• Rosanna Hayes

QBE Introduce STORM’s 'Attackers Eye View' Service


In a group effort to combat the prevalence of cybercrime and the sharp escalation in ransomware severity, QBE Insurance hosted a webinar with our very own cyber Jedi, Neil Hare-Brown.


The webinar took place on January 21st, 2021 with QBE’s senior risk manager, Jaini Gudhka heading the call, together with Erica Kofie (Cyber Portfolio Manager), Elaine Beck (Cyber Underwriter) and Debora O’Riordan (Risk Solutions Practice Leader) on hand to answer questions.


Introducing the webinars objective, Jaini reported the spike in cybercriminal activity over the last 18 months, citing a report by CDN which outlined an increase in web application attacks by 800% in the first half of 2020. She went on to express further findings in research conducted by Checkpoint, illustrating the 80% increase in ransomware attacks in the UK, in just the third quarter of 2020.


In the latest Global Risks Report by the World Economic Forum (WEF), cybersecurity failure remains one of the world’s greatest threats and names ‘adverse tech advances’ among the highest listed existential risks.


QBE believe that businesses should be aware of their threat landscape, understanding their cyber risk exposures and how they can protect themselves against cybercriminal activity. Jaini went on to introduce the firm's long-standing partnership with cyber risk specialists STORM Guidance, who are on hand to offer their clients risk management consultancy and claims response services.


Webinar attendees were entered into a prize draw giving away 3 of STORM’s Cyber3, Rapid Risk Review services. Winners were randomly selected after the event.


As the founder of STORM Guidance, Neil Hare-Brown shared insights from his decades of experience in cyber and fraud investigations. With over 30 years’ experience in the field, Neil offered an insight into the ‘Attackers Eye View’, allowing attendees to understand what a cybercriminal can observe from their victim’s online presence.


Drawing attention to changes in the behaviour of fraudsters over the last 18 months to 2 years, Neil explained the way attackers are now undertaking their ransomware attacks, which now also include the theft of data. Ransomware as a Service is rolled out in call-centre-style, significant operations, where less skilled individuals can subscribe. They can then easily deploy the ransomware, paying around a third of their cut of the extorted proceeds to the service provider. In previous years, ransomware was dropped onto victims’ networks simply to encrypt their data for ransom payments. Neil went on to explain, “now they have two levers on their victims. Pay up or we won’t send you the encryption key to decrypt your data and pay up quickly, or we will release, or sell the sensitive data we have stolen”.


Statistics from the webinar

  • 12% increase in the total number of fraud and computer misuse offences for the year ending March 2020. (National Fraud Intelligence Bureau [NFIB])

  • 17,600 reported cases of hacking in the UK - only 57 led to prosecution in 2019. (RPC)

  • Q3 2020, saw a 50% increase in the daily average of ransomware attacks, compared to the first half of the year. (Checkpoint)

  • The top ransomware types in Q3 2020, were Maze and Ryuk. (Checkpoint)

  • Ryuk ransomware (as an example) attacks 20 organisations a week. Other ransomware types including Avaddon, Conti and many others are also behind the rapid growth in cyber incidents.

  • 80% of law firms report being hit by phishing attacks during 2019. (Information Age Magazine)

  • The amount of money pilfered in email scams in all their forms has been rising as much as 300%. (Information Age Magazine)

Neil went on to explain how criminals profile their victims, collecting valuable pieces of information, using a variety of tools and techniques. In doing so, the targets online ‘profile’ is created, which reveals their vulnerabilities in people, processes, and technology. These vulnerabilities can then be exploited in a ransomware or other type of cyber-attack.


STORM has created tools and trained a group of Open-Source Intelligence (OSINT) specialists who perform cyber profiling. The idea is to use the ‘Attackers Eye View’ and cyber profiling for good, to help insured clients understand their cyber risks. With this, they can make practical, often simple recommendations to help them remediate and reduce the attack surface. STORM can then report and provide consulting, enabling clients to reduce their vulnerabilities and significantly restrict the information that cybercriminals need to plan their attacks.


The webinar came to an end with a Q&A session, clarifying some further important issues:


Q: What is the average cost of a breach?

A: There are several elements to the costs of a breach: IT forensics, legal advice, and PR. The average cost last year was £88K per incident. From our experience at QBE, the average cost of a ransomware claim is from £60k - £350k. For Business Email Compromise (BEC), it is £50K - £350K. - Erica Kofie


Q: If we only have the budget to improve one thing this year, what should we focus on?

A: Multifactor or two-factor authentication (username and password, AND a one-time code generated by an authenticator app, or received via SMS). If I could name a second (aside from ensuring regular offline backups), I would say that making sure my resilience to ransomware was addressed by segmenting the network and reducing the number of administrative accounts. Attackers are always looking for an admin account to log in. - Neil Hare-Brown


Q: How much would a Cyber Profiler scan cost?

A: £500 for a single one-off profiling assignment, or £250 per month for a subscription. There are QBE discounts. - Neil Hare-Brown


Q: If you hold cyber essentials certification, would you consider this a ‘belt and braces’ approach for insuring cybersecurity risk is minimised?

A: Absolutely not; Cyber Essentials certification is not 'belt and braces', it’s very much 'the first rung on the ladder’ in IT security protection. If you have the certification, it’s good that you’ve got that, but it’s really just focussed on a few basic protections. For most of the issues that I’ve spoken about today, the safeguards required by Cyber Essentials would not adequately protect you. The best point of protection would be to run a more comprehensive risk review such as our Cyber3 assessment which - like Cyber Essentials - is also relatively low cost but gives you a more complete picture of your risks and how to manage them effectively. Moreover, Cyber3 also includes all the questions commonly asked by cyber insurers, so you can deal with the insurance aspects too. – Neil Hare-Brown


For more information about STORM’s services, you can reach us at contact@stormguidance.com.

If you’re looking at cyber insurance and would like to know more about QBE, you can contact erica.constance@uk.qbe.com.