Coalition Active Insurance

Coalition’s Active Insurance offers a modern approach to cyber insurance designed to address the evolving digital risks faced by businesses of all sizes. Unlike traditional cyber insurance policies, which are often passive and rely on outdated data, Coalition’s Active Insurance leverages real-time data and proactive measures to protect businesses from cyber threats.

Key Features of Coalition’s Active Insurance

Assessment: The Active Data Graph identifies specific digital risks for each business, enabling more accurate risk assessments and stable pricing.

Coverage: In the event of a cyber incident, Coalition provides around-the-clock expert support, responding within minutes to help recover funds and minimize impacts.

Protection: Coalition Control®, the company’s cyber risk management platform, offers ongoing monitoring of a business’s cybersecurity posture and alerts about emerging threats. Policyholders also have access to hands-on support from security experts.

Response: The comprehensive coverage is designed to stay up-to-date with the changing threat landscape, protecting businesses from critical cyber threats while limiting out-of-pocket costs.

Effectiveness and Approach

Coalition’s Active Insurance approach has proven effective, with policyholders experiencing 64% fewer claims than the industry average. This success is attributed to the proactive nature of the insurance, which partners with businesses to monitor, mitigate, and reduce digital risk from the outset rather than only responding after an incident has occurred.

Target Market

While the document emphasizes that 46% of all cyber breaches impact businesses with fewer than 1,000 employees, Coalition’s Active Insurance is designed to protect businesses of all sizes that rely on technology for various aspects of their operations, including data management, sales and payroll.

Coalition’s Active Insurance offers a comprehensive, proactive approach to cyber insurance that goes beyond traditional policies. It aims to keep businesses one step ahead of evolving cyber threats by combining real-time data, expert support, and ongoing protection.

Coalition
Active Protection: Before, During and After a Digital Incident

Coalition offers organizations comprehensive cybersecurity and risk management solutions, providing active protection and support before, during, and after digital incidents. Their services are designed to help businesses identify, mitigate, and recover from cyber threats and executive exposures.

Active Assessments, Monitoring, and Alerts

Coalition Control, a free service for policyholders, provides automated scanning and alerting to assess digital risks. This service offers:

• Near real-time snapshots of an organization’s digital risks
• Third-party risk management through monitoring of vendors, suppliers, and partners
• Discounts on leading cybersecurity solutions

Active Response During Security Incidents

Coalition’s active response capabilities include:

• Continuous scanning and monitoring of digital assets and risk factors
• Personalized alerts for critical issues and security recommendations
• A dedicated Security Support Center with in-house teams for incident response and cyber claims
• Coalition Incident Response (CIR) team, responding quickly to accelerate claims response
• A claims team with privacy attorneys and legal experts to navigate the recovery process

Comprehensive Insurance Coverage

Coalition’s insurance policies are designed to help organizations recover financially and operationally after a cyber incident:

• Protection for the entire business, covering financial losses and liability from cyber incidents or technology failures
• Coverage for privacy violations and decisions made by company executives
• Insurance products backed by leading global reinsurers

By combining proactive risk assessment, rapid incident response, and comprehensive insurance coverage, Coalition offers a holistic approach to cybersecurity and risk management. This integrated solution aims to protect businesses at every stage of potential digital threats, from prevention to recovery.

Coalition
Claims Advantage Checklist

Coalition’s Claims Advantage Checklist outlines the key benefits of their cyber insurance and incident response services. This comprehensive approach aims to help policyholders effectively manage and recover from cyber incidents, with 47% of cases resolved at no cost to the insured.

5-Minute Average Claims Response
Coalition’s 24/7 claims hotline provides rapid access to in-house cyber experts who initiate a streamlined response to minimize business impacts. This quick response can be crucial in determining whether an incident becomes a full-blown cyber event or is successfully contained.

Unparalleled Financial Recovery Tactics
Coalition’s strong relationships with government entities and financial institutions enhance its ability to recover funds in transfer fraud cases. This network allows it to act swiftly and access resources unavailable to other insurers, potentially preserving policy limits for its clients.

Extensive Pre-Claims Services
Policyholders can access dedicated “pre-claims assistance” funds for legal, forensic, and IT services without triggering a formal claim. This feature encourages clients to seek guidance on suspicious incidents early, potentially preventing escalation to more serious events.

Exclusive Access to Coalition Incident Response (CIR)
When a cyber threat becomes a claim, policyholders benefit from CIR’s expert team for quick detection and stabilization of the event. This can often be achieved without impacting the policyholder’s self-insured retention.

Tabletop Exercises and Incident Response Plans
Coalition provides simulations and resources to help policyholders effectively prepare for and manage cyber events. These exercises aim to reduce stress during actual incidents and ensure proper protocols are followed.

By offering these comprehensive services, Coalition aims to provide a robust cyber insurance solution that protects policyholders financially and actively works to prevent, mitigate, and respond to cyber incidents effectively.

Coalition
Coverage Advantage Checklist

Coalition’s Coverage Advantage Checklist outlines key features of their comprehensive cyber insurance coverage, designed to address evolving digital risks for businesses. This document highlights several important aspects of Coalition’s policy offerings:

Comprehensive Coverage

Coalition provides a broad base form that covers a wide range of incident types, including high limits for Funds Transfer Fraud and Ransomware. This comprehensive coverage allows insurance agents to offer clients robust protection without extensive negotiations.

Key Policy Features

• “Pay on Behalf” Language: Coalition covers upfront costs for breach response, ransom payments, and forensics, eliminating policyholders’ out-of-pocket expenses.
• Separate Limit for Breach Response Costs: Available on most policies, this feature preserves limits for other coverages, such as extortion and business interruption.
• $0 Retention with Coalition Incident Response (CIR): CIR allows policyholders to access expert support without additional costs.
• Pre-Claims Assistance: Included in every policy, policyholders can seek guidance without triggering a claim.

Enhanced Terms for Good Cyber Hygiene

Coalition offers improved policy terms for businesses that invest in their cyber security:

• Premium credit of up to 12.5% for using leading Managed Detection & Response (MDR) solutions.
• Reduced retention for business email compromise if multi-factor authentication (MFA) was in place.
• Shorter waiting period for business interruption due to denial of service (DDoS) attacks if approved mitigation providers were used.

Coverage Areas

The policy includes protection for various cyber risks:

1. Third-Party Security and Privacy
2. Event Response
3. Media and Professional Liability
4. Cyber Crime

Additional coverages are available by endorsement, including industry-specific options and affirmative AI coverage.

This comprehensive approach to cyber insurance provides businesses with robust protection against a wide array of digital threats while also incentivizing good cyber hygiene practices. The policy’s flexibility and focus on proactive risk management make it a valuable tool for businesses navigating the complex landscape of cyber risks.

Coalition
Security Advantage Checklist

Coalition’s Security Advantage Checklist outlines the company’s integrated approach to cyber insurance, highlighting how their unique strategy helps policyholders reduce the likelihood of losses and strengthen their security posture.

Proprietary Threat Intelligence
Coalition’s security research team continuously gathers data from across the web to identify emerging threats in near-real time. This intelligence is combined with claims data to alert policyholders about critical exposures most likely to result in losses, helping clients prioritize remediation efforts and maximize insurability.

Loss Control Hub for Cyber Brokers
The company integrates visibility and loss-control tools directly into its broker platform. This allows brokers to provide real-time support, minimize claims, and contribute to a more predictable renewal experience. Brokers can monitor critical alerts and share resources to simplify cyber loss control and improve client retention.

Dedicated In-House Security Support Team
Coalition maintains an in-house team of security analysts and consultants dedicated to assisting brokers and policyholders. This team helps resolve contingencies, remediate exposures, and implement security improvements, enabling brokers to engage expert consultants to help clients become cyber-conscious and insurable.

Pre-bind Security Support with Coalition Control
Every contingent quote comes with pre-bind access to Coalition Control, allowing businesses to access remediation guidance, self-service tools, and details about their cyber exposures even before coverage is bound. This feature helps brokers accelerate the growth of their book by simplifying security support and contingency resolution.

Cybersecurity Protections Beyond the Policy
Coalition offers Managed Detection & Response services for policyholders seeking additional peace of mind, providing around-the-clock threat detection and remediation.

Coalition’s approach to cyber insurance integrates security measures throughout the process, from pre-binding to ongoing support and protection. By combining proprietary threat intelligence, dedicated support teams, and comprehensive tools, Coalition aims to provide a more effective and proactive cyber insurance solution for policyholders.

Coalition
Cyber Insurance for the Construction Industry

Construction companies rely heavily on technology, making them vulnerable to cyber-attacks. The average cost of a cyber insurance claim for construction organizations is $208,000. Common cyber threats include:

• Funds Transfer Fraud (FTF)
• Business Email Compromise (BEC)
• Ransomware

Unique Exposures

Construction companies use various technologies that can create cyber risks:

• Building Information Modeling (BIM) software
• Document management systems
• Supervisory Control and Data Acquisition (SCADA) systems
• Safety management software
• Payment processing software
• Customer Relationship Management (CRM) systems
• Email and mobile devices
• End-of-life software and hardware
• Field operations platforms

Sensitive Data and Compliance

Construction firms handle various types of sensitive data, including financial data, legal and contractual information, employee information, and corporate confidential data. This data handling requires compliance with regulations such as HIPAA and PCI DSS.

Business Impacts of Cyber Events

Cyber incidents can lead to:

• Direct costs for incident response
• Liability to others
• Business interruption and reputation damage
• Financial losses due to cybercrime
• Costs for recovery and restoration

Cyber Insurance Solutions

Coalition, a cyber insurance provider, offers “Active Insurance” which includes:

• Active Risk Assessment: Real-time data-driven underwriting and risk scoring
• Active Protection: Continuous monitoring and alerting
• Active Response: Rapid incident response support

Coalition reports a 22% year-over-year decrease in claims frequency and 64% fewer claims compared to the industry average. Most small and medium-sized construction businesses purchase coverage limits of $1-2 million.

Coalition emphasizes the importance of cyber insurance for construction companies, given their reliance on technology and the potential financial and operational impacts of cyber incidents.

Coalition
Cyber Insurance for the Healthcare Industry

Healthcare organizations handle sensitive patient data, including personal, financial, and health information. They rely heavily on digital technologies, making them prime targets for cybercriminals. The average cost of a cyber insurance claim for healthcare organizations is $134,000, with ransomware losses averaging nearly $355,000.

Unique Exposures and Risks

Healthcare organizations face specific cyber risks due to their use of various technologies:

• Electronic medical record (EMR) systems
• Customer relationship management (CRM) systems
• Email (vulnerable to business email compromise)
• Outdated software and hardware
• Medical devices
• Patient portals
• Payment processing software
• Telemedicine platforms

Phishing is the most common attack vector, which can lead to various malicious activities.

Sensitive Data and Compliance

Healthcare organizations handle multiple types of sensitive data, including:

• Biometric data
• Financial data
• Personally identifiable information (PII)
• Protected health information (PHI)

They must comply with various regulations like HIPAA, HITECH, and state data privacy laws.

Business Impacts of Cyber Incidents

Cyber incidents can result in:

• Direct costs for incident response
• Liability to third parties
• Business interruption and reputational damage
• Financial losses due to cybercrime
• Costs for recovery and restoration of systems

Cyber Insurance Coverage

Coalition offers Active Insurance, which includes:

1. Active Risk Assessment: Real-time data-driven underwriting and risk scoring
2. Active Protection: Continuous monitoring and alerting
3. Active Response: In-house resources for incident response

Coalition’s approach has resulted in a 22% year-over-year decrease in claims frequency and 64% fewer claims compared to the industry average.

Insurance Limits

Most small and medium-sized healthcare businesses purchase $1M-2M in limits, while mid-market organizations often opt for $5-10M. Coalition offers coverage for businesses up to $5B in revenue.

Coalition highlights the critical need for robust cyber insurance in the healthcare industry, given the sector’s unique vulnerabilities and the potentially severe consequences of cyber incidents.

Coalition
Cyber Insurance for The Legal Industry

Legal organizations prioritize data privacy and cybersecurity to maintain trust, competency, and confidentiality. Lawyers are ethically bound to remain technologically competent and protect client privilege.

Essential Technologies and Risks

The document outlines various technologies used in legal practices that can create cyber risks, including:

• Client portals
• CRM systems
• Document management systems
• eDiscovery tools
• Email
• Payment processing software
• Law practice management software
• Social media

These technologies present potential vulnerabilities that could lead to data breaches, business interruption, or reputational damage.

Sensitive Data and Liability

Legal organizations handle various types of sensitive data, including:

• Corporate confidential data
• Financial data
• Personally identifiable information (PII)
• Protected health information (PHI)
• Sensitive employee information

Mishandling this data can lead to increased business liability and potential regulatory investigations.

Business Impacts

Cyber incidents can result in:

• Direct costs for incident response
• Liability to third parties
• Business interruption and reputation damage
• Cybercrime-related financial losses
• Recovery and restoration expenses

The average total cost of a data breach for legal organizations is $4.7 million.

Cyber Insurance Insights
The document provides statistics on cyber insurance claims and purchasing habits in the legal industry. It emphasizes that most small and medium-sized legal businesses purchase $1-2M in coverage limits, while mid-market businesses often opt for $5-10M.

Active Insurance Approach

Coalition, the company behind this guide, promotes an “Active Insurance” model that focuses on:

• Active Risk Assessment
• Active Protection
• Active Response

This approach aims to prevent digital risks before they occur and provide comprehensive support when incidents do happen.

Coalition underscores the critical importance of cyber insurance for legal organizations, given the sensitive nature of their work and the potential for significant financial and reputational damage from cyber incidents.

Coalition
Cyber Insurance for Nonprofit Organizations

Cyber Insurance for Nonprofit Organizations

Nonprofit organizations face unique cyber risks due to their handling of sensitive data and reliance on donations. Despite their valuable role in society, these organizations often have limited resources for cybersecurity, making them attractive targets for attackers.

Key Insights

• The average cost of a cyber insurance claim for nonprofits is $110,000.
• Ransomware, while not the most common, results in an average loss of over $365,000 for nonprofits.
• Business Email Compromise (BEC) is a nonprofit’s leading cause of cyber insurance claims.

Unique Exposures

Nonprofits face cyber risks from various technologies they rely on, including:

• Online fundraising platforms
• Donor management systems
• Cloud computing
• Email systems
• Websites
• Outdated software and hardware
• Social media
• Client intake and case management software
• Mobile applications

Sensitive Data and Liability

Nonprofits handle various types of sensitive information, including beneficiaries’ personal data, donor information, financial data, employee records, and grant applications. A data breach involving this information can lead to significant legal and regulatory consequences.

Business Impacts

Cyber incidents can result in:

• Direct costs for incident response
• Liability to third parties
• Business interruption and reputational damage
• Financial losses due to cybercrime
• Costs for recovery and restoration of systems

Cyber Insurance Solutions

Coalition offers Active Insurance, which provides:

• Active Risk Assessment: Real-time data-driven underwriting and risk scoring
• Active Protection: Continuous monitoring and alerting to prevent risks
• Active Response: Rapid incident response and coverage

Coalition’s approach has resulted in:

• 64% fewer claims compared to the industry average
• 47% of reported cyber events are handled at no cost to policyholders
• 43% reduction in critical vulnerabilities among policyholders in 2022
• Average response time of 5 minutes to a cyber incident

Nonprofit organizations can benefit from cyber insurance to mitigate their unique digital risks and ensure their ability to continue serving their communities effectively.

Coalition
Cyber Insurance for Real Estate

Cyber Insurance for the Real Estate Industry

The real estate industry has embraced digital innovation, enabling faster transactions and improved client communications. However, this technological advancement has introduced new cyber risks, making the sector a target for attackers seeking to exploit vulnerabilities in IT infrastructure and data security protocols.

Key Insights:

• The average cost of a cyber insurance claim for real estate organizations is $153,000.
• Though not the most frequent, ransomware attacks result in an average loss of nearly $286,000.
• Phishing is the leading attack vector for all cyber claims in the industry.

Unique Exposures:

Real estate businesses face cyber risks through various essential technologies:

• CRM systems
• Payment processing software
• Property management software
• Email (susceptible to business email compromise)
• eSignature technology
• Social media
• Document management systems
• End-of-life software & hardware
• Websites & online listing platforms

Sensitive Data and Liability:

Real estate professionals handle various types of sensitive data, including:

• Corporate confidential data
• Financial data
• Protected health information (PHI)
• Personally identifiable information (PII)
• Sensitive employee information

The average total cost of a data breach for real estate organizations is $4.7 million.

Business Impacts:

Cyber incidents can result in:

• Direct costs for response and investigation
• Business interruption and reputation damage
• Recovery and restoration expenses
• Liability to third parties
• Cybercrime losses (e.g., funds transfer fraud)

Cyber Insurance Solutions:

Coalition offers Active Insurance, which provides:

• Active Risk Assessment: Real-time data-driven underwriting and risk scoring
• Active Protection: Continuous monitoring and alerting
• Active Response: Rapid incident response and coverage

Coalition’s approach has resulted in:

• 64% fewer claims compared to the cyber industry average
• 47% of reported cyber events are handled at no cost to policyholders
• 43% reduction in critical vulnerabilities among policyholders in 2022
• 5-minute average response time to cyber incidents

Coalition Control

Coalition Control is a comprehensive cyber risk management platform designed to help businesses detect, assess, and mitigate cyber threats before they escalate into attacks. The platform leverages machine learning, AI, and proprietary data to provide an outside-in view of an organization’s cybersecurity posture.

Coalition Control Features

Attack Surface Monitoring (ASM): Monitors risks across the entire external digital footprint, including assets, apps, services, data leaks, and phishing risks.

Personalized Cyber Risk Assessment: Produces a report assessing security findings and their severity across the entire attack surface.

Third-Party Risk Management: Monitors suppliers and vendors that may pose a threat.

On-Demand Rescans: Users can request rescans of specific vulnerabilities.

Vulnerability Resolution: Users can resolve vulnerabilities with attestation or evidence.

Alerting & Security Notifications: Provides platform and email notifications for critical vulnerabilities.

Lookalike Domain Management: Alerts users to potentially fraudulent domains and assists with removal requests.

CoalitionAI Security Copilot: Offers expert guidance and self-service remediation steps.

Security Checklist: Provides a step-by-step guide for establishing security controls.

Expert Guidance & Advice: Offers detailed security recommendations from security and threat analysts.

Cloud Application Integrations: Integrates with Microsoft 365, Google Workspace, and Amazon Web Services.

Coalition Control also offers:

Coalition Incident Response (CIR): Available to policyholders before, during, and after cyber events.
Coalition Claims Teams: Assists in mitigating the impact of breaches or covered events.
Managed Detection and Response (MDR): Provides 24/7 threat monitoring and unlimited remediation (add-on).
Security Awareness Training (SAT): Offers employee training and phishing simulations (add-on).

The platform caters to various organizational roles, including business leaders, risk professionals, security users, and IT users. It provides tailored features and insights for each role, ensuring comprehensive coverage of cyber risk management needs.

Coalition
Exposed Risky Panels (MFA)

Coalition explains the “Exposed Risky Panels—Two Factor” security finding, which identifies login panels for essential business applications that are accessible over the Internet but may lack proper Multi-Factor Authentication (MFA) protection.

Risk Explanation:

• Exposed login panels are compared to leaving an expensive bike unlocked in a busy area.
• These panels pose significant risks when protected only by basic security controls like username and password.
• Attackers can exploit these vulnerabilities using stolen credentials, brute force attacks, or phishing techniques.

Urgency:

• Threat actors regularly scan for exposed panels to gain unauthorized access.
• Coalition may require confirmation of MFA implementation before binding or renewing a policy.

Mitigation Strategies:

• Ensure the latest version of the service is used and all patches are up-to-date.
• Enable MFA controls for employee access to the panel.
• Implement identity access management (IAM) solutions.

Resolution:

If MFA is in place but not detected by scans, confirm its enablement and ensure the service is patched to the latest version.

Coalition Control

Coalition offers a platform called Coalition Control to help clients strengthen their security posture:

• Provides full technical details of security findings.
• Offers additional support for mitigating cyber risks.
• Allows clients to grant access to their IT or security teams.

Coalition
Managed Detection and Response (MDR)

Coalition Managed Detection and Response (MDR) is a comprehensive cybersecurity service that protects small and midsize businesses from advanced cyber threats. This 24/7 monitoring and response solution combines cutting-edge technology with human expertise to detect, respond to, and remediate potential cyber incidents quickly and effectively.

Key Features and Benefits

• 24/7 Monitoring and Response: Continuous threat detection and response capabilities to minimize operational disruption and impact.
• Incident Response Experts: Leveraging Coalition’s experience as a leading cyber insurance provider to detect and remediate threats.
• Proactive Security Alerts: Actionable alerts based on proprietary data sources to help businesses respond to threats preemptively.
• Integrated Risk Management: Rapid response to endpoint events through Coalition Control, a cyber risk management platform.

Technology and Data Sources

Coalition MDR utilizes enterprise-grade technology, including SentinelOne, for endpoint, cloud, and identity security. It also offers options to bring your own license (BYOL) for CrowdStrike and Microsoft Defender. The service extends beyond endpoints with MDR Plus, ingesting telemetry from various sources such as email, network, and identity management systems.

Scalability and Affordability

The service is tailored for growing businesses, offering:

• Powerful MDR at an accessible price point
• Flexibility to match existing infrastructure
• Scalability to add or remove endpoints and services as needed

Service Tiers

• Coalition MDR: Core features include 24/7 monitoring, a 30-minute SLA for critical alerts, and quarterly security reviews.
• Coalition MDR Plus: Enhanced monitoring of critical data sources, tailored rules and alerts, and extended remediation capabilities.
• Coalition Email Security: Focused protection for email systems against phishing and business email compromise (BEC) attacks.

Additional Benefits for Active Cyber Insurance Customers

• Premium credits up to 12.5% on select policies
• Insurance-covered incident response with zero deductible for certain services
• Access to Coalition Control and expert panel vendors

Coalition MDR aims to provide businesses with enterprise-level security tools and expertise without the need for extensive in-house resources. By offering tailored solutions and leveraging proprietary data and technology, Coalition MDR positions itself as a comprehensive and accessible cybersecurity partner for small and midsize businesses seeking to protect themselves from evolving digital risks.

Coalition
Remote Desktop Access

Coalition explains a critical security finding related to Remote Desktop Access, a vulnerability it identifies as a significant business risk.

Security Finding Category

Remote

What Coalition Found

Coalition discovered exposed Remote Desktop Protocol (RDP) connections on the public internet, likening to “finding a screen door with a pickable lock protecting your network”. This finding typically comes in three variations:

• Remote Desktop Protocol (RDP)
• Remote Desktop Web Access (RDWeb)
• Remote Desktop Gateway (RDGateway)

Why It’s Risky

While RDP itself is not inherently risky when properly secured and limited to internal use, it becomes a significant vulnerability when exposed to the public internet. This exposure makes it easier for attackers to exploit and gain unauthorized access to systems.

Urgency for Clients

This issue is considered urgent because:

• Attackers actively seek to exploit these vulnerabilities
• RDP exposures rank among the top drivers of cyber insurance claims
• Coalition’s 2023 Threat Index identifies RDP as the top protocol attackers seek to exploit

Impact on Insurance
Due to these risks, Coalition typically requires RDP and related services to be removed from the public internet before binding or renewing a policy.

Recommendations

Clients can take control of their risks by:

1. Using Coalition Control™ to detect, assess, and mitigate cyber risks
2. Granting access to Coalition Control to their IT or security team members
3. Exploring resources on Remote Access Best Practices and understanding RDP

This document underscores the importance of promptly addressing Remote Desktop Access vulnerabilities.