DATA SECURITY

Coalition Launches Captive to Accelerate its Growth in Cyber Insurance

Coalition | December 14, 2021

Coalition Launches Captive to Accelerate its Growth in Cyber Insurance
Coalition, the world's largest commercial insurtech provider, today announced it will launch a new captive to begin taking risk on its cyber insurance programs. With this captive, Coalition will enhance its ability to manage capacity and its long-term growth objectives while further aligning incentives with its customers.

Coalition's technology-driven approach is powering a new, more successful model of risk management, which has resulted in policyholders experiencing 70% fewer cyber claims when compared to other carriers in the market. In 2021, the success of Coalition's underwriting model was validated by long-term capacity agreements from multiple A+ rated carriers. Coalition has delivered superior claims results amidst significant growth as it crosses $400M in run rate premium, an 800% increase over the prior year.  

"Today's announcement demonstrates our unwavering commitment to protecting businesses from cyber risk, and our confidence in Coalition's approach to underwriting and risk management,Coalition provides businesses with the most comprehensive insurance available backed by the financial strength of multiple A+ rated insurers. With our new captive, we add another layer of security and stability, and more closely align our financial incentives with our customers."

Shawn Ram, Head of Insurance at Coalition

Dovid Tkatch, Coalition's recently appointed Head of Insurance Infrastructure and Actuarial Science, will support development of the captive as well as oversee pricing, reserving, capital requirements, and regulatory compliance.

Coalition's broker platform integrates real-time security, financial, regulatory, and transactional data to create a seamless quoting experience where brokers can generate bindable quotes in just 5 minutes. Today Coalition serves over 130,000 customers with digitally-powered insurance that can leverage vast amounts of data to assess, mitigate, and measure risk for businesses.


About Coalition

Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. Backed by leading global insurers Swiss Re Corporate Solutions, Arch Insurance, Lloyd's of London, and Zurich North America, Coalition provides companies with up to USD $15 million of cyber and technology insurance coverage in the United States, CAD $20M of coverage in Canada, and up to USD $5 million of D&O and EPL coverage in the United States. Coalition's cyber risk management platform provides automated security alerts, threat intelligence, expert guidance, and cybersecurity tools to help businesses remain resilient in the face of cyber attacks.

Spotlight

Many Linux users believe their systems are “secure by design”, but this could not be further from the truth. This infographic shows the evolution and rise of Linux malware, from the earlier virus to today’s advanced attacks.

Related News

SAM Seamless Network Joins the Telecom Infra Project and Demonstrates Network Security Leadership in Wi-Fi Project Group

SAM Seamless Network | June 22, 2020

SAM Seamless Network, a pioneer in home and SMB network security, has joined the Telecom Infra Project (TIP) Wi-Fi Project Group in order to collaborate with industry peers to transform the managed Wi-Fi sector, and provide intelligent and intuitive security services.The goal of TIP's Wi-Fi Project Group is to increase the pace of innovation in the Wi-Fi ecosystem, developing disaggregated end-to-end Wi-Fi solutions which will lower the total cost of ownership and offer more diverse choice of cloud driven connectivity solutions for to service providers and IT personnel who deploy Wi-Fi networks for SMB Enterprises, Campuses, Homes, Public Wi-Fi, among others. TIP is growing rapidly and includes industry leaders like Vodafone, Telefonica, Deutsche Telekom, British Telecom, Facebook and Intel and many others.Developing a new software platform using secure software development life cycle tools and deep cybersecurity expertise is critical for market adoption and assurance in the project's security posture. SAM intends to play a substantive role in TIP's Wi-Fi Project Group and plan to lead the open software AP security effort relying on SAM's extensive embedded security expertise and field experience.

Read More

Abnormal Security Finds phishing emails Designed to Spoof Notification Messages from Microsoft Teams

Microsoft | May 04, 2020

Attackers are exploiting the surge in the use of Microsoft Teams in an attempt to trap unsuspecting users, says Abnormal Security. Since Microsoft Teams is linked to Microsoft 365 and Office 365, any credentials stolen in the scam could be used to sign into other Microsoft accounts and services. The landing pages that host the phishing pages were created to look just like the real Microsoft pages. Cybercriminals have been taking advantage of virtually every aspect of the coronavirus to try to increase business. Among other consequences, the need to quarantine and work from home has triggered a surge in demand for virtual meeting and video chatting apps, including the business-oriented Microsoft Teams. A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials. The first campaign started on April 14 and went on for two days but hasn't been since since, according to Kenneth Laio, vice president of Cybersecurity Strategy at Abnormal Security. The second campaign began on April 29, lasted a few hours, and has not been recorded since then. The phishing emails were sent to Abnormal customers in such industries as energy, retail, and hospitality, Laio said. However, the attacks weren't targeted to any specific company or industry and, in fact, were designed in a generic way so they could be launched against anyone. The landing pages that host the phishing pages were created to look just like the real Microsoft pages. The images were copied from actual Microsoft notifications and emails, according to Abnormal Security. Plus, the sender email comes from a domain called "sharepointonline-irs.com," which may look legitimate at first glance, but is not registered either by Microsoft or the IRS. Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY. We would advise organizations and their employees to double-check the sender name and address for messages or notifications coming from Microsoft Teams. ~ Kenneth Laio, vice president Abnormal Security The images can be especially convincing on a mobile device where they take up most of the content on the screen. Further, users who are accustomed to notifications from Microsoft and other vendors might fail to investigate the messages and simply take the bait. Since Microsoft Teams is linked to Microsoft 365 and Office 365, any credentials stolen in the scam could be used to sign into other Microsoft accounts and services. To help organizations defend themselves and their employees from these Microsoft Teams phishing scams, Laio offers two pieces of advice. The phishing emails were sent to Abnormal customers in such industries as energy, retail, and hospitality, However, the attacks weren't targeted to any specific company or industry. ~ Laio said "We would advise organizations and their employees to double-check the sender name and address for messages or notifications coming from Microsoft Teams," Laio said. "For both campaigns, the sender names are innocuous ('chat content' and 'work flow'), but the email addresses that they are sent from have no relation to Microsoft, Microsoft Teams, or the organization itself. "In addition, we would advise everyone to always double check the web page's URL before signing in. Attackers will often hide malicious links in redirects or host them on separate websites that can be reached by safe links. This allows them to bypass link scanning within emails by traditional email security solutions. Learn more: CORONAVIRUS MALWARE ROUNDUP: WATCH OUT FOR THESE SCAMS. v

Read More

Stop Measuring Your Cybersecurity in Terms of Budget

DCMS | May 11, 2020

Almost every month there is a new report detailing how firms are increasing their cybersecurity budgets, or buying the latest tech to help defeat hackers. The typical way that companies have looked to improve their cyber capabilities is by investing in the latest tech to help protect their networks. Clearly measuring how strong your cybersecurity is can no longer be done by how much money is spent on it each year. The last decade has seen an explosion in cybersecurity spending, with the global market now valued at $112bn in 2019. Almost every month there is a new report detailing how firms are increasing their cybersecurity budgets, or buying the latest tech to help defeat hackers, but is this correlating with a reduction in cybercrime? A recent report found that while 85 percent of companies rated their security stack incredibly highly, 86 percent of them had still suffered a data breach in the last 12 months. Clearly there is a disconnect between how companies are measuring their cybersecurity readiness and achieving effective security in reality. The typical way that companies have looked to improve their cyber capabilities is by investing in the latest tech to help protect their networks. While these systems are effective, they still require employees with the sufficient skills to work them properly. Given that the DCMS recently found that 48 percent of UK businesses struggled to find employees with basic cyber skills, for example being able to configure a firewall correctly, it seems unlikely that the majority of companies are getting the most out of these tools. Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY . “Measuring human cybersecurity readiness is difficult to do. Currently, companies have had to rely on certifications for measuring ability, which quickly become outdated as hackers develop new techniques almost daily”. Experts often say that one of the best ways of defending your network is educating employees to be on the lookout for risks. However, often many businesses are not taking their human cyber readiness into account. This is because they are unable to effectively measure the skills of their cyber team. Measuring human cybersecurity readiness is difficult to do. Currently, companies have had to rely on certifications for measuring ability, which quickly become outdated as hackers develop new techniques almost daily. “ If an organization is unable to tell how strong its team is at cybersecurity, it will always be behind the hackers who are looking to steal its information”. However, failing to measure your human readiness companies can open themselves up to increased risk. For example, many organizations carry out breach simulations to provide crucial experience for the day when there is a real attack. However, businesses rarely measure how well their teams coped with each scenario and what training and actions should come from it. If an organization is unable to tell how strong its team is at cybersecurity, it will always be behind the hackers who are looking to steal its information. In the past, the only measure companies had to judge their employees was through what certificates they held. This led to hiring professionals on huge salaries who have been working in the industry for many years and have secured the correct qualifications. Just because they have a certificate does not mean they are necessarily better at handling a threat as the most junior person on the team. This is because it is impossible to know who is best to handle a response simply by looking at certificates. The junior member could have had more recent experience in handling that type of threat, or recently read about the latest techniques. By being able to continually measure who in the team is stronger at certain tasks can go a long way in improving efficiency in defending against attacks. Often, rather than hiring in the talent from outside their teams, organizations could spend a fraction of the budget and focus on upskilling their own existing staff. Of course, to do this you first need to know what skills your team already has, and where there are gaps that need to be filled. Learn more: CYBER SECURITY GUIDANCE FOR REMOTE WORKING .

Read More

Spotlight

Many Linux users believe their systems are “secure by design”, but this could not be further from the truth. This infographic shows the evolution and rise of Linux malware, from the earlier virus to today’s advanced attacks.