“Best Practices: How to Protect Your Business Against Bad Actors & Cyber Threat”

Tech-related business insurance is evolving fast and Anthony Dolce, our guest on this episode of Chattinn Cyber, is a thought leader at the forefront. As head of Professional Liability & Cyber Underwriting at The Hartford, he brings 25 years of industry expertise to the myriad issues shaping policy development and recommended coverages for businesses – whether tech giants or third-party users of technology. Anthony explains the differences between Cyber and Tech Errors & Omissions (E&O) policies – as well as who needs which and in what combination. He also highlights for Host March Schein, National Co-Chair of the Cyber Center for Excellence, the confluence of factors that make tech companies such attractive targets for threat actors. You’ll learn about the most common – and damaging – cyber liabilities out there; things like network attacks, ransom ware assaults, data breaches, business interruption, data restoration costs and third-party vulnerabilities. And don’t miss our guest’s comprehensive list of best practices to control risk for companies of all kinds, whatever their core business. “Nothing’s a silver bullet, but you can help mitigate potential exposure,” says Anthony, whose Connecticut-based career began in claims before migrating to underwriting. Find out what differentiates The Hartford’s Tech E&O and Cyber insurance solutions and how their team of experts guarantee insureds the best possible outcomes when privacy breaches, data hacks or other negative events occur. (Hint: specialized expertise and preparedness are key!)

Key Takeaways:

  • Why taking a leap and moving to the business side at The Hartford was one of those pivotal choices that changed the course of Anthony’s career – and all too the good!
  • From claims to underwriting: How Anthony made the jump and why it has shifted his focus.
  • About the collaborative, social elements that define much of the underwriter’s process and goals.
  • What’s a Cyber Policy? If you’re doing business of any kind on the internet, then you probably need some form of coverage.
  • What’s a Tech E&O Policy? If you providing a tech service of some kind, then you probably need some form of coverage.
  • At the intersection: A look at insurance policies that simultaneously cover exposures in the realms of both Cyber and Tech C&E exposure.
  • About the evolution of Tech E&O + Cyber and coverages required in an internet economy full of data transmittal, management and risk exposures.
  • Why large technology companies are such high-value targets for threat actors eager to double-dip by accessing downstream secondary client information.
  • How The Hartford differentiates itself as an established carrier with a wide array of solutions for any business eventuality:
    • Stand-alone Tech E&O coverage.
    • Tech E&O coverage + cyber coverage.
    • A wide variety of mix-and-match options.
    • Specialized tech expertise to ensure optimal insurance outcomes.
  • About potential cyber liabilities unique to technology firms:
    • Network cyber-attacks.
    • Ransom ware attacks.
    • Data breaches (and related extortion).
    • Business interruption.
    • Data restoration costs.
    • Professional/product exposure due to third-party contractual, regulatory or subrogation issues.
  • Supply chain and systemic risk: A closer look at the variety of vulnerabilities passed down to companies impacted by global industry events.
  • Recommended best practices to note:
    • Perform regular software composition analyses.
    • Deploy tools to track vulnerabilities.
    • Undertake regular code reviews, including both static and dynamic scans.
    • Implement regular in-house or third-party security and resiliency testing.
    • Develop a solid IRP (Incident Response Plan).
    • Ensure that your cyber insurance carrier is an integral part of your IRP.
    • Stage incident response table-top exercises to align all stakeholders.
    • Establish a roll-back plan to close vulnerabilities and limit negative events.
    • Monitor your product and its resiliency.
  • Remember: There are no silver bullets; only solid preparation maximizes risk mitigation and rapid recovery.
  • Key Quotes:
  • “You only get so many pivots in your career, as I tell junior folks, and so I jumped at the challenge to be on the business side (at The Hartford) and I’m happy I did.” – Anthony (01:50)
  • “With underwriting, everyone is generally trying to get to a point where there’s agreement, a deal, a win. And that’s one of the things I really like about it.” – Anthony (02:54)
  • “When breach and notification laws came into existence when California passed its first law around 2000, you started to have the need for a number of different coverages both for first-party and third-party.” – Anthony (05:49)
  • “Tech companies accounted for nearly a quarter of ransom ware attacks within the last few years … and part of that is that they’re just a very attractive target by virtue of their interaction with clients and what they do.” – Anthony (08:32)
  • “You really do need specialized tech expertise (to) get the best result for your insureds and guide them through what can sometimes be a complicated scenario with both first-party and third-party coverages, depending on what’s happened.” – Anthony (10:34)
  • “One of the biggest areas of concern when I speak to general folks in the cyber marketplace is supply chain and systemic risk.” – Marc (12:42)
  • “Make sure you’re making your cyber carrier an integral part of (your) IRP. Utilize their resources and their claims folks, because they’re in-house experts at what they do.” – Anthony (15:46)
  • “For an incident response plan to be good, you need to test it and make sure that the decision-makers are in the loop.” – Anthony (16:03)
  • “Nothing’s a silver bullet but you can help mitigate potential exposure.” -Anthony (16:50)

 

ABOUT OUR GUEST:

An insurance professional with 25 years of experience in law and a wide variety of insurance-related positions in North America, Anthony has handled thousands of cyber and privacy matters and frequently speaks and writes on legal/insurance related issues. He has also managed teams handling a variety of lines of business including Cyber, Healthcare, Technology, Media, Employment Practices Liability, Errors & Omissions and Directors & Officers liability. Anthony is a graduate of UCONN Law School and a member of the Connecticut bar.