partner login

BMS News

Cyber Risk – The BMS View

BMS’ Rupert Alabaster, Director Professional & Financial Services, reviews current cyber risk news and gives you the BMS view:


Travel Security

The FBI have warned that hackers are targeting guests’ data when they log into hotel Wi-Fi. It warned of corrupt software update pop-ups when using hotel Internet connections overseas. When they clicked on the “update,” malicious software was installed on their computer.

Hotel Wi-Fi connections are especially risky because often they are set up without proper security settings. But all free Wi-Fi internet connections accessed when travelling can the likelihood of private personal or corporate data being compromised.

BMS view – It is important that corporate security procedures are kept up to date to ensure that executives are fully aware of the exposures they face when travelling and what they should do to protect themselves and the company. It is also worth checking the cyber insurances to see if there is any exclusion where such procedures have not been followed.


Cyber security for industrial control systems

Joel Langill, Chief Security Officer and Control System Cyber Security Specialist for SCADAHacker, explains how easy it is to hack into most PLCs and provides you with steps to take now to protect your operations.

BMS view – in this day and age all companies should have a form of cyber insurance in place that will help protect them from such breaches. It should rank up there alongside of buying property and business interruption coverage.


Reuters – Scores of U.S. companies have not disclosed breaches of their computer systems, even though eight months have passed since U.S. securities regulators issued guidelines on disclosing cyber attacks, according to leading security experts.

There have been lots of breaches in every industry that have never been publicized,” said Shawn Henry, the FBI’s former top cyber cop, who joined a new cybersecurity company, CrowdStrike, in April.

Henry said the FBI was working on 2,000 active cyber cases when he retired from the agency in March. “There’s only a handful of cases that anybody has ever heard about.” he said.

U.S. government officials and cybersecurity consultants have been raising alarms about the growing sophistication of attacks on private and government computer networks.

Some companies do not disclose cyber breaches because they feel they were not material, said Dmitri Alperovitch, founder and chief technology officer of CrowdStrike. He said he knew of a publicly traded defense contractor that lost intellectual property (IP) to China because of a cyber intrusion.

“The justification they used for not announcing is that they only do business with the U.S. government and it doesn’t really matter that the Chinese stole all their IP because the U.S. government will never buy from China, so it wasn’t really material to them,” said Alperovitch, who declined to name the company.

Henry and other top U.S. officials have underscored the severity of cyber threats by citing a case in which one publicly traded company lost $1 billion of intellectual property in a single intrusion over a weekend.

A Reuters review last winter of more than 2,000 SEC filings that mentioned cyber risks found that some companies revealed significant new information about hacking incidents, but the vast majority merely described a general risk of cyber incidents. Some defense companies and other firms known to have suffered computer breaches did not mention the incidents in their filings at all.

LinkedIn Corp (LNKD.N), a social network for job seekers and professionals, last week became the latest high-profile company to be hacked. It said it was working with the FBI to investigate the loss of millions of member passwords, but has not submitted any SEC filing on the matter

LinkedIn spokesman Hani Durzy said the company had complied with SEC requirements, and had been giving members and the public “ongoing disclosures” and updates on its corporate blog.

BMS view – not only is the scale of cyber crime phenomenal, but the losses involved are serious. All companies need to seriously look at buying appropriate protection, and the insurance market needs to work together to provide relevant cover and higher limits.

Click here to access the full BMS Intangible Asset Protection website, with expert, in-depth videos and case studies.

Article – Analysis of PIAA members 2011 reported data

David Spiegler, Executive Vice President and Chief Actuary at BMS appears in the Physician Insurer Magazine, Second Quarter edition.

David talks about the findings of the BMS analysis of the 2011 data reported for the PIAA group of member companies.

Click here to read a PDF of the Article

“Reprinted from the Second Quarter 2012 issue of Physician Insurer Magazine, Physician Insurers Association of America. Copyright, 2012.”

Click here for more information on the BMS Analytical Services Team and Products.

China’s Cyberwar Skills

Rupert Alabaster, Director BMS Professional & Financial Servicesresponds with his thoughts following  the  US report on China’s cyberwar skills, a risk to military  – profiled by BBC News, 8 March 2012. Rupert will be establishing a regular blog on the themes of Cyber Risk, Intangible assets and the insurance market.

There is more and more talk of the next confrontation being fought in cyberspace rather than with soldiers. Certainly, there is a concern that key infrastructure from utilities and government through to emergency-responder networks and banking systems maybe targeted.

And it will not obviously be one nation state versus another, at least on the surface. Rather all sorts of cyber groups may be at work infiltrating systems, manipulating, stealing and changing data.

As more and more companies become aware that it is not just a lone hacker sitting in their bedroom that could be interested in what is on their servers, there is a much heightened focus on cyber security. In turn, risk managers are being asked to buy cyber insurance as protection against security breaches. But – and it is a big but – cyber insurance policies are not all the same and few, if any, are specifically designed to protect against a coordinated attack on behalf of a State.

The problem is that most cyber policies carry a version of the traditional War/Terrorism exclusion. They vary in their language but generally the intent is not to cover coordinated State or politically motivated attacks. And with the US declaring that State coordinated cyber attacks could constitute an act of war (BBC News, 1 June 2011) you can bet that underwriters will look closely at this exclusion in the event of a big claim.

Cyber is not only the new front for war and criminal activity, it is also at the vanguard of new risks being identified and insurances designed. It is early days and the present crop of coverages have a long way to go before risk managers can sleep easy at night.

Click to view the BMS Wholesale, Professional and Financial Services homepage