In this interview, we spoke with Kimberly Patlis Walsh, President of Corporate Risk Solutions (CRS) who has over 20 years of insurance underwriting, program structuring, and multinational client risk advisory representation.
Unfortunately, several cyber attacks have been occurring, and recently, Costa Rica declared a state of emergency after ransomware hackers crippled computer networks across multiple government agencies, including the Finance Ministry.
The Russian invasion has also caused enormous damage to Ukraine’s internet infrastructure, promulgating the need for coordinated and bold responses. Geopolitics aside, the reality is any business that interacts with and/or depends on the internet for its existence can be a target, regardless of size.
Therefore, it is extremely important to have proper business and cyber insurance plans implemented for any type of business.
So, we spoke with Kimberly Patlis Walsh on cyber risks and attacks, business insurance, and how to protect and help prevent your business from cyber attacks.
Table of Contents
Here Are Kimberly Patlis Walsh's Responses To Our Questions:
1. What is covered under cybersecurity insurance? What losses are exempted?
Kimberly Patlis Walsh:
A cyber insurance policy protects an enterprise for liability / loss arising out of (a) first party breaches (at the company itself and employee data (e.g., social security numbers, credit card numbers, bank account numbers, drivers’ licenses, health information or material non-public information), and (b) third party breaches (customer, vendor or other parties’ sensitive business data, health and/or data or their employees).
Typically all types of breaches (inclusive of amounts associated with actual ransom demands and/or malware, business interruption costs, and unencryption costs are included in coverage. Costs to retain breach response teams (i.e., legal, forensic accountants, cyber breach coaches etc) are also included.
Programs are structured around helping a company respond, recover and restore the business to protect against the costs associated with an attack.
2. Some businesses say cybersecurity insurance is expensive. Do you agree or is the pricing fair?
Kimberly Patlis Walsh:
The cyber insurance marketplace has indeed spiked precipitously and dramatically due to the frequency and severity of breaches and the losses sustained by virtually every major global cyber insurance carrier. Pricing and retention/deductible levels are primarily driven by the level of security and the process/security protocols in force at any given company, as well as an insured’s claims history.
Specific vulnerabilities need to be addressed before carriers will be interested in quoting (most notably: multifactor authentication, remote desktop & website protocols, business continuity planning and regular security testing). Pricing could be in the range of $15K – $30K per million (or more), depending on the level of security protocols and penetration testing conducted.
3. Is cyber insurance worth it for small businesses?
Kimberly Patlis Walsh:
Regardless of size, any business that interacts with or utilizes the internet – and that’s everyone – has become a target for cyber thieves. In fact, recent reports have shown that small businesses are three times more likely to be targeted by cyber criminals compared to larger companies.
Potential targets are no longer limited to those that have personally identifiable information, personal health information or customer credit card data, but instead these attacks have either shut down or interrupted vital infrastructure, health systems, and financial companies. Manufacturing has been hit hard, including construction, supply chains, distribution, and sales.
With an overall increase in cyber attacks following the pandemic coupled with fewer resources, small to mid-sized businesses are left more vulnerable (especially if they are not as attentive to their security measures) for cyber criminals to take advantage. To the extent a company is ‘choosing’ between getting their security house in order or purchasing insurance, we recommend first addressing open security challenges!
4. Aside from cybersecurity insurance, what other type of insurance can businesses use to protect themselves from cyber attacks?
Kimberly Patlis Walsh:
The best way to combat a cyber attack or breach is to spend needed money to address security vulnerabilities. Outside of dedicated cyber insurance, another line of coverage that may respond to a claim is crime insurance, which may have coverage for ‘social engineering or impersonation’ by third parties claiming to be an in-house officer of the company demanding wires or changing of passwords or smartphone or computer changes allowing for wrongful wires/transfer of money and/or access to non-public or sensitive data.
5. What are some of the challenges of cyber security? How can cyber security be made easier?
Kimberly Patlis Walsh:
Cyber security on its own is not particularly challenging, rather it requires a material amount of attention to detail. Unfortunately, there is no way around needing cyber security protocols, business continuity protocols and enterprise protections in place.
To the extent a company does not spend the time upfront on security measures, it is not a question of ‘if’ they will get breached rather just ‘when and how material’. Cybersecurity experts and insurance carriers have identified key vulnerabilities that cybercriminals seek to manipulate to enter computer systems:
- Multi-factor authentication tools to safely access internal computer systems
- Robust Desktop Security Protocols, including virtual private networks, data encryptions, protective passwords, firewalls, and restricted access to admin rights
- Active management of systems and configurations
- A continuous hunt for possible network intrusions and third-party threat exposure
- Keep update-to-date on upgrades in software at all times
- Develop and exercise a system recovery plan, including regular testing of backups for data integrity and restorability and preparing and annually testing of incident response/ business continuity plan
An independent risk advisor can serve as a sounding board and help navigate through the various and sudden risks that global enterprises face to ensure maximum recovery of data, systems and monies.
6. What are the biggest cyber threats currently and what emerging risks should businesses know about?
Kimberly Patlis Walsh:
Ransom and malware attacks are on the rise and have been further compounded by the Russian invasion of Ukraine. Corporations of all sizes are encouraged to take all the necessary steps to protect their enterprises, avoid business interruptions and backstop their own security with robust insurance and access to active breach response teams.
7. Can you tell us more about Corporate Risk Solutions (“CRS”)? And how do you help small businesses?
Kimberly Patlis Walsh:
Corporate Risk Solutions, LLC (CRS) is a premier independent risk management and insurance advisor, primarily focused on alternative capital firms and their respective portfolio company investments. CRS also helps companies of all sizes and industries (both privately held and publicly traded) across the risk continuum, serving as an ‘outsourced risk manager’.
We work with all of our clients to develop comprehensive operational risk management plans to best navigate all business challenges, claims, litigation or other commercial exposures.
We serve as an extension of our clients’ management team, help them to determine the right level and adequacy of their risk assumption and transfer strategies and provide guidance relative to best protections, risk partners and opportunities for cost mitigation and minimizing losses. While we do have ‘small business’ oriented advisory services, our approach is the same irrespective of client size.
INTERESTING INTERVIEWS
- How To Secure And Protect A Website [We Asked 38 Experts]
- Exclusive Interview with SpyCloud’s CEO and Co-Founder Ted Ross
- Exclusive Interview With Bob Baxley, CTO Of Bastille Networks
- Exclusive Interview With Hugh Taylor, Author Of Digital Downfall
- Exclusive Interview With Mark Stamford, CEO Of OccamSec
- Exclusive Interview With Paul Lipman, CEO Of BullGuard
- Exclusive Interview With Ramil Khantimirov, StormWall’s CEO & Co-founder
- Exclusive Interview With Yoav Keren, Co-Founder & CEO Of BrandShield
- Exclusive Interview With Matt Davey, COO Of 1Password
- Exclusive Interview With Dan Olson, CEO Of UpCity
- Exclusive Interview With David Monnier, Chief Evangelist Of Team Cymru
About the Author:
Mikkelsen Holm is an M.Sc. Cybersecurity graduate with over six years of experience in writing cybersecurity news, reviews, and tutorials. He is passionate about helping individuals and organizations protect their digital assets, and is a regular contributor to various cybersecurity publications. He is an advocate for the adoption of best practices in the field of cybersecurity and has a deep understanding of the industry.
 who has over 20 years of insurance){kind=link}