631.851.0222 Ext. 2010
. . .We Make it Easy
You Manage Risk Every Day. . .
INFORM’s Risk Management Information
System provides a very powerful yet easy
to use solution for small to very large clients.
• Powerful Drag and Drop Reports/Graphs
• Dynamic Portals
• Claims Management
• Claim and Incident Reporting
• Data Conversion
• Incident Investigation
• Loss Prevention Tracking
• Claims Auditing
• Litigation Management
• Certificate of Insurance Tracking
• Fleet Management
• Employee/Customer Relations
• Medicare Section 111 Reporting
OCIP/CCIP RMIS Solutions
A Predictive Modeling offering
for claims management.
Call today for more details.
Customer Satisfaction is our #1 Priority
in the accounts department.”
Training the workforce to become
more aware of cybersecurity is nothing
new, said Shiraz Saeed, national
practice leader, cyber risk, Starr
“The big issue is getting employees
to understand that they have a
responsibility to protect company
information, just as it’s the employer’s
responsibility to protect employees,” he
added. “Many senior executives in the
older-age ranges aren’t keen on the need,
say, to learn five different passwords
when logging in, which means even now
there are still a lot of single sign-ons.
“Millennials are generally far more
open and receptive to additional
security measures, so your workforce’s
attitude is very much determined by its
Weryk is optimistic attitudes
are changing company-wide. “Two
years ago, when a company gave out
tokens for multi-factor authentication
to employees, many regarded it as
annoying, but they’ve quickly come to
appreciate the need for it,” she said.
Hiscox’s Wharton noted employees
are already accustomed to having
tougher levels of security applied to
workplace devices, simply because they
see the approach in their other day-to-day activities, such as personal banking.
Dave Cameron, XL Catlin’s chief
information security officer, added most
employees appreciate that while their
company has to protect thousands of
devices and hosts, the successful attacker
only has to find one that is vulnerable.
“It’s good that heightened awareness
means, for example, employees are
more likely to question the authenticity
of an email that could conceal a
phishing scam,” he said.
Kukoda also advocates for this
approach: “Tabletop exercises are a
great way of identifying where the
company can strengthen its security.
As the strategy is developed, they must
be able to demonstrate exactly where
these improvements have been made.
“Threat groups tend to target a
specific industry rather than an individual
company to discover which are the most
vulnerable and likely to reveal their
intellectual property secrets or accede
to a ransom demand,” she said.
It might be assumed that with the
trend for more employees to bring their
own smartphones, laptops and tablets
to the workforce and connecting on the
secure corporate network — and also
working more from home or away from
the premises — companies might want
to review their “bring your own device”
However, Beckett pointed out
location is less an issue than the
equipment the employee is working
“WannaCry and NotPetya
exploited Windows’ vulnerability,
but this was well-known for some
time before the attack and largely
affected older devices with outdated
systems. Employees using BYOD
usually don’t use Windows XP. To an
extent, that’s due to vanity, but it also
sends the wrong message to clients
and colleagues if you’re still using an
antique device. Individuals instead
want a state-of-the-art laptop that
declares they are at the top of their
game,” Beckett said.
Insurers are devoting resources
to educating company workforces.
Despite the increase in attacks and
the potential for major losses, more
have joined the original top four cyber
insurers — Chubb, Beazley, AIG and
XL Catlin — in developing detailed
offerings and holistic pre-incident
and response programs. This includes
alerting companies to new threats. &
GRAHAM BUCK is a freelance writer and
editor based in the UK. He can be reached