Navigating the “cyber language” can be challenging for many insurance professionals. However, mastering essential cyber insurance terminology, phrases, and acronyms is crucial for establishing professional credibility. We recently hosted a panel discussion on the current and future state of the cyber insurance market. Throughout the session, our panelists delved into technical terminology associated with upcoming trends. To help you navigate what the “cool kids are saying” here is our 2024 cyber insurance terms glossary.
Top 10 Cyber Insurance Terms This Year
BEC (Business Email Compromise)
BEC is a form of cybercrime where scammers use emails to deceive individuals into sending money or sharing confidential company information. The scammer typically pretends to be a trusted authority figure, requesting payment for a fake invoice or sensitive data for future scams. BEC falls under the umbrella of phishing, which involves sending deceptive emails or messages impersonating legitimate companies to trick recipients into disclosing personal information like passwords and credit card details.
Phone Bombing
Phone bombing is where threat actors use malware to bombard victims with incessant phone calls to disrupt operations and overwhelm communication channels. Social engineering attacks have become increasingly prevalent, targeting both individuals and organizations.
Passive Vulnerability Scanning
Passive vulnerability scanning is a method of assessing potential weaknesses in an organization’s digital infrastructure without actively engaging with the systems. Unlike active scanning, which involves probing systems for vulnerabilities, passive scanning observes network traffic and system behaviors to identify potential security risks. This approach helps insurance providers understand the overall security posture of an organization without directly interacting with its systems. This means that underwriters can make more informed risk assessments and decisions without overly-intruding on their insureds’ systems.
Honeypots
Honeypots are designed to resemble easy targets, luring cybercriminals and enticing them to attack. However, they are not genuine targets, and hackers often realize this only after falling into the trap. This controlled setting allows research teams to study attacker actions and to preempt the next, most disruptive CVEs.
Contingent Business Interruption (CBI)
Contingent Business Interruption (CBI), also known as Dependent Business Interruption insurance, is a form of coverage that reimburses a business for monetary losses stemming from interruptions in the operations of its suppliers, customers, or other crucial third-party entities. This insurance addresses lost income and extra expenses incurred due to business interruptions and suspensions.
Read more about CBI here.
Proactive Cybersecurity
Proactive cybersecurity is a strategy that emphasizes taking preventive measures before cyber attacks happen, rather than just reacting to incidents like hacks or data breaches after they occur, which is known as a “reactive cybersecurity approach.” It focuses on prevention rather than solely responding to threats. This may include activities like penetration testing, where ethical hackers are hired to assess a company’s current security measures.
For more information on proactive cybersecurity, Mercy Komar, CCIS Graduate and Community Leader, wrote a guide.
Adversarial Underwriting
Adversarial underwriting means using the tendencies of attackers to our advantage to predict risk. There is a logic to risk patterns and how cybercriminals are likely to act. Data scientists can use this understanding to accurately quantify and predict risk.
Systemic Cyber Risk
Systemic cyber risk occurs when a single cyber event affects multiple insured parties. For instance, if a cyberattack successfully targets one aspect of a digital business system, it could quickly spread to other parts of that system and even affect other companies operating on the same network.
Read our full guide on systemic cyber risk.
Triple Extortion
Triple extortion, a growing trend in cybercrime, is a type of ransomware attack that involves combining encryption, data theft, and Distributed Denial of Service (DDoS) attacks to compel the victim into paying multiple ransoms. This technique has become more frequent, with data exfiltration rates rising from 40% in 2019 to 77% in 2022, and expected to surpass previous totals in 2023. This trend is likely to continue into 2024, signaling ongoing reliance on cyber extortion tactics.
Cloud Jacking
Cloud jacking, a phenomenon where cyber attackers seize control of cloud accounts, experienced a surge in activity throughout 2023. Exploiting vulnerabilities within cloud systems, attackers utilized tactics such as phishing or stolen credentials. Once the attackers are inside the system, they steal sensitive data, implant malware, or disrupt essential services. Notable trends included increased attacks on SaaS applications and ransomware locking organizations out of their own cloud data.
The cyber insurance industry is known for its volatility, and 2024 will be no exception. We’re here to ensure that insurance professionals navigate this turbulent landscape with clarity. Our goal is to illuminate the key trends, technologies, and terminology that define this dynamic sector. Save this glossary of cyber insurance terms for easy access throughout the year – it’s sure to be useful!