Small-town street scene in Illinois American flag flapping in breeze by huge painted American flag fading from brick wall


Episode #83 - Cyber Insurance Insights & What You Need to Know

Cyber insurance is critical for risk management and the requirements are changing rapidly. With rate increases averaging 25-45% per year and many companies being declined for coverage altogether, this week the guys get the inside scoop with cyber insurance expert, Adam Guyton. Adam shares some important cyber insurance insights including how to get the most out of your policy, what to look for in your coverage, insurance carrier requirements, how to prepare for your renewal, and more.

Pick up your copy of Cyber Rants on Amazon.
Looking to take your Cyber Security to the next level? Visit us at
Be sure to rate the podcast, leave us a review, and subscribe!


Mike's Headlines:

Final Twilio Smishing Victim Count Reaches 209
GitHub flaw could have allowed attackers to takeover repositories of other users

White House Convenes International Ransomware Summit
Hackers selling access to 576 corporate networks for $4 million
Mobile Phishing Attacks on Government Staff Soar
Malicious Android apps with 1M+ installs found on Google Play

 Hundreds of U.S. news sites push malware in supply-chain attack

White House Ransomware Confab Ends With Data Sharing Pledge
Bed Bath & Beyond Discloses Data Breach to SEC
Dropbox discloses unauthorized access to 130 GitHub source code repositories
VMware warns of the public availability of CVE-2021-39144 exploit code

ConnectWise fixes RCE bug exposing thousands of servers to attacks
BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider
Urgent: Google Issues Emergency Patch for Chrome Zero-Day
FBI and CISA: Here's what you need to know about DDoS attacks
Fortinet fixed 16 vulnerabilities, 6 rated as high severity

Critical Vulnerability in Microsoft Azure Cosmos DB Opens Up Jupyter Notebooks

Bot Warning for Retailers Ahead of Busy Shopping Season

Group indicted for breaching CPA, tax preparation firms via stolen credentials


welcome to the cyber rants podcast
where we're all about sharing the forbidden secrets
and slightly embellished truths
about corporate cyber security programs
we're ranting
we're raving
and we're telling you the stuff that nobody talks about
on their fancy website and trade show giveaways
all to protect you from cybercriminals
and now here's your hosts
mike ratando
zach fuller
and lauro chavez
hello and welcome to the cyber ants podcast
this is your co host
zach fuller
joined by microtondo and lauro chavez
today we are diving into a topic
that a lot of companies are struggling with right now
so our goal is to answer some of those questions
that you might have about cyber insurance
cyber insurance has been a crazy
topic over the last few years
and so for today's episode
we have a special guest
adam guyton
who's with painwest
which is a member of martian mcclellan agency
adam's been in the business for a long time
we'll get into intros and such shortly
but first of all
before we do
thank you adam
for joining us
appreciate you
looking forward to diving in today
so mike why don't you kick us off at the news
in the usual fashion
and then we'll get ready and
take a deeper dive into insurance
morning everybody
and welcome to the news in the usual fashion
i'm using my new radio announcer microphone
so my voice can sound deep and sexy it does
final tolio's mission
victim count
reaches two hundred and nine
customer engagement platform tolio says
the number of customers affected by a fishing campaign
that coaxed employees of a san francisco
company into permitting attackers to bypass
mfa protections
will stand at a final total tally of two hundred nine
the company was one of the handful targeted the summer
by campaign dub octopus
or scatterswain
that food and fooled employees with fake
multi factor login pages
delivered by an sms text telling the recipient
to change their password
final report says
hackers gained on authorized access to only
some internal
non production systems
other companies
including identity and access management provide
octa say attackers are able to harvest phone numbers
and one time passwords pertaining to their customers
github flaw could have could have allowed attackers
to take over repositories of other users
critical flaunt
and github could have allowed attackers
to take over the other spot
other repositories
it have has addressed a vulnerability
that could have been exploited by threat actors
take over the past stories of other users
i guess i said that twice
the vulnerability was discovered by check marks
that called the attack techno repo technique
repo jacking
the technique potentially allowed attackers to infect
all applications code in the repository
the check marks
scs supply chain security team
found a vulnerability in github that
jesus repeat this a lot
anyway long story short
if not explicitly attended all
all renamed usernames on github are vulnerable to this
fall including ten thousand packages on the go
swift and packages a package managers
this means that thousands of packages
could have been hijacked immediately
and start reserving malicious code to millions of users
the researchers discovered that the vulnerability
resides in the popular repository
naming space retirement mechanism
and developed an open source tool to identify
and help mitigate the risk of exploitation
of bugs in this mechanism
white house convenes international ransomware summit
us officials will meet this week with delegations for
more than three six countries to share intelligence
and strategies about how to push back
against crippling and costing ransomware
tax against critical infrastructure
in addition to public sector experts
microsoft and sap
will also contribute their data and in
analysis as part of the participation in the summit
as long as microsoft's there
we're all safe right
hackers selling access to five hundred and seventy
six corporate networks for four million dollars
a new report shows that hackers
are selling access to five hundred and seventy
six corporate networks worldwide
for total cumulative sales of four million dollars
fueling a tax on enterprises
the research comes from an israeli
cyber intelligence firm kayla
which published its q three
twenty twenty two ransom report
reflecting stable activity
in the sector of initial access sales
but a steeps rise in the value of the offerings
although the number of sales for network access
remained about the same as the previous two quarters
the cumulative requested price has now reached
four million
for comparison
the total value of initial access listings in q two
twenty twenty two was six hundred and sixty thousand
according a drop in value
that coincide with the summer ransomware hiatus
that hurt demand
mobile fishing attacks on government staff soar
mobile based
peninsula staffed
attacks against federal government employees
increased by forty seven percent from twenty twenty
to twenty twenty one
exposing agencies to serious
rich speeches
according to lookout
the report was compiled from analysis
of more than two hundred million devices
of more than a hundred and seventy five million apps
it found that around half
or six percent of state
local and federal us government employees
were the target of mobile
based credential fishing attempts in twenty twenty one
up from thirty percent a year earlier
the report also claimed that
one in eight government employees
were exposed to fishing threats last year
by social engineering
within any app
including social media platforms
message apps
games or even dating apps
part of the threat comes from a large
number of unmanaged devices
and use across federal
state and local governments
report revealed
a fifty five percent increasing use of such devices
from twenty twenty
to twenty twenty one
as byod remote
working became the norm across many organizations
there's a malicious android app
with one million
plus installs
found on google play
there's a set of format malicious
applications currently available on google play
official store for the android system
directing users
to sites that steal sensitive information
generate apr
click revenue
for the operators
some of the
sites offer victims the option
download fake security tools or updates
or trick the users
into installing malicious files manually
the four malicious apps uncovered
at this time are
a bluetooth
auto connect
over a million installs
bluetooth app sender driver
bluetooth wi fi
usb with over ten thousand installs
mobile transfer
smart switch
with over a thousand installs
you have still got favorable reviews
yeah no not at all
what in just a touch on that
i think everybody's looking for
ability to turn off
and turn on
and change channels
of tvs that are in public places like bars
that's a great place
to put malware
it's also a great reason
not to use android
in a google play store
i don't trust
any of that
but that's me
i agree with you
hundreds of us
news sites push malware
and supply chain attack
threat actors
are using the compromise infrastructure
of an undisclosed media company
to deploy the sock
ghoulish javascript
malware framework
also known as fake updates
on the website of hundreds of newspapers
across the us
the media company
in question
is a firm that provides
both video content
and advertising to major
news outlets
and serves many different companies
and different markets
across the us
the third actor
behind this fly chain attack
tracked by proof
point is t a
five six nine
has injected
malicious code
into a benign
javascript file
it gets loaded
by the news websites
melissa's javascript
file is used to install
the malware
which will affect
those who visit
the compromise websites
with malware
payload camouflages
fake browser x updates
delivered as zip
zip archives
via fake update alerts
there's a whole list of files
that you can look at in the
in the news story
so check them out
the white house
ransomware contact
ends with data
sharing pledge
bed bath and beyond
has been had
a data breach
these are some headlines
be a more ones
of public of it
public availability of a cve
twenty twenty
one three nine
one four four
which is exploit
and is running wild
or net fixed
sixteen vulnerabilities
six rated is high
another azure
and there's bots out there
so with that laurel
tell us some case
exploit news
i do have some
good exploit
news for everybody today
before i jump into it
i want to talk about
a little bit
of the evolution
of our exploits happen
you've got some
really clever
people out there
that can reverse engineer
and find weaknesses
in some of the
open source software
and features
that we have
and what they'll do
is i'll write
a piece of code
that exploits
that weakness
and then try to
sell it on various
dark markets
after a minute time
somebody will come along
and buy that exploit
and then put it out there
for everybody to have
so that's kind of how
the evolution of
how these exploits come from
pay service
or a paper exploit
to open source
for everyone
in the tool kit
which brings me to my
current exploits
for this week
for everybody out there
using social media
like instagram
or twitter probably
never heard of that before
especially since
it's been purchased
by our favorite rocketeer
but if you are
using these services
instagram and or twitter
and possibly
even some of the other
social media
sites out there
things comply
across the board
but there are exploits out there right now
that you can
still purchase
and also find
for free that will
give you privilege access
to unsecured
instagram and twitter accounts
what that means is
if you haven't set up multi
factor authentication
or if you're using multi
factor authentication
in some cases
with an sms text code
this script
can still abuse
the function
of instagram
and twitter's password
reset functions
for all of us to use
to issue a password reset link to the attacker
they can then take that link
reset your password
and have access to your account
and extort you for money to get it back
i think there may be some listeners
that this has probably happened to in recent months
so this is becoming more prevalent
my advice work around this is
anytime you're on social media
to be safe always use multi factor authentication
but use a pin
a one time pin authenticator app
like google authenticator
or even something more like duo
or anything like that's fine also
make sure that you're using a separate contact email
a lot of people will use their contact email
in the social platforms
for the email that's registered to the account
um this makes it really easy for the attackers to know
what the um
what the origin email is
or the administrative email to the account is
so as an advice
always use a separate account for your contact email
that way people are contacting you
through a separate email
that belongs to the administration
of the account itself
um take care out there okay
hotmail is also included in part of this script tool
so even if you have old hotmail or yahoo accounts
this can abuse their password ref
functions too
so again mfa with the pincode
make sure you change those emails on the account
and if you happen to be using apache couch
dbe prior to version two
dot three dot three
there is a remote code execution for that
for get this
you'll love this mike
this is for
this is for
out of the box
what they call demo
databases that are a part of the build
so if you do one of these example databases
that come with ouchdb
they're not secured
so if you create a separate database
you don't go back and secure the default database
with a test database
that's there as part of a product
individuals are being able to access this remotely
and then bypass the security of your actual
in use database to access it
so if you're using apache couch db prior to version two
dot three dot three
make sure that you are checking
for that default installation
and making sure that it's secure
especially if you're using a secondary database
and with that
exactly that's all i have for exploits
but exciting topic
cyber insurance is a big deal
pretty big deal to talk about
i think very appropriate for the time
it is very much
and it's kind of interesting
because we can relate a lot to the insurance business
right cybersecurity and insurance are things that
companies really
really need
but they hate to pay for right
until it's too late
and then they actually have to use it
and then they say
okay well good
it's good we invested in that
so we're kind of in that
we're kind of like in the same industry almost
but that being said
we are going to take a quick commercial break
and come right back and dive into it
want even more cyber rants
be sure to subscribe to the cyber rants podcast
get your copy of our best selling books
cyber rants
on amazon today
this podcast is brought to you by silent sector
the firm dedicated to building world class
cyber security programs
for bidmarket and immersion companies across the us
silent sector
also provides industry leading penetration tests
and cyber risk assessments
visit silent sector com and contact us today
and we're back with cyber ants podcast
make sure you check out cyber ants podcast com
so you can get links to the news articles
that mike shared
and all kinds of other good stuff
they're on the site
with that let's dive in
hey adam thank you for joining us
great to have you today
yeah my pleasure guys
so those of you listening to adam guyton
i mentioned before
is with paine west
which is a member of martian mcclellan agency
huge insurance agency
adam has been in the business for over fifteen years
and broker for all kinds of different companies
but one of the things adam specializes in is really
cyber insurance
right so he's the head of cyber
for the agency for the pacific northwest
and really understands
what companies are struggling with
and really really
helps organizations determine
if they have the right levels of coverage
what they need
all of that
and this is something that
we've seen a lot of organizations struggle with
over the last few years
it's becoming more and more prevalent
so glad to have you
let's dive in a little bit adam
first of all
anything you want to share
anything else about your background
or types of organizations you serve
anything like that that
i just maybe missed or glossed over
no i think he hit it on the head zach
that works okay
well well hey
let's dive in
let's talk about cyber insurance
over the last few years
can you just give us an overview
of what's been happening
in the market
what's going on in that space
to kind of set the stage
yeah yeah you bet
so a lot has changed
for everybody in the last few years
but the biggest one has certainly
increased premiums
when i look at what rates
have done over the last three years
we're currently
and that's because of strong
cyber hygiene
but the current rate increases
now are about
twenty five to forty five percent
cyber premiums last year
were increasing by
seventy four percent
and for some context
all other property
and casually
lines throughout
an average rate of nine percent
so well above
any other line of insurance
and then prior to that
the average increase was a hundred and six percent
so we've seen some huge premium increases
and obviously
as you were
speaking mike
there's claim activity
bad actors out there everywhere
and these insurance companies are paying those claims
and we see a lot of them
in ransomware
and social engineering
and i'm not going to sit here
and quantify
every area of claim activity
but some of the interesting ones i wrote down here
is the coverware ransom report for twenty two states
that companies
with just eleven to one hundred employees
are impacted by ransomware
the most at thirty nine point four percent
companies with one hundred to a thousand employees
make up at least thirty two and a half percent
making all small to medium sized businesses
about seventy two percent of all impact
in addition to that
forty five percent of breaches in twenty two
were cloud based
and then a big question is what's the average cost
how much insurance do i need
four and a half million dollars
is the average data breach globally
domestically in the us
it's about nine point four million
and so some big claims are being paid
which leads me to the third point here
which is the underwriters are getting savvy
they're getting very strict
with their requirements and they
and so it's what i would call box check underwriting
it's sort of a hard market approach
in which underwriters are looking
for the very best submissions
and it's because they have limited capacity
so they can be choosy when it comes to writing a policy
so if those
those boxes are not checked yes
or however they need them favorably answered
you're just not going to get an option from that
company what's
what's really struggling is
there's so much nuance with these applications so every
carrier is going to have a different application
a different set of questions
you know in the old days it was five questions
and anybody on the executive team could answer them
and nowadays it takes days and weeks
and often involves the legal team
and it professionals to work through that
although a lot of businesses
don't like the cyber application
it is a good risk management tool
and a reminder that the cyber policy is just one tool
in managing your cyber exposure
with that it kind of gets into the
what are the underwriters looking for
what are those expectations
and currently
you're good
your organization will have to have mfa on email
vpn critical systems
you're going to have to block
remote access ports at the firewall
backups have to be encrypted
you're going to be implementing edr
on endpoints and servers
you got to have a patch management system
password managers obviously
and then more recently
we're seeing some carriers starting to require
a written incident response plan
and now they're addressing contractual risk transfer
with your digital supply chain
so that's what's happening over the last few years zach
so it's getting expensive
that's interesting
seventy two percent
of all the claims that are the cyber breaches
seen by the insurance companies
are for small and medium sized businesses
which i mean
makes perfect sense right
i mean a lot of times
you only hear about the big stuff in the news
but as we know
it's what you don't hear about
that's what's more prevalent out there so
so cyber insurance is getting
you know it's funny because just a couple years ago
for a lot of insurance brokers
it was just kind of a side thing
it was a very small portion of their business
and so now it seems like it's much more prevalent
and then we've had organizations coming to us
for cyber insurance requirements
because they can't get it like you're saying
which is interesting
because a few years ago that didn't happen
they'd come to us
because they had to meet client requirements
certain compliance requirements
things like that
and now insurance is top of mind
so pretty amazing to ship there
but it makes perfect sense right
with all the breaches
the insurance companies are just getting hammered with
having to pay out all this stuff
makes perfect sense
well so where do companies really struggle
when it comes to getting their policies
or renewing their policies for that matter
if these organizations
the insurance providers
are getting more and more strict
what are those major pain points
that you're seeing out there in the market
yeah i think timing is the biggest right now
if if you're sitting there thinking well
my renewals in thirty days
i should probably get started on that
it's going to be too late
and the reason i say that is
if you get that application question
which will be different
than the application you completed the year before
and one of those boxes are checked unfavorably
you're not going to get a renewal
and you're going to have to go to plan b
and plan b can take a couple of months to work through
especially if that carrier is going to require
your organization to implement a security control
so it's what i tell folks is
ninety days out is when you need to be
thinking about your cyber renewal
and same thing if you're trying to place the insurance
it's not a three click
thing and you have a policy
it's going to take time to find a carrier
and the appetites are changing
it feels like monthly you know
one day beasley's writing this at a certain level
and now the revenue threshold has changed
they're out of the market somebody else comes in
and so it's a bit of a jungle out there
the other thing you touched on a little bit is
you know contractual requirements
a lot of a lot of our clients will require
fifty million dollar limits of cyber
or a hundred million dollar limits of cyber
and unfortunately
due to capacity
you're only able to buy cyber policies in
in five million dollar increments
so we're having to create these large towers
of cyber policies with excess policies
you know ten deep
and that can be a challenge
to find enough markets to stack on top of each other
and find that language
so a capacity problem is certainly there and then
actually listened to
part of one of your podcasts lately
about emotions
and you got me all fired up
and so i would say i would
that's part of the struggle is getting
the owners and executives to really get involved
and understand the landscape
and their own cyber hygiene and
and where these bad actors can get in
and so when the premium start to increase in the it
budgets double and claims continue to roll in
having the executive team really understand
this part of their organization is is
is critical
but it can still be a struggle
right you guys know this
one thing that we're seeing
and i've gone through this for a couple of my customers
is that if the underwriter is presented a plan
say well you know it's thirty days out
all of a sudden they get these requirements
and as they're coming up with renewal
because they are not privy to knowing that
of these requirements changing
we've been working with several
our clients that are basically
they'll say like
by march first we'll have this done
and the underwriter is going ahead and approving
and selling the product
the insurance
but at a lower rate or lower coverage
until all requirements are met
so yeah i've seen some of that mic where maybe the mfa
is implemented on just servers and not emails
and the carrier may say okay look
we'll renew everything but ransomware
so you have no coverage for ransomware
but you have everything else
and agreed upon date
if it's completed
the coverage will be endorsed back on
so there is some flexibility with that but again
it comes back to starting that conversation early
getting the underwriter
and the organization involved in understanding that
so that is good
so just to help people prepare
it sounds like just because you have a good cyber and
insurance policy today
doesn't mean that you could necessarily
maintain it when renewal comes up
is that do i understand that correctly
because of the stringent requirements there being
more and more is being tacked on to that
that question there
yeah you'll know when the underwriter has been told by
the powers above them that they want off your account
typically you'll have a renewal application
and then you'll get the underwriters thinking about it
followed by an additional supplemental application
followed by
we need to review the contracts
what vendors are you specifically using
all those are red signs
you better start looking for a plan b
because they're trying to just find any reason
to get off of it
and i've seen it all with big
and we're talking good sized organizations
that have full time it departments
and legal departments
and you know
kind of lead
the space so it's interesting
let's switch gears a little bit here
so i think i think
you know hopefully people listening could
can look at their policies
make sure mark that calendar for ninety days out
and get ready to go through maybe a more stringent
questionnaire process and review process than
than you have in the past
but let's talk about organizations with their policies
and preparing to get the most out of the policy
in the event of breach
i mean that's ultimately what it's there for right
is you want to get that reimbursement of your expenses
how can companies understand
whether they're going to get that reimbursement
and what at what rate
what percentage right
just because you have a ten million dollar policy
doesn't necessarily
mean you're going to get ten million dollars out of it
how what would
what advice would you give
yeah i would say this is a really tough question
and we have to point the finger at ourselves
as insurance brokers
this is really hard for
somebody who's not an it professional to understand
and try to find these coverages and the nuance
and explain that to your client
it can be difficult
but what i tell folks is
instead of buying
policy and finding the best premium
really the idea of a policy is what you get
after a claim
and so an insurance carrier will provide
usually a breach response team
and so the question would be
if you come into work one day
and your computer shut off
you've got a ransomware attack
what do you do
most people go
i have no idea
i'm gonna call my insurance broker
right so we often are
the first phone call that organizations are making
or maybe they're calling their msp
but i would say
work with your insurance carrier
and create that incident response plan
you know we talked about the average reach
cost being four and a half million
well a lot of organizations don't know
is the average cost savings associated
with having an incident response plan in place
and testing it with your security team
is two point six
six million dollars
so time is money
having the plan is going to help you
so get with your broker
get with your insurance carrier
and create that phone tree
for a cyber incident
that involves
all of the folks that come to the table
so that's your breach coach
your forensic it
regulatory and legal
public relations
and a forensic accountant
once you know what to do when acclaim happens you can
you can recover quicker
two point six
six million for having an incident response plan
average savings that if you don't have one that
that should be enough
definitely to
to get one put together
so it should
should be done anyway but that's
that's huge
i did not know that
that statistic appreciation
is there a company
you can think of that can help out with that
well shameless plug
rewind back to the commercial break
and you'll hear about a little company called silence
well it's funny you say that because we
yeah we actually do lot of ir
incident response
disaster recovery planning for organizations
and that's what we tell companies
the same thing
hey you need to have good cyber insurance coverage
when an incident occurs
you're going to go through that provider
and what you call the breach coach
which is essentially an attorney
that specializes in fiber breaches
and the legalities behind that
but going through those channels
is the way absolutely the way to go right
you don't just go google you know
you know incident response company
and go pick the first one that comes up on the list
because the insurance company may not cover that
right so you need to go through their
their providers
so we we like to share that with people
so appreciate you given that reminder
so let's talk about when people are out there
shopping around for maybe new policy
or maybe it's policy for the first time
what should they be looking for
in a good insurance provider
what does a good insurance provider provide
as opposed to your run of the mill provider
yeah i think we're kind of touching on it a little bit
with the breach response team
know that not every carrier offers the same services
some of these companies
you have a claim
it's one eight hundred
good luck and i'm not kidding it's it's
if your price is too good to be true
it probably is right
so what i would say is make sure you
when you're
when maybe you have two or three options be asking what
what is a claim experience like
and what kind of resources do they have
additionally there may be
there may be some contracts that they have
at discounted rates that are really nice
so definitely
make sure you understand what's behind the curtain
and then the other thing we see a lot of is
carriers have security score cards
or some kind of a third party security test
to determine those major risk factors
and the likelihood insuberity of such losses
so they'll break them down into categories
such as application
endpoint network patching
and what i like about them is they're really great
to get in front of the executive team
to really understand
what is happening behind the curtain with the it team
so a lot of times those are offered from the carrier
and then maybe not so much the carrier side
but depending on your broker
they may have some capabilities on benchmarking limits
so it's so funny
the standard policies
a million dollars for everything
i need a million dollars
and nobody really stops and asks
is that too much
or is that too little
and when i look at some studies
the net d study showed that the increase cost
or the average cost of a business income loss now
is one point two million dollars
which is doubled from two thousand twenty one
think the benchmarking is becoming more of a trend
and things that are that are that are being discussed
higher limits maybe carving your policy up
understanding the sub limits
so those are some of the benefits carriers and
and i would add brokers are
are providing to their clients now
well you know
last question i have for you is
for those organizations that have a policy in place
but they don't really know what they have
what should they ask about their policy right now
what should they make sure they start getting answers
to to ensure
they have the right coverage in the first place
as we all know
a lot of organizations like you just mentioned
are underinsured
what can they ask specifically to their agent
or broker to make sure things are shored up
they should just read every page of their policy
front and back
that's what i do
you know you do
i know everybody
read it again
ten twelve times over
yeah absolutely yeah
i would say you know understand the trends right
social engineering and ransom are huge
make sure you understand what your limits are
how the deductible works
but coverage options are big
so most large brokers or large wholesalers
create a mandatory endorsements
that are added to the baseline cyber policies
and basically
it's a bunch of cyber experts
negotiating proprietary forms that broaden coverage
which can be very valuable
in this sort of changing landscape
some of the
some of the things that
that come up or
and how does your policy respond to
biometric privacy right
does your policy cover violations of privacy
regulations pertaining to wrongful collection of data
absent security or privacy incident
um does your policy have an exclusion
with respect to war with nation state attacks right
does your social engineering policy
have a callback provision
so really understanding the exclusions
and the endorsements
and what additionally is available
these policies are changing a lot
and if you're switching from company a to company v
with your renewal
understand that there are sixteen ensuring agreements
within the modern day cyber policy
and there is no standardization
of policy language at all
so the definitions
the nomenclature
everything is different
and so when you're switching
be asking questions
and if possible
your broker
should be doing some type of a coverage audit
at least on a thirty thousand foot level
to kind of square everything up
and make sure you understand
some of these differences
and some of these options
and then lastly
because the underwriters are asking about
contractual risk transfer
i would be starting to have those conversations
with your broker on
what does that look like
if i have a
if all i have is an msp
and i have a claim
they take care of everything right
i'm totally indentified
make sure you understand your contracts
and just like we see with suppliers
vendors subs
transfer that risk downhill
it's okay to put some contractual requirements in place
that those parties carry
cyber policies
as broad as yours
so that when there is an event
you can play nice in
the sandbox
you're not leaning each other's properties
i've seen it all
so i think we're headed that direction
and so you know
good coverage
understanding what you have
and then it's not going to slow down
there's more requirements coming
that's just today
i don't know what it'll look like next year
they may require more information
but this landscape requires a little bit of time
just to understand how it is changing
well for those of you listening
if your insurance broker
hasn't reached out to you in the last couple years
to ask about what you're doing around the cyber realm
might be time to
take this seriously and really look into your coverage
and maybe even a broker that really focuses on cyber
at least for that portion
because it's critical
people are using them left and right
so it's certainly
certainly something you want to have in place
and make sure it's
it's put together the right way
so thank you for joining us adam
great to have you
how would people reach out to you
if they want to know more
wanna you know
and want your two cents about their coverage
or anything like that
what's best way to get a hold of you
yeah you can either call the office or send me an email
a gyton agy t o n at paine west com that's p a y n e
and then just give me a call
two o eight two one five five six
one five if that works
so question adam
before zach leaves
if i got hit with ransomware right now
and i don't have cyber insurance
could i call you for help
or is it too late for me
you know it's it's
it's probably
it's probably too late
so it's something you got to jump on ahead of time
but if you still need someone to talk to and
you're looking for some directions and things like that
free to reach out
but i can't do anything other than feel sorry for you
and you know what
it could have
should have moments but
it's i think you'll offer some tissue right
you'll offer some tissue and say
you probably should have had that coverage
well that's awesome
that's good to know that we have some emotional support
i might need to cry
yeah you will you will
but yeah it is
this is an important topic so we're
we're glad to dive into a little bit
so those are some great stats adam
appreciate you sharing the
the insights
i'm sure there's so much more we can go into
but unfortunately
we're limited on time on the episodes so we will
stop it there
and just want to thank everybody
for listening to cyber ranch podcasts
be sure you give us a rating
share it with your friends
and reach out
and let us know what topics are of interest to you
what you want
us to cover in the future
we are glad to do it
our mission here is really to get good information out
to the people that need it
that are working hard to protect their organizations
to get their organizations compliant
and that's really what this is all about
really our ultimate mission
of protecting the backbone of the american economy
and our way of life
which to us is mid market and emerging companies
so that's enough of my rant for the episode
thanks again
and we'll see you on the next one
pick up your copy
of the cyber ants book on amazon today
and if you're looking to take your cyber security
program to the next level
visit us online at
silentsector com
join us next time
for another edition of the cyber rants podcast