All Posts By

Elmore Insurance Brokers

Elmore Cyber Team Attends Cyber Round Table On SOC VS Attack Disruption

By | In the News

Attack Disruption: Reflections from Cyber Expo 2023

Elmore’s Rupert Hills and Charlie Sorby contributed to a round table at the recent International Cyber Expo. The topic was: ‘Traditional security operation centres (SOCs) are too passive to stop threat actors. Attack disruption is the new frontier of cyber defence’.  Here are some of the observations from the discussion. 

SOC weaknesses 

Security Operation Centres (SOCs) mainly focus on detecting and responding to security incidents, for which they use a variety of tools and techniques to identify suspicious activity. However, the traditional approach is now often deemed insufficient because threat actors are becoming more sophisticated and resourceful. As a result, attacks may go unnoticed until they cause damage. 

As detection is the primary line of defence for SOCs, they must wait for an attack to happen before they can act. This is a passive approach, and by the time an attack is detected, it can be too late.

Traditional SOCs typically respond to individual incidents, which means they lack a complete view of the threat landscape. This makes it difficult to identify and disrupt attack patterns. Also, as they are often understaffed and overworked, SOCs struggle to keep up with the ever-evolving threat landscape.

Prevention through disruption

‘Attack disruption’ is a new cyber defence strategy that can help SOCs outwit threat actors. The aim is prevention rather than cure, using tools and techniques to disrupt the attack lifecycle. Attack disruption can be implemented at different stages of the lifecycle, known as the cyber kill chain, such as reconnaissance, weaponization, delivery, exploitation, installation, command and control. 

Attack disruption has several important advantages: 

  • It is more proactive than the traditional SOC approach. Attack disruption teams will constantly look for and disrupt attack activity, thwarting attacks before they cause damage.
  • Attack disruption teams have a holistic view of the threat landscape, enabling them to identify and disrupt attack patterns that would be invisible to traditional SOCs.
  • Attack disruption teams are typically more specialised than traditional SOC teams and have the skills and expertise to disrupt attacks at different stages of the attack lifecycle.

Examples of attack disruption techniques

  • Threat intelligence can identify and track known threat actors and their tactics, techniques, and procedures (TTPs). The information can  be used to disrupt attacks before they happen.
  • Network traffic analysis identifies suspicious activity on networks. The information can be used to investigate and disrupt attacks.
  • Endpoint detection and response (EDR) pinpoints and responds to attacks on endpoints, isolating infected endpoints to prevent malware from spreading, and collects evidence of attacks.
  • Deception can be used to deceive threat actors and disrupt their attacks. For example, by creating fake honeypot servers to attract threat actors and collect intelligence on their TTPs.

The benefits of attack disruption

It’s clear that traditional SOCs are often too passive to stop threat actors and that attack disruption is a useful line of cyber defence in today’s ever-evolving threat landscape. There are three main benefits:

    • Fewer security incidents because potential attacks are forestalled 
    • Cost savings because the damage from security breaches is avoided
  • Stronger security posture to deter and thwart threat actors  

The benefits of cyber insurance

Both SOCs and attack disruption are examples of cyber security solutions that can be implemented in networks. Cyber insurance provides a layer of defence and can provide benefits such as:

  • Pre-incident support
  • Cyber extortion negotiation and ransom costs
  • Cyber business interruption
  • Costs arising from cybercrime
  • Costs arising from security and privacy breaches
  • Post-incident support

To find out more about cyber insurance, please contact us now

Bridging the divide

By | In the News

Elmore’s international teams may be separated by distance, with some staff in the UK and the rest in Portugal, but geography is no barrier to teamwork and strategy. Regular team-building exercises bring everyone together to discuss business, share information and ideas, and strengthen the brand.

Porto, on the Douro River estuary in northern Portugal, was the venue for the 2023 Year End Elmore Team two-day event. The teams are pictured in front of the famous Ponte de Dom Luis I, a double-deck iron bridge which was the brainchild of Gustave Eiffel the designer of the Eiffel Tower!

Presumptive insurance

By | Sem categoria

Web3 directors are you indemnified?

A Directors and Officers Liability (D&O) insurance policy provides coverage for defence costs and damages arising from actions brought against a company’s board of directors and/or officers as well as the company itself. A D&O policy comprises three parts:

  • Side A covers the directors and offices personally (ie, protects their personal assets) if the company can’t or won’t indemnify them in the event a claim is brought against them.
  • Side B covers the legal costs incurred by the company when defending directors and officers.
  • Side C covers security-related claims against the business, not against the directors and officers.

In this article, we’ll focus on protecting directors and officers if they are sued for actual or alleged wrongdoing when managing a Web3 company, and we’ll explore the concept of presumptive indemnification and its impact on a D&O insurance policy.

New company– standard articles?  

When a legal claim is brought against a director/officer by internal parties (other D&Os or employees) or external parties (or by both), a claim can often result in personal liability which subjects personal assets to potentially significant loss.

Web3 firms are especially vulnerable to legal action because of the evolving regulatory landscape, the fast burn rate of capital and the volatility in business model. There is little (but rapidly growing) legal or regulatory precedent in claims and investigations in the running of Web3 firms.

Because the industry is developing so fast and, in some cases, still finding its feet, some of the most common legal claims are for deceptive or false advertising, misrepresentation, breach of contract, and non-compliance. Claims are often made simply because a firm has not reacted fast enough to changing conditions.

Given the volatility of the marketplace, the financial performance of Web3 firms can fluctuate widely, and the presumption of wrongdoing can be more prevalent. Therefore, the directors and officers should ensure their articles of association or equivalent provide specific indemnification provisions.

In some cases, directors and officers can find themselves with little protection from their company, to the extent that they will only be indemnified by the company if after final adjudication they are found innocent of the accusation. This leaves the directors and officers in an uncertain position, as they may have to defend the claim themselves.

What is presumptive indemnification in D&O insurance?

This clause assumes that a company will indemnify its directors and officers to the “fullest extent permitted by law”. In other words, it does not matter what the company actually states in its articles of association indemnification provisions, because insurers expect the company to go beyond that to the maximum extent permissible.

With this clause in place, when a claim is made, the D&O insurance only covers claims relating to matters where the director was indemnified by the company or where the company was able to indemnify the director or officer, leaving the directors exposed to significant personal liability if the articles of the company do not require the company to defend the director.

Web3 directors and officers need to be aware of any limitations in the indemnification provided by their company. Any ambiguity or omissions could lead to uninsured liability in the event of a claim, and without maximum protection permissible under law, Web3 directors and officers could face a large, uninsured loss because of presumptive indemnification clauses.

Some D&O insurance policies will include a presumptive indemnification clause. For example:

“The Named Insured  and any other Company agree to indemnify the Insured Persons , including the advancement of Claim Expenses incurred by the Insured Persons to the fullest extent permitted by law or the functional or foreign equivalent.”

Side A D&O will protect directors and officers when they are not indemnified by their company. Scenarios include bankruptcy, regulatory and criminal proceedings, and acts of ‘bad faith; however, in circumstances that the company can indemnify a director and chose not to, then the director may find there is limited access to coverage.

As Web3 grows in popularity and becomes more mainstream, it is crucial to maintain and monitor sufficient levels of D&O coverage. We strongly encourage any firm, whether operating in Web3 or not, to be aware of indemnification clauses and buy right level of D&O insurance.´

For further advice and information on Elmore’s D&O services, please contact the Elmore Fintech and Web3 Team:

The only way is down

By | Uncategorized

Elmore is always ready to scale new heights and push the boundaries. And if it involves abseiling more than 200 feet down the Lloyd’s building, that’s no problem for Simon Gilbert, Elmore’s MD.

On 4 July, Simon took part in an abseil challenge to support the Lord Mayor’s Appeal, which was raising funds for three charities. Simon supported MQ Mental Health Research, and his fundraising page is open till the 23 July.

Thanks for any donations!

Artificial Intelligence (AI): A tool to increase cyber security or a new threat?

By | Blog

AI is rapidly changing the way businesses operate and shaping more aspects of our daily lives. But new technology also brings new threats because bad actors will be quick to exploit security weaknesses. However, if used to reinforce cyber defences, AI can boost security as well as undermine it. Let’s look at the AI balance sheet and examine the strengths and weaknesses.

AI defined

AI is not a single technology and definitions vary. It is best understood as a collection of evolving technologies that work harmoniously to duplicate different characteristics of human intelligence, meaning it has many facets, but there are two broad categories: narrow AI and general AI. Narrow AI performs a dedicated task or a number of closely related tasks, while general AI can handle a range of complex tasks and is more like the interpretation we see in science-fiction films.

Lack of regulation

Because AI is complex and fast developing, there is little regulation. Although there are no specific regulations in the UK, the Government recently published proposals for an AI rulebook , while the EU has drafted an AI Act, the first law on AI by any major regulator, but it is yet to be implemented. Governance and control is fragmentary in the US, and only China among the leading powers has taken a firm stand with new rules published in 2022.

AI in everyday life

We experience AI in many ways that we don’t realise. Common uses include virtual assistants, image recognition on mobile phones, and chatbots to answer customer questions. AI can also be embedded in hardware to support the internet of things and to power innovations such as autonomous cars. The use cases are growing by the day, which underlines the need for greater control.

One recent development is ChatGPT, an advanced chatbot that has huge potential to change everyday life but also poses many risks if innovation is not matched by the right protection and controls. One danger is that it will lead to more cyberattacks because, among other things, ChatGPT can create malware and help to craft more convincing phishing emails.

Cybersecurity: AI to the defence

To counteract the risks from new technology, AI can also strengthen defences in many ways. Examples include:

  • Identifying and analysing cyber threats, and providing immediate alerts so that appropriate action can be taken to neutralise a threat
  • Powering cybersecurity tools that can expose weaknesses in defence systems
  • AI-powered systems to support post-cyberattack investigations into why and how a security breach occurred
  • Behavioural analysis of hackers to assess attack patterns and modus operandi
  • Automation of manual tasks to eliminate the risk of human error.

Increase protection with the right insurance

AI can be a friend or a foe. In the wrong hands, it can facilitate cybercrime and have many unintended consequences. Regulations need to catch up with innovations, and AI must become a key weapon in cyber defence systems rather than a point of vulnerability. Insurance should also be part of the mix, to provide protection should a cyberattack succeed. Whether caused by an AI weakness or another system vulnerability, a cyber incident can be hugely damaging to any business. Elmore is an expert in assessing technology threats and providing the right level of cover. Contact us to discuss your needs.

en_GBEnglish (UK)