A brief introduction to Cybercrime
Crime and illicit activities exist since the beginning of the law-based society as we know it. In recent times, crime has taken a step forward in the way that, following the evolution of technology and the creation of private information networks, crime organizations found this technological revolution as a new approach to commit illegal actions. Cybercrime has developed massively in the last few years, evidenced by several cyber attacks and scandals that took place, in the Wikileaks case.
Cybercrime organizations, as Lazarus for example, intend to corrupt individual and collective networks, such as social media and bank accounts information systems. This activity is performed by Hackers, masters of computer handling and technological revolutionaries, that can work individually or for hacking organizations.
In 2012, The Wall Street Journal estimated loss to cybercrime to be $100M (although other reports placed that figure nearer to $1bn); Lloyds believed it to be $400M in 2015. In June 2017 the FBI reported losses had risen 24% in 2016 alone. A fundamental problem is that much of cybercrime goes undetected, causing regulators and financial services companies to change quickly, updating regulations and systems to improve detection rates and slowdown what is increasingly proving to be a cash cow for criminals
A recent case of cybercrime was the attack on SWIFT. Although it was stated that SWIFT provided a safe and reliable environment, over recent years, numerous hacks against SWIFT have been reported which has resulted in clients losing millions of dollars. Researchers have identified that a hacker group known as Lazarus were behind these hacks, linked strongly with North Korea. The attacks exploited vulnerabilities in the systems of member banks as the hacks allowed attackers to gain control of the banks’ legitimate SWIFT credentials. What’s more, these hacks can also implant malware which can remain hidden and allows a new resurgence of hacks later down the line. The hacks in 2015 and 2016 involved malware which issued unauthorized SWIFT messages which then concealed that the messages had even been sent. The malware, after moving the funds was designed to delete the database record of the transfers and basically leave the hackers to go undetected. A similar attack on Bangladesh’s central bank yielded $101m.
As U.S National Archives & Records Administration mentioned, “60% of companies that lose their data will shut down within six months of the disaster [i.e cyber attack].” Firms are becoming more aware of cyber risk and how destructive it can be. As a result, the number of firms contacting cyber insurance companies has been increasing and estimates suggest that the number will keep increasing in the future.
The role of Cyberwrite
Given the volatile environment around cybersecurity and consistently enhanced technology, Nir Perry, Cyberwrite’s CEO and founder, acknowledged a market failure in the cyber insurance industry, with its core in two great issues:
● Small and Medium-sized Businesses (SMBs) lack the capital to contact insurance companies and, consequently, the skills to defend from a cyber attack.
● The majority of insurance companies were not exactly “cyber experts”. Meaning that they lacked the technology to underwrite their customers with due accuracy and come up with the appropriate policy. So, at the end of the day, they failed to effectively provide assistance to its customers.
Therefore, in 2016, the Israeli company was founded with the aim of helping insurance companies increase their sales through enhanced risk profiling, with a primary focus on SMBs. They are not, however, a cyber risk consultant nor a cyber insurance company. The company is financially backed by American and Israeli angel investors, as well as global investors and accelerators such as Citibank, SpeedInvest, Plug and Play and around 500 startups.
Cyberwrite develops cyber-profiling with the aid of AI algorithms to institutions such as insurers or banks in order to assess a profile of cyber insurance risks and estimate the financial impact they are exposed to, while comparing with the benchmark in a one-page “human-readable” report. The report we used is in fact an actual report, only the company’s name was changed due to confidentiality. So, their report is divided into three parts:
Cyber Insurance Coverage scores: Cyberwrite compares the risk score of the company with the benchmark of the industry. The higher the score, the better. In Hooli´s case, their risk policy score is relatively low. From the report we can check how a large share of their risk score is explained by the lack of coverage regarding Business interruption, stolen records and data loss.
From this specific report we can see how the high risk in industry [whichever industry Hooli belongs to] and the regulatory risk (risk that a change in laws and regulations will materially impact a business) are the major source of Hooli´s cyber risk. The risk is ranked from A [no risk] to E [extremely high risk].
Provides a financial impact assessment (FIA) of a possible cyber attack.
Basically, it estimates in quantitative terms how much money the business has at risk. It also mentions the financial loss associated with each risk domain. The FIA is calculated through a simple questionnaire answered by the customer. Again, by checking Hooli´s FIA we can see how they can expect to lose from $100,000 up to $871,000 in case of a cyber attack. We can also check how a large share of this expected monetary loss is derived from the Regulatory expense. Which makes sense because, as we have seen before, Regulatory risk represents a large share of Hooli´s overall cyber risk.
It’s based on this FIA that customers can estimate how much they should pay to its insurance companies which is what, ultimately, increases cyber insurance sales.
To prepare this report, all Cyberwrite requires is the company’s name and its website. They then collect data from millions of sources all over the Internet in order to estimate the risk associated to the costumer.
This is a breakthrough in the cyber insurance industry, as it enables insurance companies to make a much more accurate estimate of how much to charge, making this market more accessible to SMBs. As a result, Cyberwrite has already received some important awards such as the UK Embassy’s British Award for Innovation in 2018 and was named a Cool Vendor in Gartner’s category “Cool Vendors in Insurance, 2018” being one in four insurtechs to ever receive this nomination.
All in all, the insurance market is growing at a fast pace. Big budgets have been invested to ensure market-leading insurers are positioned at the forefront of change. It is estimated that approximately $1.7bn was spent in insurtech in 2016. A market that was previously known as change-averse is now developing rapidly with the aid of monetary expenditure and big data, which improves the creation and constant update of insurance models tailored to each business, as is the case of Cyberwrite. What we can expect is a continuous evolution of insurtech that is likely to improve market conditions for small and medium enterprises to emerge and grow and for big companies to continue thriving without safety constraints.