Your Cyber Year in Review, New Logj4 Vulnerability Update and More: January Cyber News Bytes

Cyber Insurance: 2021 Year in Review

We kick off another year of Cyber News Bytes by looking back at 2021 cyber insurance trends with a new article from PLUS Blog. In this article, Markel Corporation Managing Director and Global Cyber Underwriting Executive Kelly B. Castriotta provides an informative high-level review of the ten major 2021 cyber insurance themes and events that led to a tumultuous year and the significant changes we are continuing to see in the cyber marketplace. Castriotta highlights key information on “systemic” attacks (supply chain) and ransomware activities. She also discusses some of the topics that led to the evolving policy contract terms and cyber product underwriting changes the market is currently experiencing. These include various groups that have been formed to address this significant problem, the Colonial Pipeline attack, insuretechs, privacy laws, cloud exposure and more. 

Logj4 Vulnerability Update

Much has been written about the Log4j vulnerability, with much more to come.  In December, Matt Harrison of RMS provided an informative write-up of what Log4j is and why cybersecurity experts across the globe are concerned about the seriousness of the vulnerability.  While significant work has been done since Matt’s piece, and the total impact of the exposure is still yet to be determined, this story is another reminder of the systemic nature of cyber risk, which is currently front and center for all cyber insurers.

 The Maturity of Cyber Underwriting

As many cyber insureds are all too keenly aware, insurers have dramatically adjusted how they provide coverage over the last 12-18 months.  In addition to material changes in rate, retention, and coverage, the cyber underwriting process is also changing dramatically.  Resilience’s Gavin Reed discusses these market factors driving the underwriting trends in his recent PLUS Blog article.

Mitigating the Risk & Impact of Ransomware Attacks in the Healthcare Sector

One of the most targeted industries in the recent cybercrime epidemic has undoubtedly been healthcare. A recent article from JDSupra reviews recommendations from the 405(d) Task Group, a group that includes Federal Government leaders and hundreds of private-sector healthcare and cybersecurity contributors.   It features a link to a how-to infographic on ransomware defense, which provides guidelines on practical tips for building defenses.  It outlines guidance for before, during and while recovering from an attack. It also includes tips to limit security control gaps from an operational, technical and compliance standpoint.   Although the article is geared towards the healthcare industry, much of the guidance provided can also be applied to other industries. 

Join RCM&D and Booz Allen for a new cyber webinar series.

Hosted by RCM&D, this cyber webinar series will provide a brief update on the state of the cyber insurance market along with a detailed “ransomware readiness” presentation from Booz Allen’s Cyber Incident Response team. The series includes three separate sessions, the first two being industry focused for Education (K-12 and higher education) and Healthcare (hospitals, physicians, senior living), while the third and final webinar will be applicable to any business or industry. Please note that participants in the education or healthcare webinar would not need to attend the third session. 


RCM&D is here for you to help protect your cybersecurity. Talk to a trusted advisor today with any questions on these highlighted issues and beyond.