Travelers Cyber
Prepare, Prevent, Mitigate, Restore

Travelers Institute presents the “Cyber: Prepare, Prevent, Mitigate, Restore” initiative, which aims to educate organizations about cybersecurity threats and best practices. This educational program is designed to empower businesses of all sizes to tackle evolving cyber threats through a series of free cybersecurity symposia.

Threat Landscape: The initiative addresses common cyber threats and vulnerabilities, including:

• Ransomware
• Social engineering
• Hacktivists
• Denial of service attacks
• Threats from employees and vendors

National Symposium Series: The Travelers Institute hosts free cybersecurity symposia for leaders of small and mid-sized businesses and organizations through public-private partnerships.

Expert Insights

The document features quotes from industry experts highlighting various aspects of cybersecurity:

1. Threat Landscape: Tim Francis from Travelers notes increased sophisticated social engineering fraud.

2. Preparation: Bill Detwiler of TechRepublic emphasizes the importance of securing all devices connected to a network, particularly with the rise of the Internet of Things.

3. Prevention: Jason Ritchie from the Federal Reserve Bank of Dallas recommends implementing multifactor authentication for online banking security.

4. Mitigation: Sian Schafle of Lewis Brisbois Bisgaard & Smith LLP stresses the importance of having a breach coach to navigate complex breach situations.

5. Restoration: Brett Leatherman from the FBI highlights the value of early engagement with law enforcement during cybersecurity incidents.

About the Travelers Institute

Travelers established the Travelers Institute to participate in public policy dialogue on matters relevant to the property and casualty insurance sector and the broader financial industry. The institute leverages industry expertise from Travelers’ senior management and risk professionals to provide information and recommendations to policymakers and regulators.

The initiative underscores the critical role of education in cybersecurity mitigation, as emphasized by Alan Schnitzer, Chairman and CEO of Travelers. It aims to raise awareness about evolving cybersecurity risks and provide businesses with the knowledge to protect themselves in an increasingly connected digital landscape.

Travelers Cyber
Cybersecurity Guide

Travelers Cybersecurity Guide is a comprehensive cybersecurity guide produced by the Travelers Institute, aimed at empowering organizations to tackle evolving cyber threats. The guide is structured around four key phases: Prepare, Prevent, Mitigate, and Restore.

In the Prepare phase, the guide emphasizes the importance of knowing your data, systems, and network. It recommends focusing cybersecurity efforts on critical assets, validating backup strategies, and planning for incident response. The guide stresses the need for organizations to maintain inventories of their systems, software, and network infrastructure.

The Prevent phase focuses on strengthening access controls, promptly patching known vulnerabilities, educating employees about cyber risks, and adopting security-conscious policies and procedures. The guide highlights the least privilege principle and vendor management’s importance in cybersecurity.

For the Mitigate phase, the guide emphasizes early detection of incidents, executing the response plan, getting help when needed, and documenting the response effort. It stresses the importance of having a well-designed incident response plan and the potential need for external resources such as breach coaches or forensics experts.

The Restore phase covers remediating vulnerabilities, restoring lost or damaged systems and data, replacing compromised controls, continuing monitoring, communicating effectively about the incident, and implementing lessons learned. The guide emphasizes the importance of post-incident review to improve future cybersecurity efforts.

Travelers Institute provides practical advice and best practices for organizations of all sizes. It emphasizes that cyber incidents are inevitable but need not be catastrophic if properly managed. The guide discusses legal and regulatory considerations, such as data breach notification requirements.

Travelers encourage continuous improvement in cybersecurity practices and offer additional resources for organizations seeking to enhance their cyber defenses. Overall, this guide serves as a comprehensive roadmap for organizations looking to improve their cybersecurity posture in an increasingly complex threat landscape.

Travelers Cyber
Coverage for Financial Institutions

Travelers CyberRisk Coverage offers a comprehensive suite of insurance agreements designed to protect financial institutions from various cyber-related risks. The coverage is divided into four main categories: Liability, Breach Response, Cybercrime, and Business Loss.

Liability Insuring Agreements

This category includes three key components:

1. Privacy and Security: Covers claims arising from unauthorized data access, failure to notify of data breaches, improper handling of confidential information, privacy policy violations, wrongful collection of private information, security breaches affecting system access, DDoS attacks, and computer virus transmission.

2. Media: Provides coverage for claims related to copyright infringement, plagiarism, defamation, libel, slander, and violations of privacy or publicity rights in electronic and printed content.

3. Regulatory: Offers protection against administrative and regulatory proceedings, civil and investigative demands from domestic or foreign governmental entities, and claims resulting from privacy and security or media acts.

Breach Response Insuring Agreements

This section focuses on addressing the immediate aftermath of a cyber incident:

1. Privacy Breach Notification: Covers costs associated with notifying affected individuals or entities, including call center services, credit monitoring, and identity fraud insurance.

2. Computer and Legal Experts: Provides coverage for costs related to analyzing and containing breaches, identifying compromised information, and obtaining legal services to respond to such incidents.

3. Betterment: Covers costs for improving computer systems post-breach to prevent similar future incidents.

4. Cyber Extortion: Addresses ransom and related costs in response to threats of system attacks or unauthorized information access.

5. Data Restoration: Covers costs for restoring or recovering lost electronic data, computer programs, or software due to system damage from viruses, DDoS attacks, or unauthorized access.

6. Public Relations: Provides coverage for PR services to mitigate negative publicity resulting from actual or suspected privacy breaches, security breaches, or media acts.

Cybercrime Insuring Agreement

This category specifically addresses:

Telecom Fraud: Covers charges from telephone service providers resulting from unauthorized access or use of the insured’s telephone system.

Business Loss Insuring Agreements

This section focuses on the financial impact of cyber incidents:

1. Business Interruption: Covers income loss and expenses to restore operations due to computer system disruptions caused by viruses or attacks, including voluntary shutdowns to minimize business impact.

2. Dependent Business Interruption: Extends business interruption coverage to incidents affecting third parties crucial to the insured’s business operations.

3. System Failure: Provides coverage for income loss and restoration expenses resulting from accidental, unintentional, and unplanned interruptions of the insured’s computer system.

4. Reputational Harm: Covers lost business income due to reputational damage when an actual or potential cyber event becomes public.

This comprehensive coverage aims to protect financial institutions from the multifaceted risks associated with cyber threats, addressing both direct and indirect consequences of cyber incidents.

Travelers Cyber
Ransomware Landscape

The Travelers Cyber Risk Bulletin focuses on the growing threat of ransomware attacks against businesses. 

1. Ransomware attacks have significantly increased, with the average ransom payment tripling from 2018 to 2019.

2. Cybercriminals are demanding larger ransoms, often in the six—to eight-figure range, and are becoming more aggressive in their tactics.

3. Between Q3 and Q4 of 2019, the average downtime caused by ransomware attacks increased from 12.1 days to 16.2 days.

4. When hit by ransomware, businesses face a challenging decision: whether to pay the ransom or not. This decision should be made with guidance from legal counsel and digital forensics experts.

5. The document provides a real-life example of a ransomware attack on a professional services firm, detailing the timeline and recovery process.

6. Cyber insurance can cover various expenses related to ransomware attacks, including ransom payments, legal fees, digital forensic services, and data restoration.

7. Businesses of all sizes and sectors are at risk of ransomware attacks.

8. IT service providers can be a potential business vulnerability, and companies should implement third-party risk management programs.

9. The bulletin offers simple, cost-effective measures to reduce ransomware risk, including:
– Employee training on recognizing suspicious emails
– Disabling Microsoft Office macros
– Blocking Remote Desktop Protocol (RDP)
– Strengthening controls over privileged access
– Leveraging open-source intelligence
– Reviewing and testing backup and recovery capabilities

10. Travelers offers cyber insurance coverage for ransomware attacks and related expenses, including a new “betterment” coverage to help businesses improve their controls after an attack.

Travelers emphasizes the importance of preparedness and proactive measures in defending against ransomware attacks, highlighting the need for businesses to stay vigilant and implement robust cybersecurity practices.

Travelers Cyber
Manage Cyber Threats

Travelers summarizes a symposium held at The Wharton School of the University of Pennsylvania, organized by the Travelers Institute as part of its Small Business – Big Opportunity series. The event, titled “Managing Risk: Thriving After Cyber Threats, Natural Disasters and More,” took place on May 20, 2015, and aimed to help small business owners manage various risks.

Keynote Address

Roch Parayre from Wharton Executive Education described the current business environment as “VUCA” (volatile, uncertain, complex, ambiguous). He outlined six disciplines for organizational leaders to survive in this environment: anticipate, challenge, interpret, decide, align, and learn.

Cybersecurity

Michael Echols from the U.S. Department of Homeland Security emphasized that small businesses are often easy targets for hackers. He advised businesses to:

• Have their networks professionally scanned
• Train employees on cyber risks
• Develop a business continuity plan

Echols directed attendees to the us-cert.gov website for more cybersecurity tips.

Business Continuity

Matthew Gardner from AssuredPartners highlighted that small businesses often lack the resources to monitor and address risks compared to larger firms. Ben Collier from The Wharton School stressed the importance of considering three factors for business protection: people’s safety, financial soundness, and business continuity.

Audience Polling Results

• 75% of attendees did not have a business continuity plan
• Over 50% had no plans to increase business resiliency to natural disasters

Natural Disaster Preparedness

Ben Collier emphasized the potential devastation of natural disasters on small businesses, particularly through disruption of essential services. He stressed the importance of careful planning to prevent short-term disruptions from becoming long-term problems.

Travelers Cyber
Prepare & Protect: Cyber Risk Pressure Quiz

Travelers outlines the importance of Response & Recovery in cyber risk management strategies. It emphasizes the need for organizations to be prepared for potential cyber-attacks or data breaches, highlighting that 35% of users identified Response & Recovery as a pressure point in their cyber risk management approach.

Key Components of Cyber Risk Management

Travelers stresses the significance of having a comprehensive, cross-functional cyber incident response plan. This plan should address several crucial elements:

1. Data Protection: Backing up and storing critical data, documentation, and systems.
2. Physical Security: Controlling access to server rooms and critical machines.
3. Monitoring: Implementing network activity monitoring and early detection systems.
4. Incident Response: Establishing incident validation, investigation, and mitigation procedures.
5. Team Preparation: Identifying, training, and activating an incident response team.
6. External Resources: Engaging with agents, insurance carriers, and other external support.
7. Mitigation Strategies: Developing specific actions to minimize the impact of cyber attacks.
8. Communication Protocols: Establishing procedures for notifying data owners and customers.
9. Recovery Procedures: Implementing data recovery and restoration processes.
10. Continuous Improvement: Conducting post-incident reviews and refining the plan.

Immediate Response Actions

Travelers outlines nine critical steps to take immediately after confirming a cyber incident:

1. Contact the agent and notify the insurance carrier.
2. Assemble the core incident response team.
3. Contain, fix, and restore affected systems.
4. Engage pre-selected external resources.
5. Seek legal advice.
6. Ensure compliance with relevant regulations.
7. Set up a call center for customer relationship management.
8. Prepare for potential investigations.
9. Understand the risks and associated costs.

Common Cyber Risks and Costs

Travelers identifies several top cyber risks, including human error, hackers, spear phishing, extortion, hacktivism, and rogue employees. It also provides statistics on the average costs associated with data breaches, such as notification costs, post-breach costs, lost business costs, detection costs, and defense and settlement costs.

Conclusion

Travelers emphasizes that no business is immune to cyber risks and encourages organizations to work with risk management advisors and insurance agents to assess vulnerabilities, prepare for potential threats, and plan for quick recovery. It invites readers to take a Cyber Risk Pressure Test to evaluate their organization’s cyber risk management strategy.