The Cybersecurity Arms Race

Hackers keep broadening their attacks, but prevention keeps improving, too, and modules of coverage can now be embedded into digital commerce. 

Vishal Kundi Iterview

Insurance Thought Leadership

How do you see cyber risks evolving?

Vishal Kundi

If we look at how cyber risks have evolved, particularly in the last five years, we have seen threat actors getting better at exploiting vulnerabilities and emerging technologies like IoT and AI to expand the attack surface, making it harder to fully safeguard against breaches.

Looking at our claims data, about 80% of cyber claims are due to human error. Employees or individuals inadvertently open the door to cybercriminals, either by leaving security gaps unattended to or making networks more vulnerable. Our key objective here is to provide customers with alerts when we detect potential risks. The idea is that with the right education and tools, they can address these issues before they can cause a problem.

Another growing threat is the rise of social engineering attacks as more businesses move to online banking. We see increasing instances where hackers trick customers into paying fraudulent invoices by using compromised email accounts or fake communications. This type of threat is harder to address purely with technology because it boils down to awareness. Businesses need to be more vigilant about verifying payment requests and changes in banking details.

Insurance Thought Leadership

I like your "predict, prevent, and insure" model. The more we can predict and prevent cyber events, the less we need to insure, creating a safer world. Can you tell us more about your preventive approach, particularly with your scanning and alert platform?

Vishal Kundi

We’ve developed a robust system that looks for threats and risk signals, which help us identify higher probabilities of a loss. For instance, we can tell if a client’s website isn't properly secured or if their email addresses and passwords have been stolen.

These signals don’t necessarily mean a breach is imminent, but they do increase the chances of a targeted attack. At a deeper level, we monitor "hacker chatter" on dark web forums to see if someone is selling our customers' data. For example, if we spot a post offering Fishman Inc.’s data for sale, we can alert our client’s team through our Hackbusters service to take action and reduce vulnerabilities before an attack occurs. This proactive approach continues to evolve and become more sophisticated.

That said, while we work to secure our customers, hackers are constantly evolving, as well. We also package these predictive and preventive tools into our all-in-one Cyberboxx products, which provide coverage for both individuals and businesses.

Insurance Thought Leadership

How do you see cyber threats evolving further? I’m hearing more about hackers threatening to publicize sensitive information, rather than just encrypting data and demanding ransom for decryption tools.

Vishal Kundi

That’s a very insightful point. Cybercriminals are constantly looking for new ways to extract money, and they’ve realized that the ability to rebuild data no longer holds the same weight. What truly gets a company’s attention now is the threat to its reputation, particularly when it comes to customers. If a hacker can threaten to publicly expose sensitive customer data, that becomes a far more effective tool for extortion.

Another trend is that smaller businesses are becoming more digitally savvy and increasingly dependent on cloud services and third-party applications. However, when these external services experience outages or breaches, they can bring the entire business to a halt. This risk is known as "contingent business interruption." A prime example of this occurred last year in the auto dealership sector, when a widely used point-of-sale software was compromised. The breach affected thousands of dealerships across North America and Europe, highlighting how interconnected and vulnerable businesses can be when they rely on external digital tools.

Insurance Thought Leadership

How should companies approach cybersecurity risks that are beyond their immediate control, especially with third-party vendors and contractors? I’m thinking of incidents like the Target breach, where hackers exploited a vulnerability in a third-party vendor.

Vishal Kundi

Larger enterprises, in particular, are now asking suppliers to disclose their cyber insurance coverage and security measures as part of the procurement process, trying to avoid scenarios like the Target breach, where a third-party vendor’s weak security led to a massive incident. Cyber insurance policies typically include coverage for such losses caused by third party suppliers they are connected to. It covers the loss of income or operations that occurs when a third-party service provider or vendor suffers a cyber event, such as a breach or outage, affecting your business.

Insurance Thought Leadership

When you work with carriers and customers to predict and prevent problems, how does that look in practice?

Vishal Kundi

As a Lloyd’s of London coverholder, we are authorized by a Lloyd’s syndicate (or multiple syndicates) to assess risks, underwrite and issue insurance policies on their behalf, in addition to providing the Predict & Prevent services to our customers. From that lens, customers get the peace of mind of the coverage and the all-in-one prediction and prevention.

A new trend we’re seeing is more insurers looking to provide cyber insurance to their customers. They see the benefits of replicating our Predict & Prevent approach. They don’t have the technology and expertise to put this in place, and we’ve been approached to white-label our solutions for them. This is a huge testament to the effectiveness of the systems we’ve developed.

We’re also seeing major interest from mega brands in banking, financial services, travel and retail. These industries are integrating our cyber protection offerings into their products, helping their customers stay safe online. In India, for instance, we work with the country’s version of Zillow, where users can add our digital protection when making rent payments. We’re also embedded in telecom subscription plans in Canada.

This integration shows that customers expect large brands to offer protection while they transact online. We've developed methodologies to underwrite entire customer groups and provide relevant cyber and digital safety services at scale. This approach is proving highly effective for us.

Insurance Thought Leadership

Embedded insurance is a growing trend, and what you’re describing is a perfect example. People don’t usually think about buying your insurance, but they’re paying a small amount for key protection as part of another transaction, just when they need it.

Vishal Kundi

Exactly. We use embedded insurance as an entry point. As customers become more digitally savvy, they can choose to "buy up" from that initial protection as their needs evolve.

We’re now exploring ways to develop new products for various affinity groups and organizations, such as cyber insurance for business travelers and employee benefits. There are so many ways we can protect people beyond traditional insurance models.

The beauty of digital risk is that it’s no longer about geographic location. Your risk is tied to your digital footprint, which makes it easier for us to work globally. For example, we can work with telecom companies in Canada and India with the same ease.

We’ve also identified opportunities to provide value to customer groups that traditionally struggle to get cyber insurance. For instance, a large Christian faith group approached us wanting to insure their parishes. What they really needed was access to emergency cyber support. So we created a non-indemnified service called Cyberboxx Assist, where parishes can reach out to our Hackbusters team 24/7 in case of a breach.

Insurance Thought Leadership

How do you see cyber risk and coverage unfolding with traditional lines of insurance?

Vishal Kundi

As businesses become more digital, every part of their operations now involves some level of cyber risk. When we insure a company for a cyber policy, we’re looking at two main things: the cost of getting the business data systems back up and running and the cost of third-party lawsuits. There's also the issue of cybercrime, where companies are targeted by fraudsters.

Let’s look at the example of property insurance. Many traditional cyber insurance policies may not automatically cover physical property damage caused by a cyber incident. Take a hospital. What if a cyber breach compromises an MRI machine? What if that breach leads to patient injury or another event? Would that fall under the hospital’s liability insurance, cyber insurance or even their medical practice insurance? We’re starting to see more questions about how to properly categorize these types of risks, and specialist coverages like cyber property damage to start filling in some of those gaps.

In addition, board accountability is becoming a hot topic. Directors and officers are increasingly held responsible for a company’s cyber infrastructure, which raises questions about whether their D&O insurance should cover this risk.

These evolving scenarios show how intertwined cyber risk is with other lines of insurance.

Insurance Thought Leadership

As a baby boomer, I appreciate that you’re focusing on this demographic. What problems are you solving for us?

Vishal Kundi

We define boomers as people between 61 and 79. As they navigate the digital world, they often don’t have the same safety awareness as younger generations that have been around the technology for a longer part of their lives. Cybercriminals are targeting this group, knowing they hold significant wealth and may not be as digitally savvy.

Insurance Thought Leadership

We’re seeing cyber risks rise, yet premiums are often decreasing. Does this track with what you’re seeing?

Vishal Kundi

That’s spot on. As companies improve their ability to manage security risks and losses remain within expected limits, insurers are becoming more confident in offering better terms and pricing. However, over time, as losses begin to exceed premiums, we typically see upward pressure on prices. This cycle—where premiums rise after a period of stability or decline—is a natural part of the insurance market, and it’s one we’re likely to see play out in the cyber insurance space, as well.

Insurance Thought Leadership

Thanks, Vishal.

 

 

About Vishal Kundi

vishal headshotAs the co-founder and CEO of BOXX, Vishal Kundi aims to help make the world a digital safer place. Prior to BOXX, Vishal held the role of chief sales officer at Arthur J. Gallagher. Vishal brings a global perspective to building a new company, having lived and worked across the world, including in Dublin, London, Hong Kong, Santiago and Toronto. He has played a pivotal role in both mature businesses and insurance startups.

Insurance Thought Leadership

Profile picture for user Insurance Thought Leadership

Insurance Thought Leadership

Insurance Thought Leadership (ITL) delivers engaging, informative articles from our global network of thought leaders and decision makers. Their insights are transforming the insurance and risk management marketplace through knowledge sharing, big ideas on a wide variety of topics, and lessons learned through real-life applications of innovative technology.

We also connect our network of authors and readers in ways that help them uncover opportunities and that lead to innovation and strategic advantage.

MORE FROM THIS AUTHOR

Read More