Idealog recently interviewed Ian Pollard in the following story on evolving cyber threats:
The insurance game is changing, Delta Insurance’s Ian Pollard says. And it’s not just responding after something has happened – it’s making sure nothing happens in the first place.
It’s a sad reality: if you have a computer, chances are it’ll be compromised at one point or another. Whether it’s viruses, phishing, malware, or the evermore-popular (and ever-more-harmful) ransomware, at some point or another, something damaging will probably happen – and that could do a great deal of damage if you own a business.
Many column inches have been devoted, of course, to the scope of the problem, and what cybersecurity firms are doing to combat it. But what hasn’t received as much coverage is the fact insurance companies are also doing some pretty innovative things to adapt to the threats – and potential threats.
Take Delta Insurance. The organisation has recently released comprehensive white papers outlining some of the challenges – and what’s being done to meet them.
One of the important aspects of the white paper is new threats from overseas to New Zealand businesses. In 2016, IT services exports from New Zealand saw double-digit percentage growth in most major markets, and our digital economy contributed more than $6.9 billion in export earnings last year.
While this is great, the white paper states, “intellectual property (IP) infringement on patents and copyrights are increasingly landing Kiwi software developers and designers in hot water in foreign markets, especially Europe, Asia, and the USA — where tech giants typically amass software patents like tactical nukes.”
The white paper offers an example: that of US audio company Bose’s claim of patent infringement against NZ noise-cancelling technology maker Phitek Systems. Though the Kiwi company admitted no liability, it was nevertheless strong-armed into settling for $4.5 million plus legal costs. That’s a lot of money many businesses in Aotearoa simply don’t have.
Worse are the trolls, says Miles Valentine, founder of Kiwi tech company Zeacom. Stung twice by patent trolls in technology it didn’t even possess: “[But] it was going to cost me US$1 million to get to court to tell them that,” says Valentine. “So I gave them $350,000 to go away.”
The Delta Insurance white paper follows another white paper that was released earlier this year, which says that New Zealand, despite its geographical isolation, remains highly vulnerable to cyberattacks. That white paper states while the nation has expanded its cyber resilience capabilities and strategies to deal with attacks, it remains one of the “Cyber Five” – alongside South Korea, Australia, Japan and Singapore – who appear to be more vulnerable to attacks than any other Asia-Pacific economy.
The white paper also states that many New Zealand businesses remain underprepared. Almost one in five New Zealand small-to-medium enterprises (SMEs) have been targeted by a cyberattack, with an average financial loss of $19,000. Yet while the number of Australian and New Zealand small businesses who have faced a cyberattack are virtually identical (19 percent in Australia and 18 percent in New Zealand), only six percent of New Zealand SMEs have cyber insurance, compared with 14 percent of Australian SMEs.
That’s an issue, because of this: according to the white paper, the total cost of cyber threats to New Zealand was estimated at $257 million in 2016, and that there are, on average, 108 cyberattacks in New Zealand every day – a number that is increasing. About 100 million cyberattacks in New Zealand were thwarted in 2016 – a two-fold increase from 2015.
According to Delta co-founder Ian Pollard, the white papers are just the latest reminders of the importance of cyber insurance. He says that cyber insurance these days is a whole lot more than simply recouping costs after information has been damaged, destroyed or stolen.
“The risks are changing quite dramatically daily, and more so than they ever have in the past.”
According to Pollard, cyber insurance has been a thing for about 20 years in places like the United States and Europe. However, “it’s only internationally really started to become a thing [in New Zealand] in the past five to six years.”
Pollard emphasises that with everyone today being online in some way, shape or form – and quite a lot of us spending the majority of our time online, including storing almost all of our information – cyber insurance is no longer just a necessity for large, multinational corporations holding data like trade secrets.
Pollard offers proof by listing the great variety of Delta’s clients. “We’ve got a panel beater based in Auckland buying cyber insurance, we’ve got dairies buying cyber insurance, government institutions, financial firms… every sector should be thinking about cyber insurance.”
Delta already has thousands of clients in New Zealand – and Pollard says business is expected to double, literally, in the coming year.
But why are so many people getting cyber insurance? Pollard has some theories. “These risks can happen to you,” he warns. “Things can go wrong in New Zealand. And most people get it (that things can go wrong) because we’re so tech-savvy.”
One of the ways to be tech-savvy, says Pollard, is being proactive and knowing when to ask for help – things that, as many of us can relate, are pretty important in every facet of business.
He says to think of it like offering not just fire insurance if your house burns down, but making sure your house doesn’t burn down in the first place.
But how, exactly, does that relate to cyber insurance? According to Pollard, Delta offers pre-loss help and protection. To do so, it also works with partners including RedShield, Aura Information Security, SafeStack and more – organisations which are among the most innovative on the planet when it comes to cyber security and preventing bad things from happening.
“What we tend to offer is a lot more than just an insurance product,” he says.
“We’re taking a quite different approach. We bring quite a bit more to the table than meets the eye. Our experts work with our insureds once they’ve taken up a policy – they give cyber risk assessments and health checks, implement state-of-the-art cybersecurity software if needed and assist with policies, procedures, disaster recovery plans and business continuity plans. Most of these are tried and tested. They’re just quite intangible – you can’t see it, can’t taste it, can’t hold it. We organise this because as an insurer it’s better, and cheaper, for all parties if we can avoid being the ambulance at the bottom of the cliff!”
As Matt Taylor of RedShield puts it: “If the bad guys come, you want a private army on your side.”
That army can be helpful in combatting threats like distributed denial of service (DDoS) attacks – which flood websites with simulated requests until the site crashes – which disproportionately hit IT, SaaS and cloud service providers.
With 33 percent of global DDoS incidents affecting tech companies, they cost businesses about $40,000 per hour of outage on average.
Pollard goes back to the importance of adapting to a changing threat landscape – and taking steps to ensure threats don’t cause as much damage in the first place, not unlike locking your doors to keep burglars out of your home or bolting a hot water heater to a wall so it’s less likely to fall during an earthquake.
“Evolving threats require an evolving response,” he says.