Cyber threats are becoming more sophisticated and harder to detect, according to Kelly McGuinness, a leader in cyber technology at CFC Group. In a recent discussion, she highlighted how artificial intelligence has changed the landscape of cyberattacks. Gone are the days when phishing emails and basic malware were the main concerns. Today, cybercriminals are using advanced tools that make their attacks more professional and difficult to identify.
McGuinness pointed out that ransomware, which used to require a certain level of skill, is now available as a service for anyone to buy. This means that even those with limited technical knowledge can launch serious attacks. The use of generative AI allows these attackers to craft convincing messages, making it harder for victims to spot them. Traditional markers of phishing, like spelling mistakes, are no longer reliable indicators of a threat.
The nature of cyberattacks is also changing. There is a noticeable shift from stealing data to disrupting operations. McGuinness noted that these new attacks can severely impact business continuity and lead to more significant claims. As a result, the way insurance companies assess risk is evolving. Underwriting is no longer just about setting prices; it now requires a deep understanding of cybersecurity practices and constant updates to keep pace with new threats.
In the past, underwriting was a straightforward process, but the rapid shift to digital operations during the pandemic has forced insurers to adapt quickly. Underwriters are now expected to evaluate a company’s cybersecurity measures, such as multi-factor authentication and network segmentation, as part of their risk assessments.
Collaboration is becoming essential in the cyber insurance industry. Insurers are working closely with internal experts and external partners to stay informed about the latest threats. CFC has launched a Masterclass program to help brokers understand cyber risks better.
Unlike other types of insurance, cyber coverage does not fit neatly into traditional models. Success in this field relies on investing in people and innovative products. CFC’s new CPR product, for example, has removed several typical exclusions and introduced unique coverages.
Despite the growing importance of cyber insurance, only about 10% of Canadian businesses currently have standalone policies. McGuinness sees this as a significant gap that needs to be addressed. She believes that improving communication around the importance of cyber insurance is just as crucial as developing better products.
As cyber underwriting merges more with risk advisory, insurers are taking a proactive approach. They are not just responding to claims but also advising clients on improving their overall cybersecurity. This is especially important for small and midsize businesses, which often struggle with resource allocation.
CFC is implementing proactive measures like vulnerability scans and dark web monitoring. They are also collaborating with law enforcement to track trends among cybercriminals. McGuinness emphasizes that cyber insurance today is about building a partnership with clients, focusing on prevention as well as protection. It’s not just about coverage; it’s about working together to create a safer digital environment.