Shawn Moynihan, Thomas Dunbar, Greg Vernaci and Chris Lanzilotta at the "Best Practices for Controlling Your Cyber Risk" panel.

In the afternoon, National Underwriter Property & Casualty Editor-in-Chief Shawn Moynihan co-moderated a panel with Chris Lanzilotta, principal at Ernst & Young, titled “Best Practices for Controlling Your Cyber Risk.” The panel included Thomas Dunbar, senior vice president and head of information risk management at XL Catlin and Greg Vernaci, head of cyber, U.S. and Canada at American International Group.

During the session, Dunbar and Vernaci were asked about critical cyber risk scenarios for businesses and the best ways to mitigate those risks. Cyber risks are ever evolving, and Vernaci and Dunbar listed a few examples of risks that businesses were hit with this year, including ransomware, a malicious software cyber criminals can implement on companies’ computer systems that will block access until a sum of money is paid.

Similarly, cyber extortion is a threat businesses need to look into insuring against. According to Vernaci, coverage for cyber extortion can be found in cyber policies as well as Kidnap & Random policies. "It's important that clients, brokers and carriers really understand how the different insurance policies they purchase work together at the time of an incident," Vernaci explains.

Thomas Dunbar and Greg Vernaci discussed cyber risk strategies with attendees.

Another cyber risk scenario Dunbar touched upon was phishing emails. According to Dunbar, many small- to mid-size businesses have lost huge sums of money when a malicious email appearing to come from a business owner or CEO was sent to a financial manager. These emails typically ask for large amounts of money to be transferred into what end up being cyber criminals’ accounts.

“Many people do fall for these types of emails, as criminals keep refining their tactics to make the emails appear more legitimate,” Dunbar explained.

As for who exactly are committing these crimes, Dunbar explained the 70 to 80 percent of cyber attacks are committed by external sources like states, organized crime or “hacktivists” who believe they can make a point through denial of service (DoS) attacks. Only 20 to 30 percent of attacks are committed by criminals within a business itself. Dunbar stressed that most of the time “inside jobs” are mistakes like accidentally clicking on a phishing email—though sometimes they can be malicious attacks from disgruntled employees.

Vernaci and Dunbar also answered questions submitted by attendees, including concerns about cyberterrorism and ways to best present cyber policies to a company’s board. Dunbar and Vernaci recommended presenting straightforward facts and solutions to boards in order to efficiently implement the best cyber policies.

For up-to-date coverage of the Insurance Executive Conference, check out the #EXEC16 tag on Twitter.