, and the median ransom payment dropped 51% in the second quarter of 2022, according to a recent report from Coveware. Though the median payment dropped to $36,360, the average ransom payment increased 8% to $228,125, boosted by a few outliers. However, the improvement in the median payment reflected threat actors’ shifts toward less risky, lower-profile targets, and the average remains below a fourth quarter 2021 high of over $300,000.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

CISA’s Known Exploited Vulnerability Catalog Explained

The Cybersecurity & Infrastructure Security Agency (CISA) maintains the Known Exploited Vulnerability (KEV) catalog to help organizations better manage and mitigate cybersecurity vulnerabilities. The agency encourages organizations to utilize the KEV catalog—the authoritative list of vulnerabilities that have been exploited—to keep pace with threat activity and remediate the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Cyberespionage Explained

Cyberespionage is a type of cyberattack that involves an unauthorized user (or multiple users) accessing a victim’s sensitive information in order to secure economic benefits, competitive advantages or political gain. Also known as cyberspying, the primary targets of such cyberattacks include government entities, large corporations and other competitive organizations.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Jackware Cyberattacks Explained

Ransomware incidents entail cybercriminals compromising their victims’ computers or servers with malware and demanding large payments in order to restore the technology (as well as any files or data stored on it). They have often been considered one of the most damaging cyberattack methods.

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Credential Stuffing Cyberattacks Explained

Credential stuffing incidents entail cybercriminals leveraging stolen usernames and passwords in attempts to gain access to additional accounts and systems. For example, a cybercriminal may obtain a target’s username and password for a social media account and use those same login credentials to try and access the victim’s other systems (e.g., email accounts, banking applications or workplace networks).

Read More
Cyber, Risk Management Megan Henderson Cyber, Risk Management Megan Henderson

Cyber Hygiene Best Practices

As cyberattacks become more frequent and severe it is increasingly important for organizations to practice good cyber hygiene to minimize their exposure to risk. Cyber hygiene refers to habitual practices ensuring critical data and connected devices are handled safely.

Read More