Watching cyber insurance mature over the past decade has been fascinating, with attacks and counterattacks reminiscent of the old Spy vs. Spy cartoons in Mad magazine – just at high speed, with serious stakes and with a clear delineation between the good guys and the bad guys. Cyber insurance began with a stark realization – not just that it was needed but that existing policies might cover a major risk that insurers very much didn’t want to be covering. At the same time that carriers started offering cyber policies, they were rewriting general liability policies to make very clear that cyber attacks weren’t covered. Early attacks focused on stealing Social Security numbers, credit card information and other data that the bad guys could use to impersonate people. But credit card companies responded with, among other measures, faster response to fraudulent purchases and with secure chips in credit cards. So hackers went to a new level, hacking into corporate systems, stealing and encrypting data necessary for running a business and demanding ransom in return for tools that would decrypt the data. But then the good guys responded by not just improving their defenses but by creating backups that they would use if their main systems were compromised. Now we’re on to the new battle. Hackers are using AI to quickly sift through corporate systems once they’ve wormed their way in and are being much more strategic about the information they’re after. Once they have it, they may threaten to make it public and extort payment in return for silence. AI also keeps lowering the cost of doing business for hackers. They can, for instance, come up with a general template for an attack, then have AI replicate it and go after orders of magnitude more targets than were reachable in the past. The AI can even translate the attacks into other languages and do custom coding to facilitate the hacking attempts. But the amped-up attacks are hardly the end of it. As Vishal Kundi, co-founder and CEO of Boxx, explains in this month’s interview, the good guys can use the same tools that hackers use to scan corporate systems, to spot vulnerabilities and to fix them before hackers can exploit them. Boxx monitors conversations on the dark web to see what information is being offered for sale, so it can warn any clients who’ve been compromised. Boxx is also increasingly providing modules of cyber insurance that merchants or platforms can buy and embed into digital commerce to cover individual transactions and make customers feel safer. What comes next? We’ll just have to keep our eyes and ears open. Spy vs. Spy battles are often surprising. In the meantime, I think you’ll find the interview with Vishal enlightening – dare I say, even encouraging. Cheers, Paul | 
