In Partnership with
Building cyber resilience through business continuity
As cyber risks become more prevalent, companies must adopt comprehensive business continuity plans and ensure their cyber insurance policies effectively cover both malicious and non-malicious incidents
Tina Levine
Tokio Marine HCC – Cyber & Professional Lines Group
Industry experts
Adam Malone
Kroll
Kelly Geary
Epic Insurance
Adam Abresch
Acrisure
Tina Levine is the vice president of cyber underwriting product management at Tokio Marine HCC – Cyber & Professional Lines Group (CPLG), a member of the Tokio Marine HCC group of companies based in Houston, Texas, where she has held the role since October 2021. She has over a decade of experience in the cyber insurance industry, including various leadership positions in underwriting. Levine holds a bachelor’s degree in sociology from the University of California, Davis.
Tokio Marine HCC – Cyber & Professional Lines Group
Tina Levine
Adam Malone is global head, acute events in the cyber risk practice, based in Atlanta. Malone leverages more than two decades of experience in cybersecurity and technology leadership roles. He is a former cyber-focused FBI special agent and a veteran of the US Air Force. At Kroll, Malone deals with cyber crisis and transactional matters, including incident response and investigations, cyber readiness, cyber due diligence, and cyber risk management in M&A and divesture transactions.
Kroll
Adam Malone
Kelly Geary is a managing principal at EPIC Insurance Brokers and Consultants in the New York City area, bringing 30 years of experience in the insurance industry. As the national practice leader for professional executive & cyber solutions and divisional leader for Lemme, a Division of EPIC, she focuses on specialty insurance products. Geary began her career as an insurance defense and coverage attorney in New York City before transitioning to roles in claims, underwriting, compliance, and legal departments at various insurance carriers. Her extensive background includes evaluating cyber and executive risks and developing tailored insurance products to address these challenges.
Epic Insurance
Kelly Geary
Adam Abresch is responsible for designing custom cyber insurance and cybersecurity solutions for Acrisure clients across the globe. As a frequent speaker and thought leader on cyber risk, Abresch has led featured presentations at NetDiligence, the Professional Liability Underwriters Society (PLUS) Cyber Conference, and the New Jersey and New York City Bar Associations. He graduated from the University of North Carolina at Chapel Hill and maintains a certified insurance counselor (CIC) designation and a cyber COPE insurance certification (CCIC) from Carnegie Mellon/Chubb. He was the recipient of NetDiligence’s 2019 Toby Merrill Rising Star Award. Previously, Abresch served as the Acrisure cyber practice leader as well as the northeast regional growth leader.
Acrisure
Adam Abresch
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Vault Plus Mortgage and Finance Consultancy
David Merison
“With CrowdStrike, companies suddenly realized how dependent they were on third parties to run their own business. From a broking perspective, that event pushed us to ask deeper questions – not just about a client’s direct exposures but also about their dependencies”
Adam Abresch,
Acrisure
IN TODAY'S digital landscape, cyberattacks pose significant risks to organizations worldwide, and their frequency is on the rise. While malicious attacks – like ransomware and phishing schemes – have long captured headlines and underscored the critical need for robust cybersecurity measures, the increasing prevalence of non-malicious cyber incidents marks a notable shift in the threat landscape. The recent CrowdStrike incident serves as a poignant example of this trend.
“One important aspect of business continuity planning is whether it is regularly tested and communicated. It’s crucial that the entire organization is aware of the plan and understands their role in maintaining operations during disruptions”
Tina Levine, Tokio Marine HCC – CYBER & PROFESSIONAL LINES GROUP
“Good third-party risk practices can provide significant value. It’s essential to understand the companies you work with, their reputations, and to ask insightful questions about their software development practices and what protections they have in place”
Adam Malone, Kroll
Non-malicious cyber incidents often stem from human error, system vulnerabilities, or unintentional oversights, leading to data breaches and operational disruptions without any malicious intent. As organizations face these escalating threats – compounded by increasingly complex IT environments and the rapid shift to cloud services – the need for comprehensive cyber insurance and proactive risk management strategies that account for non-malicious events is critical.
�“More than ever, companies need to treat events like CrowdStrike as a chance to evaluate their own �
“Cyber insurance policies are largely non-standard and relatively new, despite being around for 20 years. Brokers must thoroughly evaluate coverage, especially for non-malicious incidents and traditional ransomware attacks, to ensure comprehensive protection,” warned Kelly Geary, managing principal at EPIC Insurance Brokers and Consultants.
�Furthermore, brokers must pay close attention to the definitions contained within these policies. Abresch highlighted this by stating, “It is important to consider what is defined as an ‘outsourced service provider’ in your policy’s language. Different insurers may also have varying definitions for what constitutes an ‘event.’”
A precise understanding of these definitions enables brokers and businesses to identify which incidents are covered and which may be excluded. �
Echoing this sentiment, Abresch remarked, “It’s essential to include representatives from each relevant team in the development of a business continuity plan. This collaborative approach is one of the most effective mitigation strategies you can implement.”
�Reflecting on observed gaps in BCPs, Geary highlighted that effective communication is not only crucial internally – among employees – but also externally, with customers, clients, business partners, and vendors.
�“How are you controlling that message? We live in an era where social media holds immense power, and if you’re not careful about your messaging and its consistency, you could risk significant reputational damage,” she cautioned.�
“What are they relying on to operate … IT, software, or third-party vendors? And, crucially, what happens if those systems go down? How will they respond effectively and efficiently to minimize disruption?”
�Featuring insights from leaders across the US cyber insurance sector, this report underscores how businesses can better tackle vulnerabilities and prepare themselves against non-malicious incidents. The urgency for organizations to address these risks is evident, as safeguarding sensitive data and ensuring business continuity have become vital in an increasingly unpredictable digital landscape.
�
When evaluating the best offerings for clients, Tina Levine, VP of cyber and tech underwriting product management at Tokio Marine HCC – Cyber & Professional Lines Group, encourages brokers to explore the value-added services that insurers provide. “We should be asking, what else can we do? What else can the carrier offer in the event of an incident?”
�This exploration is crucial and should include assessing whether the insurer provides valuable services such as a 24/7 in-house claims department, an incident response team, and ongoing network scanning capabilities. Levine also suggests evaluating whether carriers offer pre- and post-incident response services.�
As companies become increasingly interconnected and depend on outsourcing for
greater efficiency, brokers play a vital role in helping clients understand their partners and how they operate to effectively address cybersecurity risks throughout the supply chain.
Read on
organization is aware of the plan and understands their role in maintaining operations during disruptions.”
Accordingly, the responsibility for a BCP should never rest solely on one department within an organization. In the event of emergencies, effectively disseminating a BCP enables organizations to benefit from enhanced collaboration, a holistic understanding of risks, faster response times, and optimized resource allocation.
�“In the past, business continuity and disaster recovery planning traditionally sat within the IT department, almost as if it were their sole domain,” emphasized Geary. “As businesses increasingly rely on technology for everything we do, it becomes imperative to include everyone in the process of business continuity planning, disaster recovery, and incident response.”�
Tokio Marine HCC is a member of the Tokio Marine Group, a premier global company founded in 1879 with a market capitalization of $73 billion as of June 30, 2024. Headquartered in Houston, Texas, Tokio Marine HCC is a leading specialty insurance group with offices in the United States, Mexico, the United Kingdom, and Europe. Its major domestic insurance companies have financial strength ratings of A+ (Strong) from S&P Global Ratings, A++ (Superior) from AM Best, and AA- (Very Strong) from Fitch Ratings; its major international insurance companies have financial strength ratings of A+ from S&P Global Ratings. Tokio Marine HCC is the marketing name used to describe the affiliated companies under the common ownership of HCC Insurance Holdings, Inc., a Delaware-incorporated insurance holding company. For more information, please visit www.tokiomarinehcc.com.
Find out more
As the leading independent provider of risk and financial advisory solutions, Kroll leverages our unique insights, data, and technology to help clients stay ahead of complex demands. Kroll’s team of more than 6,500 professionals worldwide continues the firm’s nearly 100-year history of trusted expertise spanning risk, governance, transactions, and valuation. Our advanced solutions and intelligence provide clients the foresight they need to create an enduring competitive advantage. At Kroll, our values define who we are and how we partner with clients and communities. Learn more at kroll.com.
Find out more
A global fintech leader, Acrisure empowers millions of ambitious businesses and individuals with the right solutions to grow boldly forward. Bringing cutting-edge technology and top-tier human support together, it connects clients with customized solutions across a range of insurance, reinsurance, payroll, benefits, cybersecurity, mortgage services – and beyond. In the last 11 years, Acrisure has grown in revenue from $38 million to almost $5 billion and employs over 17,000 colleagues in 21 countries. And this is just the beginning. To learn more, visit Acrisure.com.
Find out more
In Partnership with
Building cyber resilience through business continuity
As cyber risks become more prevalent, companies must adopt comprehensive business continuity plans and ensure their cyber insurance policies effectively cover both malicious and non-malicious incidents
Read on
Adam Abresch
Acrisure
Kelly Geary
Epic Insurance
Adam Malone
Kroll
Tina Levine
Tokio Marine HCC – Cyber & Professional Lines Groupokio Marine HCC – Cyber & Professional Lines Group
Industry experts
Tina Levine is the vice president of cyber underwriting product management at Tokio Marine HCC – Cyber & Professional Lines Group (CPLG), a member of the Tokio Marine HCC group of companies based in Houston, Texas, where she has held the role since October 2021. She has over a decade of experience in the cyber insurance industry, including various leadership positions in underwriting. Levine holds a bachelor’s degree in sociology from the University of California, Davis.
Tokio Marine HCC
Tina Levine
Adam Malone is global head, acute events in the cyber risk practice, based in Atlanta. Malone leverages more than two decades of experience in cybersecurity and technology leadership roles. He is a former cyber-focused FBI special agent and a veteran of the US Air Force. At Kroll, Malone deals with cyber crisis and transactional matters, including incident response and investigations, cyber readiness, cyber due diligence, and cyber risk management in M&A and divesture transactions.
Kroll
Adam Malone
Kelly Geary is a managing principal at EPIC Insurance Brokers and Consultants in the New York City area, bringing 30 years of experience in the insurance industry. As the national practice leader for professional executive & cyber solutions and divisional leader for Lemme, a Division of EPIC, she focuses on specialty insurance products. Geary began her career as an insurance defense and coverage attorney in New York City before transitioning to roles in claims, underwriting, compliance, and legal departments at various insurance carriers. Her extensive background includes evaluating cyber and executive risks and developing tailored insurance products to address these challenges.
Epic Insurance
Kelly Geary
Adam Abresch is responsible for designing custom cyber insurance and cybersecurity solutions for Acrisure clients across the globe. As a frequent speaker and thought leader on cyber risk, Abresch has led featured presentations at NetDiligence, the Professional Liability Underwriters Society (PLUS) Cyber Conference, and the New Jersey and New York City Bar Associations. He graduated from the University of North Carolina at Chapel Hill and maintains a certified insurance counselor (CIC) designation and a cyber COPE insurance certification (CCIC) from Carnegie Mellon/Chubb. He was the recipient of NetDiligence’s 2019 Toby Merrill Rising Star Award. Previously, Abresch served as the Acrisure cyber practice leader as well as the northeast regional growth leader.
Acrisure
Adam Abresch
In Partnership with
Building cyber resilience through business continuity
As cyber risks become more prevalent, companies must adopt comprehensive business continuity plans and ensure their cyber insurance policies effectively cover both malicious and non-malicious incidents
Read on
Industry experts
Adam Abresch is responsible for designing custom cyber insurance and cybersecurity solutions for Acrisure clients across the globe. As a frequent speaker and thought leader on cyber risk, Abresch has led featured presentations at NetDiligence, the Professional Liability Underwriters Society (PLUS) Cyber Conference, and the New Jersey and New York City Bar Associations. He graduated from the University of North Carolina at Chapel Hill and maintains a certified insurance counselor (CIC) designation and a cyber COPE insurance certification (CCIC) from Carnegie Mellon/Chubb. He was the recipient of NetDiligence’s 2019 Toby Merrill Rising Star Award. Previously, Abresch served as the Acrisure cyber practice leader as well as the northeast regional growth leader.
Acrisure
Adam Abresch
Kelly Geary is a managing principal at EPIC Insurance Brokers and Consultants in the New York City area, bringing 30 years of experience in the insurance industry. As the national practice leader for professional executive & cyber solutions and divisional leader for Lemme, a Division of EPIC, she focuses on specialty insurance products. Geary began her career as an insurance defense and coverage attorney in New York City before transitioning to roles in claims, underwriting, compliance, and legal departments at various insurance carriers. Her extensive background includes evaluating cyber and executive risks and developing tailored insurance products to address these challenges.
Epic Insurance
Kelly Geary
Adam Malone is global head, acute events in the cyber risk practice, based in Atlanta. Malone leverages more than two decades of experience in cybersecurity and technology leadership roles. He is a former cyber-focused FBI special agent and a veteran of the US Air Force. At Kroll, Malone deals with cyber crisis and transactional matters, including incident response and investigations, cyber readiness, cyber due diligence, and cyber risk management in M&A and divesture transactions.
Kroll
Adam Malone
Tina Levine is the vice president of cyber underwriting product management at Tokio Marine HCC – Cyber & Professional Lines Group (CPLG), a member of the Tokio Marine HCC group of companies based in Houston, Texas, where she has held the role since October 2021. She has over a decade of experience in the cyber insurance industry, including various leadership positions in underwriting. Levine holds a bachelor’s degree in sociology from the University of California, Davis.
Tokio Marine HCC
Tina Levine
Share
Share
Share
What are non-malicious cyber events?
Published Oct 28, 2024
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
US
Copyright © 2024 KM Business Information US, Inc
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
US
Copyright © 2024 KM Business Information US, Inc
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
US
Copyright © 2024 KM Business Information US, Inc
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Know your partners, know your policy
preparedness to improve resilience for future incidents,” said Adam Malone, global head of acute cyber risk events at Kroll.
Reflecting on key takeaways from the recent tech outage, Adam Abresch, EVP, cyber solutions at Acrisure, shared, “With CrowdStrike, companies suddenly realized how dependent they were on third parties to run their own business. From a broking perspective, that event pushed us to ask deeper questions – not just about a client’s direct exposures but also about their dependencies.
Malone emphasized the significance of robust third-party risk management, stating, “Good third-party risk practices can provide significant value. It’s essential to understand the companies you work with, their reputations, and to ask insightful questions about their software development practices and what protections they have in place.”
�As cyber threats continue to evolve, so too do the policies aimed at mitigating non-malicious risks. With a diverse range of products available in the market, it is essential for brokers to scrutinize their clients’ cyber policies.�
Misinterpretation can lead to gaps in coverage, including exclusions for specific vendors, a failure to account for certain supply chain risks, and inadequate liability coverage for data breaches caused by third-party vendors, among others.
By focusing on these elements, brokers can cultivate a relationship with insurers that goes beyond mere policy, fostering a genuine partnership aimed at supporting clients throughout the entire risk management process. This approach enhances clients’ confidence in their coverage and helps ensure the resilience of their ongoing business operations.
“Cyber insurance policies are largely non-standard and relatively new, despite being around for 20 years. Brokers must thoroughly evaluate coverage, especially for non-malicious incidents and traditional ransomware attacks, to ensure comprehensive protection”
Kelly Geary,
Epic Insurance
The role of business continuity plans
In addition to helping businesses understand the benefits of their cyber insurance policies, brokers play a crucial role in assisting clients with other risk mitigation tactics, such as business continuity plans (BCPs). A BCP outlines the procedures and protocols that a company will follow to ensure operations can continue during and after a disruptive event.
�As shared by Levine, effectively communicating business continuity plans throughout an entire organization can significantly mitigate the impacts of cyber incidents.
�“One important aspect of business continuity planning is whether it is regularly tested and communicated. It’s crucial that the entire �
The importance of robust risk management
Source: SecurityScorecard
98%
of companies are associated
with a third party that has
experienced a breach
HELP NET SECURITY
Brokers should actively encourage their clients to develop and regularly update their business continuity plans (BCPs). Key components include:
Essential components of BCPs
Risk assessment: Conduct a thorough analysis to identify potential cyber risks and vulnerabilities within business operations. Understanding these threats allows for a tailored approach, ensuring the plan effectively addresses specific challenges.
Response strategies: Develop clear procedures for responding to various cyber incidents. This includes comprehensive communication plans, emergency protocols, and detailed recovery steps that guide the organization through crisis situations.
Training and drills: Implement regular training sessions and simulation drills to ensure all employees are familiar with their roles during an incident. This preparedness fosters confidence and promotes a culture of resilience within the organization.
Regular reviews and updates: Recognize that business environments are dynamic. Schedule periodic reviews of the BCP to account for changes in operations, technology, and emerging risks, ensuring the plan remains relevant and effective.
Comprehensive communication: Ensure that the BCP message reaches every part of the organization, as well as key stakeholders and partners. Keeping everyone informed and up to date on the plan promotes a unified approach to business continuity and enhances overall preparedness.
