Chattinn Cyber
“Best Practices: How to Protect Your Business Against Bad Actors & Cyber Threat”
Tech-related business insurance is evolving fast and Anthony Dolce, our guest on this episode of Chattinn Cyber, is a thought leader at the forefront. As head of Professional Liability & Cyber Underwriting at The Hartford, he brings 25 years of industry expertise to the myriad issues shaping policy development and recommended coverages for businesses – whether tech giants or third-party users of technology. Anthony explains the differences between Cyber and Tech Errors & Omissions (E&O) policies – as well as who needs which and in what combination. He also highlights for Host March Schein, National Co-Chair of the Cyber Center for Excellence, the confluence of factors that make tech companies such attractive targets for threat actors. You’ll learn about the most common – and damaging – cyber liabilities out there; things like network attacks, ransom ware assaults, data breaches, business interruption, data restoration costs and third-party vulnerabilities. And don’t miss our guest’s comprehensive list of best practices to control risk for companies of all kinds, whatever their core business. “Nothing’s a silver bullet, but you can help mitigate potential exposure,” says Anthony, whose Connecticut-based career began in claims before migrating to underwriting. Find out what differentiates The Hartford’s Tech E&O and Cyber insurance solutions and how their team of experts guarantee insureds the best possible outcomes when privacy breaches, data hacks or other negative events occur. (Hint: specialized expertise and preparedness are key!)
Key Takeaways:
- Why taking a leap and moving to the business side at The Hartford was one of those pivotal choices that changed the course of Anthony’s career – and all too the good!
- From claims to underwriting: How Anthony made the jump and why it has shifted his focus.
- About the collaborative, social elements that define much of the underwriter’s process and goals.
- What’s a Cyber Policy? If you’re doing business of any kind on the internet, then you probably need some form of coverage.
- What’s a Tech E&O Policy? If you providing a tech service of some kind, then you probably need some form of coverage.
- At the intersection: A look at insurance policies that simultaneously cover exposures in the realms of both Cyber and Tech C&E exposure.
- About the evolution of Tech E&O + Cyber and coverages required in an internet economy full of data transmittal, management and risk exposures.
- Why large technology companies are such high-value targets for threat actors eager to double-dip by accessing downstream secondary client information.
- How The Hartford differentiates itself as an established carrier with a wide array of solutions for any business eventuality:
- Stand-alone Tech E&O coverage.
- Tech E&O coverage + cyber coverage.
- A wide variety of mix-and-match options.
- Specialized tech expertise to ensure optimal insurance outcomes.
- Stand-alone Tech E&O coverage.
- About potential cyber liabilities unique to technology firms:
- Network cyber-attacks.
- Ransom ware attacks.
- Data breaches (and related extortion).
- Business interruption.
- Data restoration costs.
- Professional/product exposure due to third-party contractual, regulatory or subrogation issues.
- Network cyber-attacks.
- Supply chain and systemic risk: A closer look at the variety of vulnerabilities passed down to companies impacted by global industry events.
- Recommended best practices to note:
- Perform regular software composition analyses.
- Deploy tools to track vulnerabilities.
- Undertake regular code reviews, including both static and dynamic scans.
- Implement regular in-house or third-party security and resiliency testing.
- Develop a solid IRP (Incident Response Plan).
- Ensure that your cyber insurance carrier is an integral part of your IRP.
- Stage incident response table-top exercises to align all stakeholders.
- Establish a roll-back plan to close vulnerabilities and limit negative events.
- Monitor your product and its resiliency.
- Perform regular software composition analyses.
- Remember: There are no silver bullets; only solid preparation maximizes risk mitigation and rapid recovery.
- Key Quotes:
- “You only get so many pivots in your career, as I tell junior folks, and so I jumped at the challenge to be on the business side (at The Hartford) and I’m happy I did.” – Anthony (01:50)
- “With underwriting, everyone is generally trying to get to a point where there’s agreement, a deal, a win. And that’s one of the things I really like about it.” – Anthony (02:54)
- “When breach and notification laws came into existence when California passed its first law around 2000, you started to have the need for a number of different coverages both for first-party and third-party.” – Anthony (05:49)
- “Tech companies accounted for nearly a quarter of ransom ware attacks within the last few years … and part of that is that they’re just a very attractive target by virtue of their interaction with clients and what they do.” – Anthony (08:32)
- “You really do need specialized tech expertise (to) get the best result for your insureds and guide them through what can sometimes be a complicated scenario with both first-party and third-party coverages, depending on what’s happened.” – Anthony (10:34)
- “One of the biggest areas of concern when I speak to general folks in the cyber marketplace is supply chain and systemic risk.” – Marc (12:42)
- “Make sure you’re making your cyber carrier an integral part of (your) IRP. Utilize their resources and their claims folks, because they’re in-house experts at what they do.” – Anthony (15:46)
- “For an incident response plan to be good, you need to test it and make sure that the decision-makers are in the loop.” – Anthony (16:03)
- “Nothing’s a silver bullet but you can help mitigate potential exposure.” -Anthony (16:50)
ABOUT OUR GUEST:
An insurance professional with 25 years of experience in law and a wide variety of insurance-related positions in North America, Anthony has handled thousands of cyber and privacy matters and frequently speaks and writes on legal/insurance related issues. He has also managed teams handling a variety of lines of business including Cyber, Healthcare, Technology, Media, Employment Practices Liability, Errors & Omissions and Directors & Officers liability. Anthony is a graduate of UCONN Law School and a member of the Connecticut bar.