The First Line of Defence Against a Cyberattack

Recently, Xavier Marguinaud, our Head of Cyber, was interviewed by Spanish Newspaper, El Mundo. You can view this Spanish abridged version of the interview here, or read on for the full version.

"People. The first line of defence against a Cyberattack"

Tokio Marine HCC Group offers Cyber insurance solutions to a variety of industry segments worldwide, from SME to large corporations. The Cyber Unit led by Xavier Marguinaud out of their European and UK offices, mainly focuses on Upper mid to large corporations (€500M+ in revenue), domiciled anywhere outside of the U.S.

We interviewed Xavier to find out more:

1. What do you think has led society to the current cyber security situation?

In the 1970s, the rise of electronics, telecommunications and computers transformed our society. These grand technical evolutions were mostly positive. However, in hindsight, their potential for misuse, their security and lack of data privacy, were all vastly underestimated.  

Since then, and although difficult to ascertain, Cybercrime became extremely lucrative; more so (and less dangerous) than the drug trade. In 2020 alone, Cybercrime cost the global economy around USD1 Trillion, almost as much as Spain's GDP (USD1.28 Tn) the same year, a little more than 1% of world's GDP.

The fact that society did not see this coming and that it has taken a long time to properly assess and address Cyber risks, explains many of today’s Cyber vulnerabilities and threats.

Nowadays, we understand that education and awareness is key (for both citizens and employees) and aspire to a “Secure by Design" philosophy (a software engineering approach that implies that both software products and capabilities have been designed to be foundationally secure).

2. Can you describe the current Cyber landscape and how it is evolving?

Towards the end of 2019, the Cyber market began to react to the increase in Cyber incidents and their severity. Some insurers began reducing their and increasing their rates, pushing us into a “hard market”.

The COVID-19 crisis in 2020 accelerated this. Suddenly, there was a greater need for remote working set-ups and hackers seized the moment (ransomware attacks went up by almost 600% in the first three months of the pandemic). Companies had to deal with the immediate and pressing matters suddenly imposed on them by this “new normal”, amongst which (but maybe not top of the list) would figure reassessing their Cyber exposure.

Given the hard market, some insurers prioritised market share growth over risk assessment and selection. This was not our case. Our underwriting approach remained steady and careful to this regard. Instead, we took the time to update our own Cyber risk assessment methodology, to better cope with this fast-evolving Cyber threat landscape. 

3. Tell us about TMHCC's Cyber risk assessment methodology.

TMHCC’s Cyber Security Framework is based on NIST, ISO 27002 and SCF (Secure Controls Framework) standards and is mapped against more than 135 cybersecurity standards and regulations. In addition to our standard and industry specific questions, we also update the tool with real-life threats (e.g., SolarWinds, Kaseya, COVID 19, etc.). Of course, we use external tools and resources too as well as being able to consult with our diverse network of partners (lawyers, IT Forensic, etc.) and colleagues, members of Tokio Marine's Cyber Centre of Excellence.

Our methodology consists of five key steps: Understanding the insured, assessing their Cyber footprint (e.g., data breach and business interruption exposures); looking at their people, processes and technology (“The Golden Triangle”); assessing their ability to detect, contain and mitigate any potential Cyber incident; and lastly, assessing their experience (reactions to, and lessons learnt from, any past incident).

4. What is your ideal client profile?

Upper Middle Market and Large companies have a true and relatively longstanding interest in Cyber Security and consequently its insurance. Therefore, engagement and interactions between us, their broker and the insured are usually fluid and interesting.

We value each submission on its own merit. As long as we receive enough detailed and relevant underwriting information, we can perform an accurate risk assessment, regardless of industry. Although, obviously, we do have some preferred (more comfortable) sectors.

5. How does your Cyber Security Insurance differ from those currently in the market?

We offer all "standard" and "optional" Cyber related covers available in the market: First-party cover (Business Interruption, Notification costs, Data recovery, etc.), Third-party cover (Investigation costs, Defence cost, etc.) and Emergency Response (granting our clients access to crisis management cyber experts that can help them manage any Cyber incident they might be facing).

However, Tokio Marine HCC wants to offer more than just a risk transfer solution. For this reason, we invest in our clients' Cyber security management by allocating an extra limit towards a variety of services listed on our Cyber Menu. These services can help improve companies’ Cyber security, awareness, and readiness, and for each service listed, we partner with highly recognized experts in their field. 

6. What advice would you give businesses now in 2021?

Firstly, and due to how interconnected businesses are these days, I would advise companies to understand their level of dependencies on third-party providers and monitor and defend them as part of their own perimeter.

Secondly, and perhaps unconventionally, I would recommend trusting and using new and relevant technologies, as this may bring an additional level of comfort (e.g., Data Loss Prevention tools, artificial intelligence tools to identify "unusual” behaviour and/or data movement, etc.).

Lastly, and most importantly, keep investing in your people. They are your front, and potentially most efficient, line of defence against any Cyber-attack. Cyber is a polymorphic threat that can vary in levels of sophistication and take on various guises. Keep training your people and never let your guard down. Cyber Security begins with each and every one of us. 

We know…Cyber

Tokio Marine HCC has been innovating in Cyber Liability Insurance worldwide, for over 20 years. Our dedicated global team is made up of cyber insurance and in-house claims experts with deep industry knowledge and a wealth of cyber security experience. We promote active knowledge exchange, making us a global leader when it comes to cyber risk, while keeping you at the forefront of emerging threats on the ever-evolving Cyber landscape.

From offices in the U.S., our cyber team insures US-domiciled businesses, with a focus on the small- to mid-sized segment, as well as individuals concerned with protecting their family, home and privacy from cyber threats. From Europe and the U.K., our team concentrates on mid- to large-sized businesses domiciled anywhere outside of the U.S. In addition, we leverage our in-house Cyber expertise to enhance other Tokio Marine HCC insurance coverages, letting you take on risk with confidence.

Follow us on LinkedIn: #TMHCC_Cyber