Priority breach response intrinsic to BHSI's Australian cyber-insurance debut

Policyholders given broad cover, rapid access to Symantec security specialists

The decision to forge a strategic partnership with Symantec is helping Berkshire Hathaway Specialty Insurance Company (BHSI) set the bar for cyber-insurance in Australia by supporting policyholders with rapid access to security specialists in the event of a breach, according to the newly-appointed local head of the firm's cyber-insurance operations.

Having begun designing its Australian cyber-insurance products early this year, BHSI's representatives realised the company “had a great opportunity as a new product to really be thoughtful about what we're putting in the market,” head of cyber liability insurance Emma Osgood told CSO Australia. “We took a step back and looked at what was crucial from a client perspective, and we realised the response has to be front and centre. Cyber policies are more of catastrophe or crisis cover in that an insured suffers a breach and they need an immediate response.

When people buy a cyber policy, they're not buying a promise to pay; they're buying a service.” The new policies include coverage for business interruption and rectification costs as well as third-party liabilities arising from a data breach, as well as emergency response costs to enable rapid access to the Symantec breach-response team.

If a company suspects a breach, BHSI will organise a group call with Symantec specialists who will collect details of the breach and triage the incident – allowing them to variously focus on remediation activities, troubleshooting, forensic investigations, and more.

A 'breach coach' – a qualified lawyer who “acts as a project manager to the incident” – will work with all parties concerned to manage the incident to a resolution. The joint response “is all built around speed and basically provides direct access to Symantec,” Symantec Incident Response Team APJ leader Paul Black explained.

“If you've got bad guys in your environment, speed is of the absolute essence. The way in which BHSI has constructed their policy gives their insureds the fastest possible response, and access to our team to start investigating. That's critical in the time of an incident.” Resources available to policyholders, Osgood said, also include legal expertise, forensic IT services, and public relations and credit monitoring firms “to handle the reputational damage that can accompany an incident.”

Because the cyber-insurance field is relatively new in Australia – and competing with conventional policies that a Centre for Internet Safety analysis suggested may not cover cybersecurity breaches and have significant exclusions due to vague policies – BHSI intentionally set out to simplify and refine the language used in cyber-insurance policies, Osgood said.

This included the use of words like 'all' and 'any' – uncharacteristically broad in an insurance industry where hedging exposure to risk is a way of life. “That's a big deal from an insurance perspective,” she explained. “Often insurers like to pinpoint specific risks that are covered.” “Given the evolving threat landscape,” she continued, “we want to be broad and say that if [a breach] happens it doesn't matter where it happens from. We're happy with that exposure, and we fully anticipate that we will pay losses. We want to be able to demonstrate that we can do that – and do that effectively.”

Join the CSO newsletter!

Error: Please check your email address.

Tags breachBHSIsymantecdata breach preventiondata breachcyber insurancesecurity breachcyber security

More about CSOEmmaHathawaySymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts