Written by: Griffiths & Armour on: 20 Jul 2022

Lessons Learned from Current Cyber Claims | Griffiths & Armour

Lessons learned from current cyber claims – A Q&A from the experience of Mark Hawksworth, Loss Adjustor at Sedgwick International

The Cyber Risk landscape is constantly changing and cyber attacks have become more sophisticated and socially engineered, making them harder to detect. As a result of this, there has been an increase in cyber claims from businesses spanning various sectors.

Mark Hawksworth is a Global Technology Specialist Practice Group Leader from Sedgwick Loss Adjustors, and is a specialist in handling and assisting with complex cyber incidents and claims. Relied upon by insurers and policyholders alike, Mark has provided his thoughts on the current pressing matters in the ‘cyber world’, and what a company can do to mitigate incidents that are currently causing claims.

1. What are the trending cyber incidents you are providing assistance with, and in your experience how best can the exposure be mitigated?

Cybercrime is trending currently, particularly email hacking via phishing or stolen credentials. Having payment procedures in place to verbally check any change of bank details, even if the email has been received from ‘management’ internally, or where Multi-Factor Authentication (MFA) is in place, would help mitigate these types of exposures. It is also essential that any firewall is correctly configured, restricting the creation of new rules within email accounts and restricted administration credentials helps reduces the potential of lateral movement of the ‘threat actor’. Training on social engineering and regular penetration testing and phishing email simulations should also be implemented to reduce the potential for attacks.

2. What’s the typical/highest quantum of the claim values you are handling, is there an upward trend or coloration to the type of ‘attack’?

Currently we are seeing a high level of Ransomware, Data Breaches and Cyber liability claims. Recent incidents for these claims tend to be in the minimum region of £300,000 to £500,000 exposure, with possibility of going much higher if not handled correctly early on.

We are concluding what appears to be a state sponsored attack against infrastructure which is going to be a multi-million pound claim, which shows the need to consider adequate Policy limits.

3. Cyber insurers are demanding Multi-Factor Authentication as a method of lessening cyber-attacks, is it worth it?

Multi-Factor Authentication (MFA) is a must in this day and age and will help to significantly reduce a large proportion of attacks when correctly and fully implemented. In the case of larger networks we are also beginning to see the implementation of MFA for access to administrative credentials in an attempt to stop threat actors jumping between accounts on the network to elevate their access privileges

4. What is thought to be the next major cyber-attack issue?

We are currently monitoring the situation regarding the heavier dependence and use of 5G. 5G does not provide communications in the same way as has historically been the case for 3G and 4G. That shift in architecture coupled with significantly higher speeds creates a new risk exposure. 5G is designed to facilitate a host of Internet of Things (IoT) devices and the risk of IoT devices being open and connected to networks will be a big issue going forward.

5G is in effect a software managed network running on ‘commercial off-the-shelf’ equipment, which may have exploitable vulnerabilities.

5. In your experience are there any ‘top tips’ on how companies should prepare for future cyber-attack issues?
  • Companies should look at the Mitre Attack framework which is free and has examples of incidents seen by similar businesses and helps the company to build their IT infrastructure to prevent known attack methods.
  • Cyber Essentials and Cyber Essential Plus framework or certification can also be beneficial.
  • Work with the Police utilising the free services on offer such as Police Cyber Alarm for an early warning system.
  • The Information Commissioner’s Office (ICO) are changing their approach to cyber incidents and have started to now hand out fines to smaller enterprises who are found lacking. Companies should familiarise themselves with the ICO and the tips on their website.

George Gardner | Griffiths & Armour