Author: Dirk Shaw

Mining company increased its cyber insurance coverage from $1.5M to $12M

Posted on by Dirk Shaw

Situation:  A US mining company faced challenges with digital risk that limited their ability to increase their cyber insurance coverage.  The company had 500 active users on its network and their data had grown beyond 50 terabytes spread across 35 different locations.  The company lacked visibility into the types of data they were responsible for including sensitive PII/PHI data, data subject to digital privacy laws, and unused data stored beyond retention requirements.  To qualify for cyber coverage with higher limits, the company needed to identify digital risk, reduce its exposure, and apply the right risk controls on the digital assets that mattered most to the organization.

Complication:  In 2018, the mining company was impacted by a ransom attack.  Even though they paid the ransom, the company’s operations were shut down for almost two weeks while 90% of the workforce was unable to work.  When they were ransomed again in 2021, the company was forced to manually rebuild all of its critical operational systems.  The struggle to use paper invoices and POs during the recovery period impacted cash flow and disrupted the business for over 2+ months.

SecondSight Solution:  The mining company knew the best way to reduce their risk exposure was to first identify all the data that existed across the company, including any hidden risk stored in file shares and emails.  They had a limited budget, and instead of hiring more resources to attempt this manually as a one-time project, they chose SecondSight Risk Tracker to discover all of their data and classify the risk contained within the data – autonomously.  

Risk Tracker identified sensitive data stored across the company’s 35 locations, including data related to data privacy regulations.  Risk Tracker confirmed that only 40% of the operational data consisted of original documents – the remaining 60% were all duplicates.  In some cases, documents with highly sensitive data had 3-4 duplicate copies spread across the network.  Risk Tracker also identified unused data older than 7-year data retention requirements.  By leveraging Risk Tracker’s Live Digital Content Ledger with an open-source archive/purge utility, the mining company reduced their data footprint from 50 terabytes down to the 11 terabytes they needed to run the business.  

Return on Investment:

As an additional benefit, Risk Tracker simplified the company’s migration to Cloud and reduced their projected annual costs by 84%! The company had budgeted $190,000 per year for cloud, but after Risk Tracker classified all the mission-critical data, sensitive data, duplicates, and old data they no longer needed, the company realized they did not need to move all 50 terabytes to their new Cloud provider.  By automating data purge and archive processes, they only had 11 remaining terabytes to migrate and manage.  The reduction eliminated more than $158,000 of annual costs, saving the company almost $800,000 over its 5-year business plan.  Budgets were tight, but when the VP of IT presented the hard dollar savings to the CEO, the CEO agreed to allocate 50%, almost $400,000, to fund new risk controls the company needed to both prevent another breach, and to grow cyber insurance coverage to $12m.  According to the VP of IT:  “It was a 10-minute conversation”.

Impact on Cyber Insurance:  Risk Tracker’s holistic view of digital risk provided a foundation for both risk management and accountability.  This powerful combination accelerated risk remediation and guided data retention, privacy compliance, and the application of critical risk controls.  

Since Risk Tracker continually monitors digital risk, the mining company worked with their broker to communicate the impact of their risk mitigation and remediation strategies to the insurance carrier.  By providing ‘evidence of good digital risk behavior’, the Underwriter justified the substantial increase in cyber insurance, growing the company’s limits from $1.5M to $12M in coverage.  

The mining company’s VP of IT stated:  “Risk Tracker found all the sensitive PII and PHI data hidden across all 35 sites.  We couldn’t believe how much duplication we had, it was everywhere.  It would have been an impossible task trying to do this manually.  Once everyone knew exactly what data they were responsible for, what was high risk, and what needed to be purged or archived, we saw users change their behavior.  Eliminating all that risk made things a lot easier.  Since we knew what data was sensitive and what was most critical to running the business, we knew exactly where to apply the right risk controls.  There’s no way this would have been anywhere close to possible without SecondSight”.

Empowering Next-Generation Brokers to Simplify Cyber Insurance

Posted on by Dirk Shaw

In today’s complex cyber insurance landscape, SecondSight is paving the way for brokers to simplify processes and better serve their clients. By streamlining applications and providing cutting-edge tools, SecondSight enables non-technical brokers to become trusted advisors in the cyber insurance industry.

Navigating Cyber Insurance Challenges

The cyber insurance market is often mysterious and challenging, with applications being lengthy, technical, and confusing. Cyber risks constantly change, which necessitates frequent updates to underwriting requirements. Limited capacity in the market forces brokers to compete for costly and less comprehensive coverage.

Overcoming Fears in Cyber Insurance

Customer retention is a significant concern, with churn and Broker of Record changes becoming increasingly common. Competitors are eager to exploit these vulnerabilities, targeting brokers’ accounts and potentially impacting their entire book of business.

Seizing Cyber Insurance Opportunities

Despite the challenges, cyber insurance presents enormous opportunities for brokers. For example, a smaller broker utilized SecondSight to secure a $5M coverage increase for an MSP client when their long-time broker couldn’t help. By offering cyber expertise without being an expert, brokers can differentiate themselves, win new customers, and retain existing clients.

Standing Out in the Crowd with SecondSight

SecondSight simplifies the cyber insurance process for both customers and brokers with an easy-to-use application. This application helps explain risk controls, illuminates buyers to their risks, and provides a mitigation plan for reducing exposure. With SecondSight’s proven methodology, clients secure coverage, often obtaining better terms and lower retentions.

Leveraging Broker Advisory Tools and Market Differentiation

SecondSight equips brokers with pre-underwriting reports, specific action plans, and tailored reports customized for each client’s risk profile. By streamlining cyber applications and enhancing submissions, brokers can distinguish themselves among competing submissions to underwriters.

The Future of SecondSight

Upcoming developments for SecondSight include Broker Advisor Guides and a single application for multiple carriers, further simplifying the process for brokers and their clients.

Supporting Brokers with SecondSight

SecondSight assists brokers with onboarding, sales and marketing, and renewal management, ensuring they have the resources they need to succeed.

By simplifying processes, providing expert tools, and enabling brokers to differentiate themselves in the market, SecondSight is transforming the way brokers approach cyber insurance, empowering the next generation of brokers to excel in this ever-evolving industry.

Addressing the Complexities of Cyber Insurance Applications for Brokers

Posted on by Dirk Shaw

As a cyber insurance broker, you’re well aware of the challenges involved in navigating the complexities of cyber insurance applications. The process can be cumbersome, with varying requirements from carriers and highly technical components that may not be familiar to most brokers. SecondSight has developed a frictionless pre-underwriting process to help brokers like you overcome these obstacles, streamline the application and renewal process, and ultimately provide your clients with exceptional cyber insurance coverage.

Frictionless Pre-underwriting Explained

Frictionless pre-underwriting is a process designed to help brokers prepare their clients for cyber insurance applications and renewals in a smooth, efficient manner. SecondSight has developed AI-powered tools to simplify the process, allowing brokers to connect clients with the right coverage more easily.

Key SecondSight Tools for Pre-underwriting

  1. Digital Asset Inventory: This tool identifies key digital assets that require coverage. A comprehensive inventory not only demonstrates your client’s diligence but also helps insurers assess risk more accurately.
  2. Digital Risk Tracker: This AI-driven tool monitors the security of digital assets in real-time, alerting your client to potential risks and helping them take immediate action to mitigate threats.
  3. AI-powered Recommendations: In the event of digital risk, SecondSight’s AI system provides smart suggestions on how to best remediate the issue, demonstrating your client’s commitment to risk remediation and enhancing their application.

Streamlining the Cyber Insurance Application Process

By utilizing SecondSight’s pre-underwriting tools, you can provide insurers with well-organized, accurate information that showcases your client’s strong cybersecurity practices. This makes the underwriting process simpler and accelerates the application and renewal process, getting your clients the coverage they need faster than ever.

In summary, SecondSight’s frictionless pre-underwriting process, supported by innovative AI tools, empowers brokers like you to address the complexities of cyber insurance applications and deliver exceptional coverage to your clients. By leveraging these tools, you can successfully navigate the technical and varying requirements of cyber insurance carriers and solidify your role as a trusted broker.

Cybersecurity in the C-Suite

Posted on by Dirk Shaw

In this video, Tim Crown, the founder and chairman of Insight Enterprises, discusses the importance of cybersecurity in today’s digital world. He emphasizes the need for every individual within an organization to be involved in the conversation about cybersecurity and the ultimate goal of having “no news,” meaning that all systems and individuals were protected from cyber threats.

The Future of the CISO

Posted on by Dirk Shaw

In this video, Jason Rader, CISO for Insight Enterprises, discusses the evolving role of the Chief Information Security Officer (CISO) in modern organizations. Rader highlights the importance of the CISO being a business enabler, with a deep understanding of the various lines of business and their security needs. He also touches on the growing need for CISOs to be more interactive with the board of directors and for boards to have cybersecurity expertise, due to new SEC rulings. Rader describes the CISO’s role as a partnership with the board, enabling them to advise on security matters and move out of the “dark rooms” and into the boardrooms.

 

Understanding CyberTelematics: The Key to Better Cyber Insurance Coverage

Posted on by Dirk Shaw

As the world becomes more and more digital, cyber insurance is becoming a hot topic. Unfortunately, the traditional ways that insurance companies calculate risk don’t really work in the digital realm. That’s where CyberTelematics come in. They’re a new way to better understand and measure the digital risks that businesses face, so they can get the insurance coverage they need.

But what the heck are CyberTelematics, you ask? In the insurance world, it’s a way to measure digital behavior over time, kind of like how auto insurance companies use telematics devices to track how people drive. But instead of tracking physical movement, CyberTelematics measures digital assets and usage to help insurance companies better understand the risks businesses face.

Digital assets are a bit of a fuzzy concept, but they’re basically anything that has value to an online business. This can include things like data, programs, branding, and communications. And here’s the thing: not all digital assets are created equal. Some are more important to a business’s operations than others. That’s why it’s crucial for businesses to create a digital assets inventory that organizes, measures, and calculates the importance of each asset.

So, how do CyberTelematics actually work? There are two parts to it: measuring the business’s behavior and the cyber activity around the business. The program that measures CyberTelematics is kind of like the telematics device that auto insurance companies use, but instead of measuring driving behavior, it measures digital risk behavior. This helps identify the risks that a business may pose to an insurance company in the long term.

CyberTelematics also look at what’s going on outside the business, like where the business is being attacked and how people are trying to break into the business’s digital assets. This helps identify the risks associated with other companies that might be connected to the business’s site as well.

The most important part of CyberTelematics is time. It needs time to watch the behavior of each asset and determine risk. But once it has had some time to observe, it can provide the business and its insurance company with valuable information about its risks. This gives the business time to correct and modify its operations to better mitigate its risks.

So, why is all of this important? Well, digital attacks are impossible to predict, but you can monitor and protect what you have, and ensure that when attacks come, you have the tools to take care of them. CyberTelematics can help businesses protect themselves, so they can focus on what they do best.

Packaging and Logistics Firm Delivers a Stronger Risk Profile Right On Time

Posted on by Dirk Shaw

Broker Introduced SecondSight to Streamline and Improve Cyber Renewal Readiness  

SecondSight is designed to make it easier for organizations to prepare for cyber underwriting and improve their likelihood of obtaining favorable terms. 

Requiring minimal effort from the broker or the logistics Company, SecondSight quickly discovered and inventoried all digital assets, both on premise and in the cloud, and verified adherence to the top cyber risk controls required by major carriers. Through that process, SecondSight identified certain risk control gaps that could be strategically addressed ahead of renewals. And finally, SecondSight made it easy to collect and deliver the evidence underwriters need to have confidence in the risk story. 

 

The result? Better business continuity. And an unimpeachable renewal submission. 

With a clearer and more comprehensive view of its overall digital risk, the logistics firm’s IT team was able to target risk remediation efforts strategically. As efforts progressed, overall recoverability and insurability were measurably improved. At renewal time, the company and its broker will have everything they need to answer underwriting questions confidently and make a strong case for optimal cyber coverage. .

Nonprofit Bounces Back Better After Two Breaches In A Year

Posted on by Dirk Shaw

The nonprofit’s broker turned things around by steering towards SecondSight. 

SecondSight took the burden off the nonprofit’s leadership — as well as its broker.  After a complete digital asset inventory, including multiple SaaS implementations, SecondSight verified the risk controls that were in place and collected the necessary evidence. At the same time, SecondSight identified critical risk control gaps that could be remediated ahead of renewals. 

Finally understanding the scope of its digital risk, the nonprofit knew it needed more help. 

By translating technical terms into more meaningful financial language, SecondSight helped the nonprofit understand its digital environment for the first time. And with a clear outline of the critical risk control gaps, It was much easier for leadership to bring in an MSP to start repairing its insurability. 

The result? The broker and MSP can work on securing renewal, and the nonprofit can do what they do best. 

With its IT under control and the MSP taking all necessary steps to improve its risk profile, the nonprofit is in a much better position to maintain its cyber coverage and crucial funding. And when renewal time comes around, the MSP and organizational leadership can leverage SecondSight to answer all underwriting questions and provide valuable evidence of its breach recovery progress.

Specialty Manufacturer Rebuilds Insurability After A Serious Attack 

Posted on by Dirk Shaw

The firm’s MSP kicked off a powerful comeback with SecondSight   

SecondSight’s easy-to-use automated tools and workflows quickly inventoried all digital assets across multiple facilities and found the critical risk control gaps that led to the breach and could jeopardize insurability. These efforts also revealed total digital risk costs of at least $10M — and potentially as high as $28M. 

 

Understanding the cost of digital risk helped decisionmakers prioritize MSP efforts. 

With SecondSight, firm leadership could see and understand the full business impact of the missing risk controls for the first time. Working with its broker and MSP, the manufacturer created a strategic remediation plan to protect business continuity and improve the firm’s overall risk profile. 

 

The result? No more renewal dread. And a much more secure future. 

All existing risk controls were verified through SecondSight, with the appropriate evidence to satisfy underwriters. As new risk controls get added, SecondSight can verify and collect the evidence necessary to demonstrate those improvements. The manufacturer, its broker and the MSP can rest easy, knowing they’ve done everything possible to ensure business continuity and protect the firm’s cyber coverage and vital contracts.  

$500M Manufacturer discovers how to add cyber coverage without adding hassle

Posted on by Dirk Shaw

The firm’s P&C broker made the hassle disappear with SecondSight. 

SecondSight, a powerful data-driven solution, made it much easier to prepare for cyber underwriting and demonstrate that the manufacturer is, in fact, a good risk. 

With minimal effort from the manufacturer or the broker, SecondSight quickly inventoried all digital assets, verified adherence to the top risk controls required by major carriers, and collected the evidence to prove it. 

In the process, SecondSight identified a key risk control gap related to business continuity, which could also affect the firm’s insurability. 

 

Rapid risk control remediation led the firm to faster recovery — and an even stronger risk story. 

The Manufacturer moved quickly and effectively to address the risk control gap, improving its restorability to one day or less. 

 

The result? Relieved client, happy broker and a streamlined road to securing coverage.
After collecting evidence of the risk control now in place, the firm and its broker had everything needed to answer all underwriter questions in the application process and attach impeccable supplementals. All with no hassle, no confusion, and absolute confidence in their submission.