The pros of proactive cyber risk protection
It is evident that more needs to be done about cybersecurity, but as hackers and other threat actors become more creative with their cyberattacks, so must companies be more active in protecting their assets from breaches.
Last month, Toronto-based global cyber insurance specialist BOXX Insurance acquired the cyber threat intelligence platform Templarbit – a company whose technology enables companies to learn if their network has vulnerabilities that hackers can exploit.
Insurance Business spoke with BOXX Insurance co-founder and CEO Vishal Kundi (pictured) to learn more about the acquisition, and why the company believes so much in taking a proactive stance in protecting cyber assets.
Can you tell us about BOXX Insurance and what it does?
BOXX is specialist cyber insurance and protection company helping individuals, families and small businesses become cyber resilient and digitally confident.
Our mission is to make the world a digitally safer place – BOXX focuses on helping small & medium sized businesses as well as individuals and families, stay ahead of digital threats.
BOXX is HQ-ed in Toronto, with offices and presence in the US, Switzerland, Middle East and India. In Canada and USA, we operate as an MGA and partner with brokers to provide our flagship all-in-one cyber insurance and protection products: Cyberboxx Business Edition and Cyberboxx Home Edition. Across the world, we license our technology and services to insurers and large banks and retailers on a private label basis.
BOXX has strong strategic partnerships with the most respected underwriters in the world including Hiscox, Zurich, Munich Re and others.
We partner with government bodies and regulators, supporting initiatives to drive home the importance of digital safety – this year we launched our partnership with the Cyber Security Authority of Singapore as part of the Singapore government’s Cyber Safe program.
BOXX Insurance recently acquired the California-based Templarbit. What was the decision-making process behind the deal?
The flip side of having digitally savvy small businesses and an increased reliance on remote work is that malicious actors get more opportunities to strike. The range of potentially vulnerable enterprise assets is dynamically swelling and, as a result, companies big and small are sailing into the perfect storm of cybercrime. Cyber criminals particularly see smaller businesses as easy slow-moving targets. Ransomware raids, data breaches, supply chain attacks, and phishing scams have skyrocketed over the past two years and aren’t going anywhere anytime soon.
According to our research at least half of all reported cyberattacks on organizations originated from an unknown or crudely managed asset. To emerge unscathed, businesses need to know what components of their digital postures are the most enticing when put through the lens of an attacker’s mindset. Such visibility is key.
While relatively young, Templarbit has built state-of-the-art technology that alerts companies when their platform identifies vulnerabilities in their network that hackers can exploit. The platform autonomously discovers, classifies and analyzes an organization’s entire landscape of digital assets, the unique risk profile for each digital asset and the real business costs that would be incurred if a digital asset was compromised.
Building Templarbit capabilities into our offering will further strengthen and enhance these capabilities to meet the need for our target customer segment.
What will this deal mean for BOXX’s clients and partners?
BOXX’s purchase of Templarbit shows how strategically important we believe proactive cyber risk protection is to the continued growth of our business. We can now provide enhanced levels of insight for customers and partners to better understand their vulnerabilities and provide focus and directed support on how to address risk mitigation to better predict and prevent cyber risks from happening.
In providing an enhanced level of support and protection we help our customers predict, prevent, respond to, and recover from, cyber incidents faster and better.
The data we produce through this approach helps ensure we continue to improve and refine our risk assessment and pricing models and ultimately ensure we can help our brokers and clients optimize their cyber insurance spend. Anecdotally, we have seen that premiums can more than quadruple between a company that has good cyber security and one that doesn’t.
What are the biggest cyber threats being faced by small and medium businesses today?
Over 20% of Canadian businesses reported a cyber incident (source: Government of Canada) with small businesses being targeted by cybercriminals because they are often easier to break in to.
Cyber threats are always evolving, with the most common attacks against small businesses continuing to be:
Phishing involves sending emails asking for sensitive information or encouraging them to visit a fake website;
Payment and invoice fraud which involves setting up a fake invoices and requests for payment
Ransomware may include disseminating disk encrypting extortion malware;
Spear-phishing involves sending emails to targeted individuals that could contain an attachment with malicious software, or a link that downloads malicious software
DDOS (Distributed Denial of Service) attacks or subverting the supply chain to attack equipment or software being delivered to the organization.
How do you rate America’s cyber risk environment versus Canada? Do businesses in Canada face the same (or different) threats as those in the US?
On the global stage, Canada is well respected for its approach to cyber security. You can see this in a recent global benchmarking assessment, The Cyber Defence Index. Canada actually ranked fifth among 20 countries in its preparation for and response to cybersecurity threats. Australia was ranked number one. Canada’s average score of 6.94 was only narrowly behind the United States (7.13).
The ratings were broken into four categories, which were given weights to get each country’s final score: Canada scored 6.45 on critical infrastructure (USA 7.49), 7.12 on cybersecurity resources (USA 7.9), 7.29 on organizational capacity (USA 6.0) and 7.04 on policy commitment (USA 6.14). Canada ranked slightly higher on policy commitment which may reflect the federal government’s proposed cybersecurity legislation, demands on Rogers Communications after its huge network outage, and the proposed updating of the private-sector privacy law.