AIG has just announced its new CyberEdge insurance product. It is a combination of risk transfer (insurance), technology-based protections, and a set of web-based tools to help insureds learn about and manage the risk of data loss. Sounds like what I have been calling Cyber 3.0.
I recently had an opportunity to visit with AIG’s John Gambale, Head of Professional Liability & Lexington Financial Lines Executive; U.S. & Canada Region and RiskAnalytics’ Brian Branner, Managing Director, Insurance to discuss this new approach to Cyber insurance. John and Brian briefed me on the concept, how it came about, and the advantages they hope it brings to their insureds.
Q: AIG has just announced its new CyberEdge insurance product. How is this different from more traditional Cyber products?
A: (John) CyberEdge is a comprehensive risk management solution for cyber insurance offered by AIG. The protection that CyberEdge provides is a valuable additional layer to the most powerful first line of defense against cyber threats – a company’s own IT system. We’re taking the coverage that we’ve been offering as a market leader since the late 1990s, and providing additional loss control services including the CyberEdge RiskTool, AutoShun®, and the CyberEdge Mobile App for iPad. By adding our expertise to that of our clients, we are helping them stay ahead of the curve.
A: (Brian) This is the first time real loss prevention solutions have been provided with a cyber insurance policy. Previously, carriers were only admiring the problem and focused on how to best react when a breach occurred. Now, tools are being provided to improve both the network security and human element of cyber risk.
Q: John, what part of the market does this product target?
A: We think it can be useful to all companies, regardless of size or industry, since all have some degree of cyber exposure in a networked world. In fact, our recent study found more than 85% of the 258 decision-makers surveyed said they were very or somewhat concerned about cyber risk’s impact on their organizations, compared with the group’s response to six other areas of risk, including income loss (82% of executives were very or somewhat concerned), property damage (80%), and securities and investment risk (76%).
We can tailor our coverage to meet the needs of almost any organization, but the new value-added services we are providing are particularly relevant to small and mid-size organizations.
Q: John, are there any major coverage differences from your existing products? Will those products remain available?
A:We’re still offering the innovative protection that CyberEdge provides. We are enhancing the product with the additional loss control services, and clients can still customize the coverage they need with the current CyberEdge coverage parts: security and privacy liability insurance, event management insurance, network interruption insurance and cyber extortion insurance.
Q: Brian, AutoShun® sounds like a form of active defense, a concept that we have thought the Cyber insurer might place a high value on. How does it work?
A: AutoShun will be a new layer of security for most organizations. It complements the firewall, Antivirus, IDS/IPS and any other securities an organization may buy, by simply blocking network communications, both incoming and outgoing, from our list of known criminals, who we’ve tracked by IP address for over 14 years. Our list of known criminal IP addresses is typically in the millions and updates about every ten minutes. Our intelligence feed is the real magic behind RiskAnalytics’ services.
Q: Brian, how does this technology differ from other forms of network security that companies may already be buying?
A: AutoShun complements existing securities. But those securities are proving ineffective daily, so rather than looking for signature based infections, AutoShun simply focuses on the source and destination of network communications, and kills communications involving known “bad” IP addresses. If you think of it like the Flu, rather than a shot or medicine to make a sick person healthy, we just keep our clients away from the sick people, to prevent the infection in the first place.
Q: The CyberEdge RiskTool is a novel approach to supporting risk managers. It looks like it takes a more active approach to providing information and tools. What motivated AIG to develop its own portal?
A: (John) By talking to clients, we realized that many of them were looking for a web-based risk management platform that could simplify the risk management process, regardless of the size of the company. The CyberEdge RiskTool is a web portal enabling qualifying CyberEdge policyholders to proactively manage risk management policies, training and compliance to mitigate cyber exposure. The portal provides a simplified process and peace of mind to clients that the risks to their sensitive information and electronic assets are removed, limited or transferred.
AIG is constantly monitoring the cyber landscape and staying at the forefront of the industry as cyber risks continue to evolve which allows our innovation to become our clients’ protection.
A: (Brian) We’ve been developing the RiskTool system with AIG for over a decade on the Environmental and Health/Safety side. Conversely, people, or users, also play a significant role in network security risk and the CyberEdge RiskTool system can directly improve this risk. Inherently, we think users want to do the all “right things” but we often need to educate them as to how their behaviors can actually impact security. Cyber awareness and training are also a requirement for many regulated entities, so we are essentially providing them a simple and cost sensitive solution to both achieve regulatory compliance and be an overall safer risk. Best of all, CyberEdge RiskTool provides a daily training activity report for organizations to prove they were trying to do all the right things and not negligent in their efforts. This is paramount should a breach actually occur.
Q: John, have you considered providing a live “Ask an Expert” capability? That’s one aspect of Cyber value-added services that I think would be really useful.
A: We are always evaluating new ideas to continue to offer innovative value-added services to help our clients stay ahead of the curve.
Q: John, I see there is a CyberEdge app for the iPad; any plans to offer it on the Android platform?
A: Yes. The initial release of our Mobile App for iPad is a first-of-its-kind resource for cyber risk-related information, featuring the latest cyber news, real-time information on data breaches, a breach-cost calculator and a glossary of common cyber terms. For version 2.0, we plan to make the app available for other platforms.
Q: Thank you, John and Brian – where can our readers get more information about this new product?
A: Visit www.aig.com/us/CyberEdge or download the CyberEdge Mobile App for free in the App Store on your iPad.