10.20.2020

Carrier Q&A: Corvus

By Emily Short

Carrier Q&A: Corvus

Bcp tech recently sat down with Amanda Stantzos, Vice President of Cyber & Technology E&O Underwriting at Corvus, to gain some insight from the carrier side, particularly as it relates to the changing risks presented by the COVID-19 pandemic.

Obviously cyber risks existed prior to COVID-19, but I think the pandemic has increased awareness of these risks, particularly as they relate to remote workers.  What are you all seeing from the carrier side?

Couldn’t agree more! Now that everyone is away from the office and not connected to a secure network, we are getting inquiries about what measures to take to prevent a loss. Working from home can also mean employees may be required to use their own devices. These devices can be outdated or lack necessary security measures like encryption and antivirus.

Pre-COVID-19 we were seeing a large increase in ransomware attempts and attacks. This exposure has only increased as employees try to navigate their new normal that is working from home. We are seeing bad actors trying to trick employees into clicking on links that they think relate to the latest and greatest COVID-19 information, for example. The attackers are also attempting to exploit VPNs that enable secure access to environments, like the corporate network or server. They are also looking to gain access to RDP (Remote Desktop Protocol) ports that companies are using to perform virtual work.

How has Corvus addressed the changing cyber risks presented by COVID-19?

We are always looking for ways to make Cyber Insurance smarter and that includes educating our policyholders. We are finding new ways to alert our policyholders and brokers of emerging threats and latest news not only at the time of quoting and binding but also throughout the policy period.

We are scanning for open RDP (Remote Desktop Protocol) ports. If found, we alert the broker or current policyholder immediately with a suggestion of how to fix this vulnerability. RDP has been one of the most common attack vectors and the exploits have only increased as remote work increases.

Education, alerting and training are only part of our solution, however. Of course a robust cyber insurance policy is certainly needed. In regard to working from home and mobile devices, Corvus policies contain no direct exclusions based on the location of the worker. Our definition of Computer System is quite broad and includes mobile devices as well.

All Insureds want to know that if an incident occurs, the carrier will pay a covered claim.  Can you speak to Corvus’ claims’ handling?

Absolutely! We want all Insureds to view placing a policy with us as a partnership rather than just a transaction. After notifying Corvus of a claim, a claims handler will reach out quickly to discuss the incident, recommend vendors to help them respond, and facilitate introductions.  They will approve scopes of work, address any coverage questions the insured might have, and pay claims.  We also have our VP of Smart Breach Response, Lauren Winchester, available to assist with incident response.  She has helped over a thousand organizations of all sizes and across industries respond to cyberattacks.  But at Corvus we’re also passionate about making companies safer and helping our policyholders avoid incidents in the first place.  So we’ve developed a suite of risk management services, including our network scan and dynamic loss prevention report, and look for ways to engage and alert our policyholders about new threats to their systems.

What has surprised you the most about working for an Insurtech company?

The most surprising thing was probably the amount of time and attention to detail our team spends making sure our product and experience is enjoyable for the user. The user being the Broker/Agent, policyholder or even the underwriters. Whenever we have a ‘problem’ our team tries to find a tech-enabled solution which is such a refreshing change for the Insurance Industry. The products and value added services we are building with the help of data science are going to help change the way we view cyber insurance. No longer is it just a policy but a data driven risk analysis and risk mitigation features. I knew we had talent here at Corvus but every single day I’m amazed by what we can and what we are about to do!

Why should companies partner with Corvus for their cyber and technology errors & omissions insurance?

Corvus’ main goal is to empower commercial insurance brokers and policyholders to better predict and mitigate risk. We are constantly finding ways to make our product smarter by coupling new sources of data with machine learning and AI to drive predictive models that both improve our underwriting and help the brokers and policyholders.

Our Dynamic Loss Prevention program identifies vulnerabilities that fall into 8 different risk exposure groups that map to insurance coverages so they are easy to digest. We also provide IT security recommendations so the policyholder can take immediate action to mitigate their risk, and that is just the beginning! We of course have our robust Smart Cyber Insurance policy to compliment our technology. We use data science to deliver optimal pricing and coverage options. The form is top notch and constantly evolving as we find new innovative ways to enhance our offerings.

We are broker and policyholder focused. We are passionate about our technology and insurance products and will stop at nothing to make everyone involved smarter and more secure.