Corvus Insurance
Smart Cyber Overview

Corvus Insurance offers Smart Cyber Insurance®, a comprehensive solution designed to address the evolving landscape of cyber risks. This innovative product combines the financial strength of Travelers A++ paper with cutting-edge underwriting practices and proactive risk prevention services. Information is current as of the date of the document. 

Coverage and Limits

• Primary and Excess Cyber risks for organizations with up to $5B in gross annual revenue
• Policy limits up to $10M
• Broad 1st Party & 3rd Party Insuring Agreements

Enhanced Protection

• Contingent Business Interruption with Full Policy Limits
• System Failure coverage
• Cyber Crime and Social Engineering Protection
• Bodily Injury and Media Liability coverage
• Online and Offline Coverage
• Reputational Loss Coverage
• Full Prior Acts

Eligible Risk Classes

Corvus caters to a wide range of industries, including:

• Healthcare
• Retail
• Manufacturing
• Financial Institutions
• Education
• Professional Services

Unique Selling Points

Comprehensive Risk Management

• Personalized cyber threat alerts for all policyholders
• On-call guidance from cybersecurity experts
• Prioritized security recommendations via the Policyholder Risk Dashboard

Flexible Underwriting

• Experienced underwriting team offering hands-on partnership
• Adaptable approach to accommodate complex risks

Claims Expertise

In-house claims team with decades of combined experience

Incentivized Risk Reduction

Retention reduction endorsement, offering a 25% reduction in self-insured retention (up to $25,000) for policyholders who engage with Corvus services

About Corvus

Corvus Insurance, a wholly owned subsidiary of Travelers Insurance, is committed to building a safer world through innovative insurance products. Their Smart Cyber Insurance® and Smart Tech E+O offerings combine broad coverage with proactive risk prevention services, including threat alerts and support from in-house cybersecurity experts.

By leveraging advanced underwriting techniques and providing comprehensive risk management tools, Corvus aims to insure against cyber risks and actively works to prevent cyberattacks. This approach offers policyholders a robust defense against the ever-evolving landscape of digital threats, making Corvus Smart Cyber Insurance® a compelling choice for organizations seeking comprehensive cyber risk protection.

Corvus Insurance
Corvus Signal – Risk Prevention

Corvus Signal: Cutting-Edge Cyber Risk Prevention

Corvus Signal is a comprehensive risk prevention solution designed to help organizations stay ahead of emerging cyber threats. This innovative platform, available at no cost to Corvus policyholders, has been proven to reduce the impact of cyber incidents by 20%.

Key Features and Benefits

Risk Insights

• Personalized threat monitoring and alerting
• Dark web monitoring for early threat detection
• Cyber alerts are delivered directly to your inbox
• Third-party risk reports for vendors and partners upon request

Risk Dashboard

• Centralized access to the latest advice and security recommendations
• Visibility and control over security priorities
• Enables focused efforts on the most critical risks

Vendor Marketplace

• Database of pre-vetted security vendors
• Discounts available for some vendors to Corvus policyholders

Advisory Services

• Partnership-based approach with personalized risk insights
• Access to Corvus’ in-house team of cybersecurity experts
• Guidance available via email, call, or through the Risk Dashboard

Impressive Statistics

• 20% lower frequency and cost of cyber breaches
• 15.5 days average head start before alerted vulnerabilities are exploited
• 3x faster patching, with cyber alerts, sent the same day as the discovery
• Only 12% of researched threats result in alerts, of which 82% are later exploited

Policyholder Journey

1. Introductory Call: Deep dive into policy benefits and IT environment
2. Cyber Advice: On-demand guidance from cyber experts
3. Optimized Spend: Investment recommendations and access to pre-vetted vendors
4. Renewal Prep: Proactive preparation for policy renewal

Corvus Black Services:

• Incident Response Plan Review with Corvus Experts
• Virtual Incident Response Tabletop exercise (two hours)

Corvus Signal offers a robust, data-driven approach to cyber risk prevention. Combining personalized insights, expert guidance, and cutting-edge technology empowers organizations to effectively prioritize their cybersecurity efforts and reduce their vulnerability to emerging threats.

Corvus Insurance
Manufacturing Industry

Corvus Insurance is partnering with manufacturers to address the growing cyber risk in the sector. In 2022, manufacturing became the most targeted industry for ransomware attacks, with a staggering 1177% increase in attack frequency between Q1 2021 and Q1 2023. Despite this challenging landscape, Corvus offers comprehensive coverage with competitive terms and manufacturer-specific endorsements.

Target Markets and Coverage

Corvus caters to a wide range of manufacturing sub-classes, including:

• Food Manufacturing
• Apparel Manufacturing
• Contract Manufacturing
• Electronics Manufacturing
• Wood Product Manufacturing
• Metal Product Manufacturing
• Petroleum and Chemical Manufacturing

Corvus’s appetite extends to primary and excess risks, earning up to $5B in gross annual revenue and having limits of up to $10M.

Enhanced Coverage for Manufacturers

Corvus has developed specialized coverage enhancements tailored to the manufacturing industry:

Manufacturing Industry-Specific System Coverage

This extension covers computer systems and software commonly used in manufacturing, such as MES, CMMS, SCADA, and WMS.

Contingent Business Interruption Coverage

Contingent Business Interruption Coverage includes coverage for losses from stalled raw materials if physical suppliers encounter a cyber incident, in addition to traditional contingent BI coverage.

Alternative Production Run Costs

To mitigate contractual penalties and maintain client satisfaction, Corvus covers the expense of contractors to continue production while the insured’s systems are offline.

Invoice Manipulation Protection

Coverage extends beyond typical unauthorized access scenarios, including the value of products wrongfully shipped due to socially engineered invoice manipulation.

Utility Fraud Coverage

Utility Fraud Coverage protects against utility overages resulting from unauthorized and illegal use of an organization’s utility services or resources.

About Corvus Insurance

Corvus Insurance, a subsidiary of The Travelers Companies, Inc., is committed to building a safer world through insurance products that reduce cyber risk for policyholders. Their Smart Cyber Insurance and Smart Tech E+O products offer broad coverage, in-house claims handling, and risk prevention services. These services include threat alerts for policyholders and support from in-house cybersecurity experts.

Corvus operates in various regions, including the United States, the Middle East, Europe, Canada, and Australia. The company markets its products under different names in different regions: Corvus Insurance Agency, LLC in the U.S., Corvus Agency Limited for Corvus London Markets, and Corvus Underwriting GmbH for Corvus Germany.

By offering tailored solutions and comprehensive coverage, Corvus aims to address the unique cyber risks manufacturers face in today’s increasingly digital and interconnected industrial landscape.

Corvus Insurance
Healthcare Industry

Corvus Insurance, a subsidiary of The Travelers Companies, Inc., offers specialized cyber insurance solutions for healthcare entities. It aims to combat cyber risks in the healthcare sector by providing comprehensive coverage and risk prevention services.

Corvus focuses on a wide range of healthcare sub-classes, including:

• Clinics and hospitals
• Health practitioners (physicians, dentists)
• Health departments and services
• Healthcare consultants
• Long-term care and assisted living facilities
• Medical laboratories and imaging centers
• Pharmacies and surgery centers

Coverage Details:

• Primary and excess cyber risks
• Limits up to $10 million
• No revenue cap for potential clients

Enhanced Coverage

Corvus offers several coverage enhancements tailored to the healthcare industry:

1. HIPAA Corrective Action Plan: Covers costs for recertifying HIPAA compliance and implementing corrective action plans.

2. Expanded Definition of Computer Systems: Includes healthcare-specific systems such as:
– Internet-connected medical equipment
– Electronic Medical Record (EMR) systems
– Patient Customer Resource Management (CRM)
– Picture Archiving and Communication System (PACS)

3. Preventive Shutdown: Extends Business Interruption and Contingent Business Interruption coverage to situations where systems must be shut down to mitigate damage from computer crimes or attacks.

4. Outsourced Service Providers: Expands coverage to include Electronic Health Record (EHR) systems providers.

Corvus Insurance Overview

• Offers Smart Cyber Insurance and Smart Tech E+O products
• Provides broad coverage, in-house claims handling, and risk prevention services
• Operates in the U.S., Middle East, Europe, Canada, and Australia
• Utilizes marketing names: Corvus Insurance, Corvus London Markets, and Corvus Germany

Corvus Insurance aims to build a safer world through insurance products that help reduce cyber risk for policyholders. Their approach includes threat alerts and partnerships with in-house cybersecurity experts to prevent cyberattacks.

Additional Information

• Policy eligibility is determined during the application process
• Quotes, terms, conditions, and premiums adhere to Corvus Insurance’s underwriting guidelines
• The actual policy contract supersedes any general descriptions or informational material
• Coverage may not be available in all jurisdictions

Corvus provides an overview of its cyber insurance offerings for the healthcare sector, highlighting its specialized coverage enhancements and commitment to reducing cyber risks in this critical industry.

Corvus Insurance
Financial Services Industry

Corvus Insurance is partnering with financial services organizations to address cyber risk challenges in the industry. Corvus highlights the increasing threat of cyber attacks, particularly ransomware, which saw a 231% rise in frequency from Q4 2022 to Q2 2023 in the financial sector.

Target Market

Corvus aims to serve various financial services sub-classes, including:

• Financial & Investment Advisors
• Wealth Managers
• Banks and Credit Unions
• Insurance-related entities (Carriers, MGUs, MGAs, Agents & Brokers)
• Investment firms (Mutual and Hedge Funds, Real Estate Investment & Private Equity)
• Financing and Lending Institutions

Appetite and Coverage

• Offers primary and excess cyber risks
• Provides limits up to $10M
• No revenue cap for potential clients

Coverage Enhancements

1. Payment Card Reissuance Costs: Covers expenses related to reissuing credit and debit cards following a cyber event.

2. Client Payment Fraud: Expands cyber crime coverage to include losses incurred by the insured’s clients or customers due to third-party deception. This coverage is not available for banks, credit unions, or mortgage lenders.

3. Financial Services Specific System Coverage: Extends protection to various computer systems and software commonly used in the financial industry, such as:

• Trade management and execution platforms
• Money management platforms
• Proprietary trading platforms
• Business intelligence software
• Bookkeeping software
• Payment gateways
• Tax management software
• Financial planning software

4. Financial Fraud Intermediary: Expands financial fraud coverage to include an Intermediary, either an Insured Representative or Seller Representative.

About Corvus Insurance

Corvus Insurance, a subsidiary of The Travelers Companies, Inc., focuses on creating a safer world through insurance products that help reduce cyber risk for policyholders. Their offerings include:

• Smart Cyber Insurance
• Smart Tech E+O products

These products feature broad coverage, in-house claims handling, and risk prevention services. Corvus provides threat alerts and partners with in-house cybersecurity experts to help prevent cyberattacks.

Corvus Insurance
Construction Industry

Corvus Insurance is partnering with the construction industry to address this sector’s growing cyber risks. The industry responsible for critical infrastructure is increasingly targeted by cyber threats, with ransomware attacks against it rising by 48% from 2022 to 2023. In response, Corvus is offering comprehensive cyber insurance solutions tailored to the unique needs of construction businesses.

Appetite:

• Primary and excess risks for companies with up to $5B in gross annual revenue
• Coverage limits up to $10M

Coverage Enhancements:

1. Property Damage Claims

• First and third-party coverage for damages arising from hacking attacks
• Up to $1M limit available

2. Bodily Injury Claims

• Third-party coverage for injuries resulting from security or privacy breaches
• Up to $1M limit available

3. Missed Bid Coverage

• Business income loss coverage for missed bids or RFPs due to system interruptions

4. Contractual Credits and Penalties

• Coverage for service credits or penalties imposed due to hacking-related failures

Additional Enhancements:

• Regulatory and Preventive Shutdown Coverage
• Vicarious Liability Coverage for property owners
• Protection against independent contractors’ failure to prevent malicious code transmission
• Expanded definition of Computer Systems to include drones, Building Information Management Software, and SCADA systems

About Corvus Insurance

Corvus Insurance, a subsidiary of The Travelers Companies, Inc., focuses on creating a safer world through insurance products that reduce cyber risk for policyholders. Their offerings include:

• Smart Cyber Insurance
• Smart Tech E+O products

These products feature broad coverage, in-house claims handling, and risk prevention services. Corvus provides threat alerts and partners with in-house cybersecurity experts to help prevent cyberattacks.

Corvus Insurance
Cyber Threat Report Q2 2024

The Q2 2024 Cyber Threat Report by Corvus Insurance highlights a significant increase in ransomware activity, setting new records for the year’s first half.

Ransomware Activity

Ransomware attacks reached unprecedented levels in Q2 2024, with 1,248 victims posted on leak sites. This represents a 16% increase from Q1 and an 8% year-over-year rise. The report suggests that ransomware activity may continue to escalate later in the year, potentially reaching new highs.

Ransomware Groups

LockBit, a major ransomware group, experienced a resurgence in May after facing law enforcement actions earlier in the year. However, their overall activity remains lower than pre-intervention levels. New groups like PLAY, Medusa, RansomHub, INC Ransom, and Blacksuit emerged to fill the void left by declining groups.

Ransom Demands and Payments

Q2 saw a significant ransom demand increase, reaching a nearly two-year high. Average ransom payments even exceeded the peaks observed in 2022. Organizations with robust backup strategies were 2.38 times less likely to pay ransoms and experienced 72% lower median claim costs.

Evolving Tactics

Ransomware operators have adapted their strategies, with 93% of incidents in 2024 involving data theft in addition to encryption. This “double-extortion” tactic pressures even well-prepared organizations to consider ransom payments.

Industry Impacts

Construction, manufacturing, and professional services were the most frequently targeted industries in Q2. The IT Services and Software Development sectors saw notable increases in ransomware incidents, raising concerns about potential systemic risks.

In Summary

Corvus emphasizes the need for organizations to implement robust, multi-layered security strategies to combat the evolving ransomware threat. It highlights the importance of proactive measures, including effective backup strategies and heightened vigilance, especially in high-risk sectors like IT services.

Corvus Insurance
Unpatched Software

The Case of the Unpatched Environment: A Cyber Insurance Success Story

Corvus Insurance details a case study involving Corvus, a cyber insurance provider, and their approach to assessing and mitigating cybersecurity risks for a national retail franchise seeking coverage.

Background

A national retail franchise approached Corvus for cyber coverage after receiving an exorbitant renewal premium from their current carrier. Despite being loss-free for several years, the client faced challenges in the hard market for cyber insurance.

The Corvus Scan Discovery

Corvus utilized its proprietary scanning technology to assess the client’s IT infrastructure. The scan revealed unpatched servers vulnerable to the Microsoft Exchange Server vulnerability, contradicting the client’s belief that their systems were fully updated.

Investigating the Discrepancy

• Initial Confusion: The client and their Managed Service Provider (MSP) were confident that all necessary patches had been applied.
• Deep Dive Analysis: Corvus’s Data Science team conducted a thorough investigation, pinpointing the exact issues and their locations.
• Root Cause: The investigation uncovered a miscommunication between the MSP and the client, compounded by an oversight in the system architecture.

The Underlying Issue

The problem stemmed from the client’s load balancer, routing traffic to multiple servers. While one server had been patched, others were overlooked due to a lack of comprehensive verification across all potential traffic destinations.

Resolution and Outcome

1. Vulnerability Patching: Once identified, the client and MSP patched the overlooked Microsoft Exchange servers promptly.
2. Improved Security Posture: The process revealed and addressed critical vulnerabilities, enhancing the client’s overall cybersecurity.
3. Successful Coverage: With the vulnerabilities addressed, Corvus was able to offer a competitive quote and bind the account.

Key Takeaways

1. Data-Driven Approach: The case demonstrates the value of using data-driven tools to verify cybersecurity measures.
2. Collaboration: Effective communication between the insurer, client, and MSP was crucial in resolving the issue.
3. Holistic Security: The incident highlighted the importance of comprehensive security checks, especially in complex network architectures.
4. Risk Management: Corvus’s approach provided insurance coverage and actively improved the client’s security posture.

Corvus illustrates its commitment to not just providing cyber insurance but also actively contributing to improving its clients’ cybersecurity. By identifying and addressing overlooked vulnerabilities, Corvus demonstrated the value of its data-driven approach in the current cyber insurance market.

Corvus Insurance
Incident Response

Corvus Insurance provides a comprehensive guide on effectively working with a cyber insurer during an incident response. It outlines five key stages and offers practical tips for maximizing the partnership between an organization and its cyber insurance provider.

Stage 1: Before the Incident

The first step is incorporating your cyber insurer into your Incident Response Plan (IRP). This involves:

• Documenting who will contact the insurer, when to do so, and how
• Ensuring offline access to contact information
• Socializing the updated IRP among relevant staff
• Conducting response drills

Stage 2: Discovery of an Incident

When an incident is discovered, it’s crucial to notify your insurer promptly, even if it seems minor. The document emphasizes:

• Following the IRP instructions for contacting the carrier
• Not hesitating to reach out, as situations can escalate quickly
• Using secure communication methods if systems are compromised

Stage 3: Working with Your Insurer’s Team and Vendors

Once notified, your insurer will:

• Gather initial information about the incident
• Provide guidance on the next steps
• Help connect you with necessary vendors, such as:
• Legal counsel (breach coach)
• Digital forensics firm

These specialists will assist in protecting the investigation, navigating privacy laws, and determining the incident’s technical aspects.

Stage 4: Notifying Individuals and Regulatory Compliance

In this stage, the focus shifts to:

• Determining notification requirements with legal counsel
• Drafting appropriate communication for affected individuals
• Engaging notification and call center services if needed
• Offering credit monitoring services when necessary
• Ensuring compliance with varying state and local data breach laws

Stage 5: Aftermath and Reflection

The final stage involves:

• Conducting a post-incident review to identify areas for improvement
• Implementing a security roadmap based on lessons learned
• Preparing for potential regulatory investigations or lawsuits
• Demonstrating compliance and adequate preparation for regulators

Throughout the document, the importance of prompt communication with the insurer, adherence to the IRP, and leveraging the expertise of specialized vendors is consistently emphasized. The guide aims to help organizations navigate the complex incident response process while maximizing the benefits of their cyber insurance partnership.

Corvus Insurance
Responding to a Vendor Breach

Corvus Insurance provides comprehensive guidance for organizations dealing with data breaches at their vendors. Corvus highlights the increasing reliance on managed service providers and cloud-based solutions while warning against the assumption that these vendors are inherently secure.

Vendor Breach Risks

Attacks on IT Managed Service Providers increased by 185% in 2019
44% of companies reported experiencing a vendor-caused breach
Large vendors are attractive targets for criminals due to potential access to multiple organizations

Initial Response Steps

1. Remain calm and follow the incident response plan
2. Secure the organization’s environment
3. Notify the broker and cyber liability carrier
4. Retain experienced privacy counsel
5. Review the vendor contract for relevant provisions

Legal and Regulatory Considerations

• Various laws and regulations may apply based on data type and location
• Examples include state-specific laws, HIPAA, FERPA, NY DFS, GLBA, GDPR, and PIPEDA
• Each regulation has unique notification requirements and timelines

Information to Obtain from the Vendor

• Access to forensic reports or summaries
• Details about ransomware variants and containment measures
• Scope of compromised data and affected individuals
• Vendor’s plans for notification and associated costs
• Number of impacted customers
• Vendor’s cyber insurance status
• Plans for future security enhancements

Challenges in Vendor Breach Response

• Lack of control over the investigation and its pace
• Limited access to forensic findings and facts
• Potential delays in notification timelines
• Unfavorable contract terms regarding liability and indemnity
• Inconsistent approaches among affected organizations

Ideal Vendor Response

• Transparency in forensic investigation and findings
• Hiring experienced counsel and forensics experts
• Precise identification of compromised data
• Offer to handle notifications and provide support services
• Adequate assurances of containment and future prevention

Corvus emphasizes the importance of preparedness, clear communication with vendors, and understanding legal obligations in the event of a vendor data breach. It is a valuable resource in navigating the complexities of third-party cyber incidents.