Author: rockandbloom

Rate Updates

Home (Page 2)

Paul Martin and Colin Rooke discuss rate updates for commercial and personalized policies.

Listen to the full podcast here, or read the transcript below.

Paul Martin:

Welcome to Risky Business Commercial Insurance with Butler Byers. This is Paul Martin, the business commentator on CKOM, and joining me, Colin Rooke, Commercial Risk Reduction Specialist with Butler Byers. And today, Colin, we’re going to take a break. We’re not going to talk about forest fires, we’re not going to talk about cyber. We’re going to just get into stuff that real people can understand or that would bump into is applicable to real people every day. And that’s just where rates are going. And over the course of this program, we’ve talked a lot about how volatile rates have been and what are some of the driving factors behind them. And the very core of this show is how you become a better customer of the insurance industry so you can get better rates, better coverage, all that sort of stuff. So where are we? We’re coming up to the midpoint of the year here as we record this show. And have you got some trends or indicators? Can you tell us which way premiums are going this year and is it surprising or is it really what you were anticipating?

Colin Rooke:

Yeah, so I’m going to talk about both the rates on commercial policies and personalized policies. So we typically spend a lot of time talking about commercial, but I find the really interesting trend is actually on the personalized side and very specifically to Saskatchewan, but overall when it comes to commercial rates, so we are still seeing rate increases, but the rate increases are decreasing. So we have the data in from Q1 and most of it in from Q2, and we’ve seen two quarters now where although rates are going up, they’re at a lower percentage than previous quarters. So we are seeing pricing start to go the other way.

Paul Martin:

The trend line is flattening out now?

Colin Rooke:

Yeah, it’s flattening out. So there’s a lot of talk of, is there a market softening? And I wouldn’t say that, I would say that it’s starting to normalize, but I will say we are for sure out of the hard market where you’re looking at staggering increases with really no rhyme or reason. And specifically when it comes to commercial insurance, some of the really hard hit areas like construction and hospitality, I mean if anyone’s listening that works in a restaurant or in the hospitality industry, hotels, they, they’re seeing more capacity. So rate going the other way, more options, which certainly for those, it’s a really good trend. I mean, they, throughout covid were hit with almost unaffordable year over year increases. But the good news is that, yeah, the premium increase, the percentage increases are decreasing. And so we are going in the right way and we talk about being a better customer of the insurance market. So these are the averages. So the worst case is in there too. The most claims written customer that will ever listen to this show, you are in there. And so it just shows you’ve got more opportunity to work on your presentation to the market and really earn those discounts because they are there and capacity is opening up and there’s more markets looking for a new business.

Paul Martin:

Over the course of time, we talked about how the insurance companies were really facing a situation. There were so many catastrophic claim years that they were going to have to rebuild their treasuries. And if I’m hearing you right, they may be catching up to that where they had drained those treasuries, paying claims in really rugged years for the industry, and now they’ve been playing catch up. Now you’re saying they might’ve caught up a little bit?

Colin Rooke:

Yeah, they have, and again, depending on the industry, there are some sizable decreases out there. And it’s typically for those industries that were the hardest hit. So again, back to hospitality, for those that have long memories, they’ll say, sure, my premium’s going down, but it’s nowhere near the 2018, 2019 level, but some relief is good. They said, look, we have paid out too much in claims. We have to recoup that. And I think now they’re saying we’ve recouped quite a bit and now we can go out and grow the book again. We’re feeling confident that more rate is warranted, but we can back that off a little bit.

Paul Martin:

Well, it’s probably reasonable to assume that we’re not going to go back to 2018 rates. I mean, we’ve been through a bout of inflation here. Obviously the value of property and buildings in particular factors into this in a big way. And you don’t have to read very much in the way of headlines or listen to the news every day to find out that man housing and construction costs have gone up dramatically. I think about, especially on the institutional side where governments were projecting what it would cost to build a hospital or whatever, and when the tenders come in, they’re actually double or more that the cost of construction has gone up. And so that’s got to be factored into today’s premium, whether you like it or not. And it’s not going to take us back to 2018 is sort of my point.

Colin Rooke:

Yeah, you are correct. And that’s going to be evidenced in sort of the next segment where we talk about home insurance premiums and why they’re on the rise. But just to give some sort of final context closure at this time in 2023, the average rate industry-wide in Canada increase was 8.9%, and now across all lines is 6.81. So it is turning around, it’s going any other way. But yeah, back to your comment about rising construction costs and where does that money come from? Home insurance premiums are increasing across Canada, however, the two hardest hit provinces overall by a significant amount are Saskatchewan and Manitoba. So across Canada, roughly 8% year over year increases. However, in Manitoba and Saskatchewan, you’re averaging about that 12%. And again, that’s the best and the worst in here. So depending on who you are in that spectrum, it could be quite a bit less, but also quite a bit more.

Paul Martin:

Well, you’ve obviously piqued our interest now, home premiums, personal lines, premiums in Saskatchewan going up faster than pretty much any, any other part of the country that’s going to make us sit up and pay attention, I guess. And the logical question is going to be why, what comes out of that? And then maybe I’ll get you, we only have about 30 seconds before our break, so maybe get started on that and then we’ll talk a little bit about when we come back, about what we can do to protect ourselves, if anything.

Colin Rooke:

Yeah, essentially, even though inflation is cooling off, the real culprit here is high claims costs, storing repair and replacement costs and climate-related disasters. And particularly in Saskatchewan and Manitoba.

Paul Martin:

Yeah. Well, I mean even just the past few days talking about tornadoes, that seems early in the year for those kinds of conversations, but they’re now being cited and confirmed in Saskatchewan and Manitoba. So there’s the two provinces. Has the tornado alley come to play in this?

Colin Rooke:

Again, it’s all weather related disasters. And yeah, certainly there’s concerns for this year because I think this is one of the earliest years there’s been tornado warnings, and I was reading the articles around it that is this even, right? And so they’re factoring that in, but they’re also still recouping from weather related losses last year. And then of course, yeah, predicting this upcoming year. So quickly before the break, 200% increase in Q1 as an example in water related events, cold weather, climate related events, which is not helping here.

Paul Martin:

Alright, we’ve got to take a break. We’ll come back and explore those two numbers that you just put out there when we get back. You’re listening to Risky Business Commercial Insurance with Butler Byers, Paul Martin here, be back after this. Welcome back to Risky Business Commercial Insurance with Butler Byers. I’m Paul Martin, and joining me, Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. Colin, before the break, you talked about the magnitude of claims on the personal side, the of weather related things and cold weather. I mean, we had some, they talk about January was the warm and all that sort of stuff, but sure didn’t feel warm to me. I mean, we had some pretty brutally cold days and I am guessing you don’t need too many hours of super cold weather before you start getting insurance claims.

Colin Rooke:

So again, we were discussing, okay, why are home insurance premiums trending up and why in particular Saskatchewan? And it comes down to a few factors, and one again is replacement cost to rebuild, and that’s a Canada wide problem, but that’s certainly being factored in across Canada. So you’d say, okay, well that might explain a lot of the average increases. However, specifically in our area, we’ve seen a staggering increase in the first quarter of cold weather related claims. So we’re talking burst pipes as an example. That’s not the only culprit, but to give some context as to what that could be. So we’ve got pipes freezing, flooding out the home, very costly to clean up on average just to repair a burst pipe. You look at about 16,000 in Canada. So again, that’s not helping the cause. And then kind of globally you look at, okay, again, what’s driving up rate? There’s a lot of concern across Canada and if any broker listening to this show, if you spend any time talking with a realtor, this comes up all the time, but we have a disproportionate amount of knob and tube wiring, 60 amp service and aluminum wiring. And so built into these increases are, I don’t really want to say penalties, but rate adjustments for these legacy issues or concerns. And then if you have a home with 60 amp service and knob and tube wiring as an example, and then you go to sell that home to a new buyer, any grandfathering of the policy gets eliminated and you either can’t get insurance, you can get good pricing if you fix it all, or if you can’t fix it or can’t address it and they will insure you, you’re going to see a sizable rate increase. So that’s a big issue for Saskatchewan as well.

Paul Martin:

I guess I’m surprised to hear that we have a disproportionate number of homes with those particular features. Does that surprise you when you encounter that data?

Colin Rooke:

Yeah, I mean maybe. I think, yeah, I guess I was surprised to see that you think, well, if you have a home built prior to the 1950s, it’s going to have knob and tube. But I guess my speculation would be that with sort of how with the large insurer that we have that has a lot of the home insurance market, if they’re able to grandfather this in, if you’re not being forced to change it, you’ve been with the insurer for a while and they’ve been very generous with sort of bylaws. If you haven’t been forced to change it and your electrician is saying, well, properly maintained your family is safe, then maybe just less of a likelihood that you would replace it. Like Saskatchewan has fewer home insurers than the rest of Canada in this market. And so it’s probably a function of that. I assume, again, if you’re not being forced to change it and you’re just sort of naturally addressing these problems by way of renovation, et cetera, then maybe they’re just not getting addressed as quickly as they should.

Paul Martin:

And so effectively, you’ve said to me here that we’re seeing some moderation on the commercial premium side, but on the residential or personal side that the trend line is upward, not like it is in commercial. We’ve got sort of divergent lines here.

Colin Rooke:

Yeah, so there’s no sign that home insurance premium as a whole are going to decrease. And it doesn’t appear that the rate increases year over year are softening. And I don’t really have, I mean, there’s things to look at. There’s certainly credits if you haven’t considered this, almost every insurer, if you consent to a soft credit check, there’s a lot of savings available there. And then just making sure if you’re moving homes, depending on what you’re buying, is it up to if you’re going from an older home to another older home, just know the risks, talk to your broker, walk them through. If you tell the broker after the fact what you bought, you’re sort of subject to whatever pricing structure is available to you. But if you’re hearing these topics and you’re thinking, does it impact me? Or again, I’m thinking of moving or I’m going to a newer home to an older home, just realize that if a lot of these policies could be grandfathered and you might be in a situation where you can’t find coverage or you can’t get coverage until a significant renovation has occurred. And again, this is on the minds of realtors all the time. It’s a familiar conversation that we’re having. I have a client and we looked at it, the previous owner was paying X, and now my client’s got to pay three times. What gives? And it’s typically these old bylaws, grandfathered bylaws that are no longer being accepted.

Paul Martin:

Interesting due diligence that I think probably most people don’t think about when they’re doing the notion of home buying. Listen, we’ve got a couple of minutes left before we wind up today. And I wanted to talk about a topic that you had indicated to me is it’s catching some attention. And that’s these new e-scooters that we see everywhere and they’ve really grown in popularity, and that’s kind of a grey zone for the insurance side of things.

Colin Rooke:

Speaking of things that people don’t think about, so really neat idea, right? You can open an app, jump on the scooters, zip around the city. However, from the insurance perspective, there’s a lot of grey, which when it comes to a claim you don’t like. So typically, and I’ll say typically because I don’t want to represent every policy there is, but e-scooters are not considered automobiles. And therefore, in the event of an accident, there’s no auto policy that’s going to come into play in the event the driver of the e-scooter hurts someone or something. So typically in an auto related accident, auto hits a pedestrian, the auto insurer is the piggy of the claim, but in this case, it’s not a registered automobile, and so no coverage. But the other problem is the e -scooter is not your property and it’s not part of the home insurance. So there is some coverage available, and again, depending on insurer, I don’t want to speak to all of them, but there’s coverage for e-bikes because e-bikes are just not a bicycle. And yes, they have some power to them and you can use them as a tool to help climb over obstacles. And so they are considered part of the home insurance policy unless they’re going over a certain speed. And again, I don’t want to talk about all cases, but being general, however, an e-scooter is not an e-bike and not used for climbing obstacles and giving you an extra push when you’re exhausted, it’s really a method of transportation. So just want to warn people that are one, using these on the sidewalk, I know you’re not supposed to, but people do, or on the road that there’s grey area for bodily injury that you might be in a position where you are being sued and you’re not protected by an auto fund, you’re not protected by your home insurance. And so if you’re in the habit of using scooters as your method of transportation, beware. Yeah, beware. Maybe you use Uber and you decide not to use Uber to get around. You want to use e-scooters because it’s more cost effective. Just speak to someone and make sure in the event that you cause some harm, that there is coverage or at least know the risk.

Paul Martin:

Colin that’s always very insightful stuff, and I think we are going to be talking about that one for a while to come. You’ve been listening to Colin Rooke, Commercial Risk Reduction Specialist with Butler Byers. This is Risky Business, I’m Paul Martin, thanks for joining us and we’ll talk to you next time.

Wildfires

Home (Page 2)

Paul Martin and Colin Rooke share what homeowners can do to mitigate risks from wildfires.

Listen to the full podcast here, or read the transcript below.

Paul Martin:

Welcome to Risky Business Commercial Insurance with Butler Byers. This is Paul Martin, the business commentator on CKOM, and joining me today, Colin Rooke, Commercial Risk Reduction Specialist with Butler Byers. Colin, we try to keep the show as timely and current as possible, and we will react and respond to things that are in the headlines on a daily basis and that story that is capturing, oh, so much attention these days, the wildfire season. It’s early this year, it’s, we haven’t seen as much in Saskatchewan to date, but clearly Western Canada is feeling it from British Columbia through to Manitoba and communities being evacuated. This is bringing back memories of Fort McMurray of a few years back, and just that the whole topic of fires and that brings insurance right to the forefront of the play, doesn’t it? I mean, devastating and catastrophic fires and insurance tend to go in the same sentence. So when you see this, what are your customers saying? What are you seeing? How are you reacting to this as an industry professional? What take is yours on the story of wildfires?

Colin Rooke:

Yeah, it’s an important conversation, first of all, with this risk to Fort Nelson, and it’s a risk that’s growing. I have an article that’s two hours old, and of course every hour the fire is getting closer, but we are within about a kilometer away from Fort Nelson being the first catastrophic loss, wildfire loss in Canada.  And that’s a big deal. You’re now into the hundreds of millions, if not billions in damages. And so it’s got the whole insurance industry talking. As you can imagine, we’re subject to a lot of newsletters from insurers, and they’re all talking about limited binding authority or just a warning in these areas. And so they’re already either taking a stance or preparing to take a stance. And so it’s something to be aware of. And it’s not just about if you’re saying I’m in Saskatchewan, like you said, not really a risk today, but it does impact you depending on the primary insurer for the area. And if that primary insurer is your insurer, they’re out the money. And we’ve talked about risk management and being an excellent customer of the insurer, well, if these losses are in the hundreds of millions or billions, the insurer or insurers are going to look to recoup that. I mean, there’ll certainly be some reinsurance, but they’re going to look to recoup that. And so one, it’s just important to be aware of what’s going on and how this could affect you. And then really it just trickles down to being that great customer. If you’re anywhere near an area that could be subject to wildfires. And I’ll give you a quick stat. So the CEO of the Institute for Catastrophic Loss Reduction said there’s about 60,000 plus communities across Canada that are located in places that are posing a significant wildfire risk today. At first, I thought it was 60,000 people. I thought that wasn’t bad, but communities, they’re saying 60,000 communities today are in areas that are a risk of wildfire. And so it’s not just a BC problem, it’s not just a Ford Nelson problem. And of course, we’ve got the fire near Fort Mac. It’s an every person problem. And certainly in this province, when you look, if you do any business up north or if you have people with that work for you, a seasonal cabin, sorry, I was going to say seasonal dwellings, that’s what we call ’em in insurance, but cabins or vacation homes. And so it’s a very important conversation to have, and it’s something that needs to be on your mind.

Paul Martin:

It strikes me, Colin, that as just a homeowner or if I have the family cottage or something, when you think you talk something, the magnitude of a wildfire or catastrophic fire, I feel pretty insignificant in this. And fear becomes the big factor. And they’re probably calling you to say, provide me with some comfort here. Help me with this. That’s why they go to people like you to buy some security. What advice do you give? How do I as a homeowner become proactive in this? What can I do to protect myself to fight these things? Is there anything I can do? I mean, you alluded to be a good customer, and maybe we should just talk about what that looks like, how you actually go about doing that.

Colin Rooke:

Yeah, you made a comment. I’m going to do a quick aside about people reaching out. And so just as a sort of industry tip or some advice, when there’s a wildfire near a place that typically has cabins, vacation homes, we’ll get a lot of phone calls, people that say, this cabin’s been in the family forever, not worth a ton, so we haven’t bothered to insure it. Now there’s a fire nearby. We’d like to, and just as public service announcement for all brokers, best case scenario, they will not allow you to buy any home property insurance within 50 kilometres of a wildfire. However, insurance companies are very good at getting on this, and they’ll remove binding authority for everybody as soon as they think there’s a rift. So that means no insurer or no broker, not just Butler Byers, they will say, absolutely nobody can place any new business for homes or vacation homes in this area effectively, immediately. And so we’ve talked about binding authority on the show, but it’s our ability to actually place insurance on behalf of the insurers and they remove that quick. And so again, just a quick note that if you’re worried about this, do something in advance. Now, on the proactive risk management side, and it’s a great topic for the show, we’ve put a lot of effort into, okay, well, we can’t stop fires, but there’s a lot we can do to mitigate whether it’s a business or your home itself. And we did a show years ago around wildfires, and you see these images where the whole neighbourhood’s burned down and one home remains with green grass, and not even the fencing was touched. Well, there’s actually a lot you can do to completely, I shouldn’t say completely, but really mitigate the risk of your home going up in flames. And you might think it’s common knowledge, but it really isn’t. And so we’ve got some simple guides that checklists that will let you know how prepared you are. But we also have for both business and home or cabin in depth guides, that really walks you through everything you can do. In the previous show, we talked about zone one, zone two, zone three; zone three is your first line of defence, and it says, this is what you need to do X amount of metres out. And if you do that, it reduces your risk of fire by such. And then zone two further reduces it zone one. So for those that are worried, it’s an excellent tool to consider using and work on this preparedness.

Paul Martin:

That’s a topic that I want to dig into a little bit more. And of course, you piqued our interest with, yeah, what is it about the one house that survives on the street when the fire goes through an entire neighborhood? And I want to explore that a little bit because I’m sure that it caught my ear. No doubt it caught our listeners ears. So we’re going to take a little break and when we come back, maybe we can dig into that and also we can walk through some tips for business owners about first to protect your business, but also if you’re in the face of it, what are some good business practices that you need to deploy in terms of how do you deal with employees and how do you just deal with customers and how do you position yourself in the event that your community may be facing this? We’re going to take a little break. You’re listening to Risky Business Commercial Insurance with Butler Byers, Paul Martin here. We’ll be back after this.

Welcome back to Risky Business Commercial Insurance with Butler Byers. I’m Paul Martin, and joining me, Colin Rooke, Commercial Risk Reduction Specialist with Butler Byers. Colin, just before the break, you made the comment, and I think we’ve all seen this footage, and everyone from the firefighters to the news reporters to those of us who watch this are fascinated by the fact that a fire can rip through an entire neighbourhood or a community, and one or two houses are still standing. And how is it, and you said there are things you can do. Can we talk about that a little bit? What are some of the proactive measures a homeowner can undertake in order to put themselves at least increase the chances of their property surviving?

Colin Rooke:

Yeah, I mean, I think it starts as really serving your property. And so we have this, we’ve got a checklist. It’s really a wildfire or fire preparedness checklist. And this would be, you’d say that these are the basics, right? So it talks about pruning any tree branches within two meters of the ground. Makes sense, removing dead plants and trees. Have you done that? Keeping grass short, which it’s funny, people don’t think about this, but watered healthy green shortcut grass is a huge fire deterrent, and it makes sense, right? If you’re not watering and it’s dried out, fire’s going to rip right through that. A barrier around your home, a separation, and people are thinking, oh, my landscaping is going to suffer. No, that’s not what I’m saying. Don’t plant grass right up touching to the house. In fact, it looks nice if you put a little dirt or rock in there, surround your home with dirt and rock, and that is a fire deterrent. And so this just walks you through what you may or may not have done and the basics. And then we talked about these three zones, and this really gets more in depth, and it’s not any items that aren’t doable, but it really just says, okay, have you thought about the type of shingles you use, the type of material you have, the window coverings, the type of windows, the height and length of trees, what type of tree? And for someone that’s for example, building a new cabin or you’re building a new home near an area that there could be wildfire, or even if you’re next to large fields, these are items that you could take into consideration to say, maybe I can do things slightly different and then really mitigate the chances of fire. In our previous show, we talked about embers, and again, this is years ago, and I’m going off memory, but there’s multiple types of embers, and that’s what you actually have to worry about most is these embers traveling tens of kilometres in the air and landing. And so my point is, if you see a wall of fire heading towards your house, that’s 21,000 hectares. I’m not going to tell you that I can assure your home’s going to be okay. But where all these spinoff fire start is again, it’s usually embers carried in the wind, and that’s where you can really make some big steps to save your property versus the neighbour’s. So if you’ve set yourself up, maybe the ember goes right out, or maybe again, the neighbour’s home’s a blazed, but yours is untouched because of the steps you’ve taken. But the real point is whether you’re a business and it’s a totally different guide for commercial developments or a home, we can help alleviate a lot of that stress by reaching out and just saying, look, I want to protect my home. What can you give me? And the nice thing is we’ve made that easy as well. And something that we also haven’t talked about is, okay, there’s physically protecting your home, but what about the commercial side of this? We typically talk commercial applications on this show. Well, we also have an HR guide is what I’ll call it, but it’s more about policies and procedures. What can you do as a company to alleviate stress and boost engagement during a wildfire season? So if you have employees, we can give you a newsletter to send out to say, look, if you’re worried about your home, come talk to us or take these steps, which is really going to help with productivity sick days. But it also talks you through should you consider a leave for employees that need to protect their investment, and what’s the benefit to the business if you do so? You’ve got a lot of research there. So it’s not just protecting the business or the home, but a lot of the background operation stuff we can help with as well.

Paul Martin:

It’s an interesting point because we alluded to earlier in the show that fear is one of the great things that comes with this. If you’re facing the prospect of losing your house to a catastrophic fire, the group of employees within your organization, if they’re all collectively feeling that fear, odds are your business is not going to be performing as well as you want it to. So how can you be a good employer? We’ll have these policies set up in advance, and you’re going to do a lot to build that bond and relationship between employer and employee. If you can demonstrate, hey, the boss has got this in hand, they’ve actually thought about it, then they have a policy in place.

Colin Rooke:

Exactly. And again, if you’re worried about it, reach out. And depending on your level of worriedness, I mean, we can even connect you with the National Institute of Catastrophic Losses if you want. It’s not just for brokers, it’s not just for commercial applications. I’ve attended many seminars. In fact, the guy that talks about fire preparedness is amazing, and we did a show as well on protecting against hail and what I’ve learned from that, and they did a quiz initially on roofing types and materials. What’s the safest? And I was completely wrong, frankly. And I think that was the point, but it’s that planning side, it’s thinking in advance, and then just hoping that you’ll be okay. And as an aside, I just realized the show we did, we were talking about the Maui fires, and in the town of Lahaina, there was this old, old home that was completely untouched, not even the car. And I referenced why, and it was very, very deliberate fire preparation, and that sparked the conversation around this person was very purposeful in protecting against wildfire, and the result was green grass, no property damage at all, not even the car. So if you’re on an island in a town that gets completely destroyed by wildfires and you can survive, then you can mitigate losses.

Paul Martin:

There’s something to this. Yeah.

Colin Rooke:

There is. Yeah. Yeah.

Paul Martin:

And maybe we just got a minute left here, so maybe we’ll just summarize. I think you invite people to reach out and you’ve got these guides, step-by-step guides. That’ll give you some guidance, some advice, some tips, some hints. All they have to do is reach out to Butler Byers. You’d be more than happy to provide ’em free of charge.

Colin Rooke:

Absolutely.

Paul Martin:

You’ve been listening to Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers talking all things about insurance and commercial insurance in particular, but a very timely topic that we addressed in this particular program with the threat of wildfires now moving through Western Canada. And it’s not often you see the federal government stage entire news conferences to talk about their preparedness for fires. So clearly this is an issue that’s turning heads everywhere across the nation, and there are things you can do to protect yourself should you own some property that could be in the path of one of these fires. Thanks for joining us. This is Risky Business. I’m Paul Martin. We’ll talk to you next time.

Business Email Compromise (BEC) Scams

Home (Page 2)

Paul Martin and Colin Rooke discuss the dangers of Business Email Compromise (BEC) scams.

Listen to the full podcast here, or read the transcript below.

Paul Martin:

Welcome to Risky Business Commercial Insurance with Butler Byers. This is Paul Martin, the business commentator, and joining me, our usual man across the desk in the studio is Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. And Colin, over the course of the last few years as we’ve done this program, we’ve spent an awful lot of time on cyber, cyber coverage, cyber threats, that whole word cyber. It’s in the news every day. We’re always hearing about scams and people being, whether that’s ransomware or their data is being held hostage or whatever. Even in the face of all of that and that conversation, there’s still a lot of people who don’t really truly understand what we talk about when we say cyber cybersecurity, cyber threats, it’s, it’s one of those words that’s in the lexicon, but you ask somebody to define it, it gets a little bit more challenging. And you see this in the world of business all the time as you’re trying to explain to people, this is a real threat to your enterprise. And they go nod their heads, but their eyes kind of glaze over at the same time, they have a hard time grasping. What are you seeing with this when you bang on a business owner’s door and you say, let’s talk cyber and the threats that are associated with it and the implications for your insurance coverage, what are you hearing back from them?

Colin Rooke:

Yeah, that’s a really good point. We were in meetings actually with a cyber liability insurer at the office here, and we talked about that you are now, there was a period where cyber was considered new and you think about the target attack and it hit mainstream news, and then cyber went quiet for a really long time, and now it’s on the forefront, you can listen to the news, they’re talking about data breaches. There was another very large and it had a breach, it’s on the news now and so it is top of mind you can’t ignore it. You can no longer pretend you didn’t know what it was or much about it. But despite all the information out there, there’s just still a giant misconception as to what is it? What does it entail, what are my risks? And as evidenced by when we beat the door down, as you said, we often find ourselves faced with trying to explain that when we’re talking about cyber, we’re not worried about your backups.

The idea that you say, oh, all of our data is stored off site, we’re fine. That’s not what this is. And then we don’t do a lot of credit card transactions or we don’t store any credit card information. And I just wanted to spill that myth, that is also not what we’re talking about. We’re not concerned with that at all, I mean, backups are assumed. In fact, if you didn’t have backups, there’s no cyber liability insure anyway, that’ll quote you. So the idea that I say my data, it is not we’re talking about, so we’ve developed this guide that really explains in layman’s terms, if you have a breach, what is actually going to happen to you? What is it going to look like? And for the most part, it’s Business Email Compromise, that’s where it starts, or BEC scams. And so we’ve got this guide that we’re happy to distribute to anyone that wants to learn more, but I think it really does a great job of just walking you through what happens, how are you targeted, why are you targeted? What are they after? How do they know they’re after it? And so we can send this out, you can read it. It’s something that you could distribute to the whole organization and just ask people to have a quick read. It’s not a detailed incident response plan. There’s nothing that anyone has to do, but it’s full of these kind of ahh-type moments in here of what we are talking about when you have a breach, why they do it and what the result is, ultimately.

Paul Martin:

I get a thought that comes to mind here when you’re doing it, and it’s kind of a throwback to the 50s of Desi Arnaz saying to Lucy, “You got a lot of ‘splainin to do here”. You must be very frustrated when you look at business people and all they hear is, you’re talking away and they hear “Wa wa wa”, and this cybersplaining that’s going on. I mean, it’s as much about education as it is about identifying the threats, isn’t it? It’s just trying to get people to get their head around understanding the breadth and the width of this challenge that we’re all facing.

Colin Rooke:

Yeah, a tough one, right? Because you think just to use Target, very, very old breach. I mean, let’s assume that Target would have a larger IT budget than, and so to be able to say, well…

Paul Martin:

This is Target, the department store in the US, I mean major big publicly-traded retailer known globally.

Colin Rooke:

Exactly. So is it honestly possible that a smaller enterprise as it all figured out, and giant Target just didn’t have backups? They didn’t malware protection, it is a targeted attack. In fact, I haven’t mentioned this in years, but I actually met and worked with the broker who handled the claim from the plumbing and heating company that caused the whole Target breach and all it was, was a very simple business email compromise. And so they thought they were dealing with Target and sent some things to Target they shouldn’t have. So they let the malware in passed it along, and that’s that.

When you talk about, again, Business Email Compromise scams, all this is a cyber criminal, impersonating what seems like a legitimate source, like a senior level employee supplier, vendor partner, ad rep, someone that you regularly do business with. So gone are the days where it’s the Saudi prince that’s going to send you millions or the misspelled or odd looking letters, they don’t do that, they put a lot of time and effort. And the average cost across North America of a successful BEC scam is $4.9 million, and so they put the work in. So how do they get there? How do you become a target? Well, it’s not mass email. It’s not because you’re on a dark web. They pick you out. They go to your company’s website, they look at your LinkedIn page, they look at key individuals. They want to know their social media profiles. What they do, they want to know the hierarchy within the organization.

I mean, they read every email post every company bulletin newsletter, and then they come up with a plan of attack. And to make matters worse, with the help of AU, they could do this in seconds, what used to take months. They can do in a few seconds all that intel, but it’s all very deliberate because they’re looking for key people in a vulnerable situation working on a known subject. So how does it start? Ton of research. Then when the research is done and they know as much as they can about the organization, they pick a target one person, they deliberately go after one person that they think they can influence and they’re very good at it. And all the eggs go into this basket and you are the focal point prior to launching the attack.

Paul Martin:

All right, we’ve got to take a little break here, but you made a comment or a statement that I want to really come back and pursue when we come back and you said “they” meaning the bad guys, put the work into it, and I guess we can learn from that, so we’ll talk about that. You’re listening to Risky Business Commercial Insurance with Butler Byers. We’re going to take a little break, back after this.

Welcome back to Risky Business Commercial Insurance with Butler Byers. This is Paul Martin, and joining me, Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. And just before the break, you alluded to the fact that the cyber attacker, the criminal puts in the work they do, the research, they prepare to take you on, to come at you at a very pointed, deliberate process. And I guess the message in that for business owners is you too have to do the work to protect yourself to repel or rebuff these attacks. Is that a fair comment?

Colin Rooke:

Yeah, really good point. I mean, they’re going to spend a ton of time learning about your organization before they select an individual and they launch malware, malicious malware. And so by the time that person is selected, they’ve got a lot of, well, they have a big investment in this breach. And so back to why this guide was developed, this is part of the answer. This is part of the mitigation of a potential attack to at least understand what’s happening and why it is pretty common for executives to blame someone in the front office for it was probably this temp worker wasn’t paying attention and clicked something they shouldn’t. Nope, not true. They want the accounts of individuals that has access to funds, access to sensitive data, HR personnel that has payroll and employee data. They’re after the top. This is not an entry level position type scam.

Paul Martin:

It’s an interesting point is that you will talk to the business leader in an organization. They may have a couple of hundred employees. In all likelihood, the message you delivered to the owner or the CFO doesn’t probably leave that office, it’s not transmitted through the organization. But at the same time, as you say, it’s people with access to the funds that are the target. So it’s probably the leader who’s actually the most vulnerable in all of this, which is ironic, isn’t it?

Colin Rooke:

I can say with certainty that I don’t have a real stat here, but I’ll say most of the time the person that I am speaking to about the nature of the risk is also the one that calls me saying, “I made a mistake and I don’t know what to do”. But for those that are uneducated, they typically would say, “Well, it won’t be me. It’ll be someone under me”. But it doesn’t make any sense to target someone with no access. I mean, if you’re going to impersonate someone, if you’re going to trick someone into moving a large sum of money, it’s going to be CEO asking CFO. It’s, there’s going to be an urgency to it. And furthermore, and why we have this guide is you’ll say, well, years ago there was this fraudulent email that came through that was loosely looked like Paul Martin, a whole bunch of spelling mistakes, some verbiage in there that I knew it wasn’t Paul, I deleted it and I learned my lesson, nope. When they launched the malware, not only do they follow, so when they pick their target, launch the malware, they follow everything you do, and then they learn who you interact with most. And then they launch malware to follow those people. And by the time they’re ready to trick you, they know how you think, what you do when you do it. And they also know how the other end responds. Each and every time. They are experts, they know more about your patterns than you would know about your patterns. And then when these mistakes happen, it just seems like a regular course of business. You transfer a fund, you accept something from someone else. Oh, there’s a little hiccup. Please call the bank. You call the bank, you’re not talking to the bank. The bank sends another account number. You send it to that account number. Sometimes they go for a third. I still didn’t get it. I don’t know what’s going on here. Try this one. And then at some point someone says, Hey, stop. I’m a little worried about this money. And then you look into it, you never spoke to the bank. It never went where you thought, and either you have a breach, the fender has a breach, but you’ve been tricked. And I guess that’s what I want to dispel today, that in order to stop this from occurring, you need to understand who is targeted, why they’re targeted, and what types of tactics they use. A super interesting one that I guess really isn’t talked about. Well, actually two, data theft. So you’ll get an email from what looks like your own IT people saying, “We’ve got a breach on the go. Please change all your passwords and do it quickly”. And again, you’re not even speaking to your own IT. You think you are, you change all the passwords, you’re being monitored and they steal. Or another one, how many people would question an email from their attorney? And so the attorney impersonation email only comes to you in the event that you’re regularly working with an attorney. So you’ve got some litigation underway, you’ve been writing some big checks for some time now, and lo and behold, a big check around the time they would ask for the money or an attorney saying, we’re able to settle, my advice is to do the following. You call the attorney, the attorney answers, that’s AI, you send the settlement, is all fake. And so this guy, again, goes through all that so you can understand how the cyber criminal thinks at minimum. So then you can prepare yourself better when it happens to you.

Paul Martin:

So I mean, this sounds a little bit daunting, right? I mean, not a little bit, a whole bunch daunting for average. We got real lives to live and we’ve got real businesses to run and to spend the time trying to grasp this as one of likely a dozen threats we have to worry about. This is why you’ve come up with this guide. You just make it really easy for people to, you short circuit the system really by just making, here’s a quick thing is how long would it take me to do it? What would I get out of it?

Colin Rooke:

Yeah, you can read it in five to 10 minutes. It, it’s not designed to be exhaustive, but it’s pretty all encompassing. You would certainly get the gist and there’s help in there. It’s not all, “This is what it is, this is how they’re going to get you”. It does talk about what you can do. And Paul, you and I have joked about this and we’ve talked about it on shows, but if the attorney reaches out urgently with a settlement, “Write a check, write a check”, and if the attorney says, “Oh, that wouldn’t be possible to take a check. We got to have this thing firmed up in the next 17 minutes. Do a transfer”. You say, “Not a chance”, but they get you. They know your patterns, they know what you’re stressed out about, they know what’s on your mind. But yeah, so this guide walks you through what it is. It’s easy to circulate. You could put it right into your employee handbook, have people sign off on it once or twice a year. They got to read through and sign off, but you’ll at least leave knowing, okay, I’ve got the basics. I’ve had a crash course, a mini masterclass in what Business Email Compromise scams are, how it is how they’re going to get to you. And yet there’s still this myth out there that I know I’m not going to download a zip file, nothing good comes from zip files, no one uses them. That’s right, they don’t. But they do use Dropbox and it’s going to come from someone that regularly sends Dropbox files.

Paul Martin:

All right, well, a bit scary. But you know what? You can protect yourself. It is about, the bad guys are going to do the work, you might have to do a little work yourself. You’ve been listening to Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. Today, we’re talking about Business Email Compromises and a guide that you can call him up or his office and his team and just ask for a copy, and he’d be pleased to supply it to you. I’m Paul Martin, this is Risky Business. Thanks for joining us, we’ll talk to you next time.

Artificial Intelligence – AI

Home (Page 2)

Paul Martin and Colin Rooke discuss the latest in AI.

Listen to the full podcast here, or read the transcript below.

Paul Martin:

Welcome to Risky Business Commercial Insurance with Butler Byers. This is Paul Martin, the business commentator, and joining me as always, Colin Rooke, Commercial Risk Reduction Specialist with Butler Byers. Colin, as we get rolling into the end of the first quarter of 2024, I imagine we’re talking about that already and looking at Q2, I mean, you look at the headlines and you look at listen to newscast or whatever, and the story of the day, AI this, AI that, AI is going to solve all our problems, AI is the cause of all our problems. Artificial intelligence is really gaining a lot of attention, and I guess it is in the business world too. I’m wondering, we haven’t really talked a lot about this, but anytime there’s a major development in business, I guess it probably has some impact on commercial insurance. So thought maybe we better talk about that. And I’m guessing, but I’ll let you fill in the blanks. Are there implications with AI and commercial insurance?

Colin Rooke:

Yeah, AI, it’s a really good topic. Obviously people are at this point aware of AI. There’s a lot of talk in the news, really everyone is talking about AI and really mixed emotions around it. If you’re really into tech, this is something that’s quite cool. I spent a ton of time talking with my son. He uses AI all the time, and he’s usually the one pointing out to me what new app or new program is coming out and what it can do. And if you’re less sort of in the know or aware, it’s really easy to have a lot of AI related concerns. So what I want to do is just talk about ways that AI will impact or the workforce in 2024 and beyond. So I’ll start with some stats around it, ways that it’s going to change the workplace, but then I do want to talk about the risks to your company or how to prepare for this new reality with AI.

So it can do a lot of great things, but then there’s steps you need to take as well just to make sure you’re doing it the right way and you’re thinking, again, of the risks. And I’ll tie that into how is this going to impact commercial insurance program? Why would an underwriter care? And then if we’ve got some time, I just want to talk very quickly about a really neat to me way that hackers or cyber criminals are
getting your info that I honestly can’t believe I hadn’t thought of. Almost a little ashamed, but also I find it very interesting.

Paul Martin:

Well, now you’ve got our interest. So let’s first talk about AI though, and the implications for those in leadership positions in business. What considerations do you need to be thinking about here?

Colin Rooke:

Yeah, so the global AI market is expected to grow by about 35, 40% each and every year. And I know that’s just predictive, but really the point is that AI is here to stay and it’s going to continue to change how we look at work. And so some of the things that, key things that are really going to help the workplace is one enhanced decision-making capabilities. So for example, HR professionals are able to leverage AI, which in the field there’s a lot of burnout. HR professionals do a ton of work, a ton of stress, and frankly, they’re often working in areas outside of what they went to school for. So you’ll hear from HR professionals, I’m spending a lot more time training and working on implementation than I am policies and procedures and big picture stuff. Well, AI can really help with that. AI can help with workflows and building out performance objectives and evaluations and helping other managers in the company look for screening questions for new employees.

So one of the great ways that AI can help, another thing, and everyone that’s heard about AI is pretty aware of this, but increased productivity. So the stats show that depending on the role and depending on the type of company you’re in or you own or manage, up to 60, 70% more efficient. And just if you look at workflows, all the redundancies, there’s just a lot in there that you can automate. So that’s going to change the workforce or continue to change in 2024. The other thing that one of the ways it’s going to impact the workplace is a lot more focus on the legality and ethics around AI. So now that it’s not new, as new and exciting as it was anymore, there’s a lot of questions and concerns about policies and procedures, the access to data infringements on personal information. And so you’re going to hear a lot more about policy makers saying, okay, this is how you can use AI and this is how you can not use AI.

And there’s a lot of concerns around where they get their information and are they taking it from a source that frankly you are allowed to borrow. And then when it comes to hiring, overall, employers really need to think about skill-based hiring when it comes to AI. So if you’re dabbling with AI, you want to understand, okay, how can AI help us in these areas like productivity? You really need to hire people that are either familiar or have the ability to learn and adapt, work around and help implement AI for your company. So these are sort of four ways where it’s going to impact the workplace in 2024. And then I’m going to talk next more about, okay, how to prepare a workforce for the use of AI.

Paul Martin:

Well, these are big, all of those are big topics. I suppose the legal part is that’s likely long ways until we get that sorted out. But some of the things that you talked about in terms of just the interface between employer and employee, that hits us right today, and it hits every company regardless of size. And I’m guessing that’s where a lot of the attention is being focused these days.

Colin Rooke:

Yeah, absolutely. And so when you talk about the pros of AI, like productivity and then what the media is saying, one of the things that you need to be thinking about is how does that impact my current workforce? I mean, there’s a lot of worker unrest around AI and what it can do, and does it affect my job security? So when you talk about, again, productivity and automating routine tasks, if you’re not careful in explaining what tasks you mean to automate and how that will impact your current workforce, you risk low morale, increased turnover, and frankly, just great employees leaving, thinking their job may be threatened when there’s a chance that it’s not threatened at all. And so very, very important, you think about, okay, what do my people think about ai? And really consider if there’s not a broad understanding the impacts it could have.

Another issue, and I touched on the focus on legality and ethics and transparency around ways it’ll impact the workplace is regulatory concern. So if you’re using AI, and AI is operating as the 13th man in your company, you have to realize that anything AI produces you will help be held accountable for that content. And so again, are you infringing on any laws? Knowingly or not? Knowingly is something that
you really need to be aware of. Another big issue is increased cybersecurity risk. So again, you’re using a bot or any sort of AI-based technology. We have cyber criminals that are aware of this. And so what cyber criminals do is they’ll create dummy sites to data poison, so they know that people are looking for certain info. They create sites that would be very juicy to artificial intelligence, and therefore when accessed, they may be downloading well, either a virus itself or they can actually use different methods or tools to change ability, which then opens up the organization to, they call it stealth attacks as a result. So again, something to think about that you’ve got an automated program acting as your company. Well, how vulnerable is that program? The other thing, and again, it’s a little-

Paul Martin:

Just before you jump into that, Colin, we’ve got to take a little break and I don’t want you to lose that thought, but let’s come back and pick that up in just a moment. You’re listening to Colin Rooke, Commercial Risk Reduction Specialist with Butler Byers. This is Risky Business. We’ll be back after this break.

Welcome back to Risky Business Commercial Insurance with Butler Byers. I’m Paul Martin and Colin Rooke, Commercial Risk Reduction Specialist with Butler Byers is joining us today. Colin, just before the break, I kind of cut you off there. I’m sorry about that. But you’ve been raising some questions that I think employers and those in management positions and businesses really need to be getting their head around as with the arrival of AI. And it’s no longer just a novelty, it’s actually working its way into our day-to-day operations.

Colin Rooke:

Yeah, it is. And one of the points I want to end on is sort of the risks of the use of AI, and then I’ll talk about what you can do about it. And I think this is probably next to worker unrest. One of the most more important things to consider is distribution of harmful content. And so you have to realize that AI is still computer based. It is still learning and on what is asked of it or the way things are asked, it is going to deliver certain content. And so if mistakes are made in the prompts, whether intentional or not, you really need to watch the content that emerges as a result. And so if you’re not, there’s a lot of reliance on AI to do the work for me. And so you type into AI, a certain subject matter, you sort of paraphrase, it looks good, you maybe really don’t read the whole thing, but it looks like a great response.

And then later you realize there is offensive language or AI took a slightly political position that you didn’t realize it did, or may have taken a certain stance on a topic that you didn’t quite realize AI was taking. And then you also have to realize that the end user ultimately thinks you are the one that did this. And so it’s something to be very cognizant of, especially when you have individuals in the workplace using AI. They may be misrepresenting the organization they work for and not really being aware that they’ve done it. And so to prepare for this to mitigate risks, which is what we’re here for and what we specialize in, it’s just it’s very important to have comprehensive policies around the use of AI. I mean, that’s first and foremost, what am I allowed to do with it, if anything at all? So we can help with that, but it’s very important to have policies in place around AI.

Well, and then another point is I talked about worker unrest. Kind of the number two issue here is foster psychological safety. Let the people know AI is a tool, not a replacement. You don’t have to fear AI. And when we talk about automation, it’s typically redundant tasks that if you ask the individual, if they like to do those redundant tasks, they will typically say no. And so then you can appease a lot of these concerns by explaining, yeah, we’re going to automate a ton of what you do, but not to render you up to lead, to free up your time for bigger and better things. And I think when you look at what we’re planning here, it’s going to be the stuff you hate doing. And that’s another really big step in preparing for this future with AI.

Paul Martin:

Well, this gets us into the realm you just keep, every time we open a door here, it leads to two more corridors, and I think we could chase around on this forever. But before we run out of time today, you teased us a bit at the beginning of the program with something that is a cyber threat that is so obvious we forgot to even notice it. Maybe I’m going to get you to elaborate on that right now.

Colin Rooke:

So I spent a ton of time over the last 10 years learning everything I could about cyber, cyber risks. We do this program, I’ve had other vocational speeches, and I’m pretty good at predicting what could cause a breach and I missed this one. QR codes, you can’t trust them,that’s the new thing. So QR code sends for quick response. We’ve all seen them, those squares that have a ton of data embedded. Sometimes it can be an article, a website, a menu at a restaurant. Well, they’re taking QR codes and they’re either replacing it. So the QR code at the end of the table at the restaurant, that could lead you to a hacked website. It could look just like the menu, but it’s not. They’ll put posters up in airports, public places, they’ll create a fake event, scan this to learn more about it. There’s the virus right there. So what’s interesting though is these hackers, cyber criminals have learned that people trust them. People trust the QR code, they see a QR code, they’re not worried about scanning it. And so now the new thing is we’re going to modify those. We’re going to hack your device. We’re going to jack your URL. We’re going to send viruses. We’re going to Phish using that. But yep, I hadn’t thought of that. And it makes complete sense. Scan this to download the app for this program you want, well, it’s a virus.

Paul Martin :

They’re starting to put them on TV screens now. Commercials will actually feature a QR code and say, here, screen this or scan this while you’re watching a television program or something. And so they’re coming not just in fix like the poster that you see in the hallway, but it’s actually they’re bringing ’em right into your house.

Colin Rooke:

And for example, let’s say you’re streaming. You’re streaming your favorite Netflix show and you didn’t pay for ad free and then up pops a commercial with the QR code, and it’s a product you’re interested in. And suddenly that’s now it’s a virus.

Paul Martin:

Colin, you never cease to amaze me with the things that you remind us that we should be cognizant of and how even just the most innocent things in day-to-day business life, really, you need to look past the obvious and to understand what implications those have for my businesses. And I guess that’s the reason for this program, is we talk to business leaders, to owners, to those in management to say, we’ll help you through this. There are lots of things out there that you don’t have time to think about. That’s what we do. So reach out to Butler Byers and we’ll be pleased to walk you through. There’s step-by-step plans, and to just remind you of some of the most recent threats that are out there that you probably didn’t even expect. You’ve been listening to Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. I’m Paul Martin, this is Risky Business. Thanks for joining us. We’ll talk to you next time.

Cyber Market Update Ransomware Returns

Home (Page 2)

Paul Martin and Colin Rooke give an update on ransomware.

Listen to the full podcast here, or read the transcript below.

Paul Martin:

Welcome to Risky Business Commercial Insurance with Butler Byers. This is business commentator Paul Martin, joining me as always, Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. Colin, end of the year start of a new year. This is the time when we start to get data and we get analysis of trends and which way things are going when we get year end figures. I’m assuming they’re starting to trickle in now as we get a little bit into 2024. One that was prevalent a couple of years ago and we really didn’t talk about much last year was cyber and the ransomware and all of that sort of stuff. But I gather it’s making a bit of a comeback. Is that a fair description?

Colin Rooke:

It is, yes. Very fair. So 2023 was the largest as far as successful Stiver, ransomware payouts 2023 was the largest ever recorded after, yeah, it really did take a dip in 2022. You’ve got Russia in conflict with Ukraine, so when they’re focused on war, they’re less focused on while stealing your data or encrypting it or deep fakes social engineering. And so there was a dip. And then I’m assuming, and yeah, I’m sort of blaming Russia, but I’m assuming that the war is getting quite costly. It’s lasting longer than they thought it would. So they’ve really ramped up the efforts. And it is very interesting that ransomware is back. Now, the type of ransomware has changed, but for the last 18 months or so, I mean almost actually closer to two and a half years I’ve been saying it’s really gone away. We’re now in the era of AI and social engineering and deep fakes where they’ll spend months learning.

They’ll be in your system for months learning every keystroke so they can replicate you. Exactly. And then they strike. However, that’s proving to be a lot more costly. And so they say, let’s go back to old reliable, where we can go for the big game, the big fish, or at least the big dollars. It’s not necessarily only the big company, but just they’re saying themselves rather than death by a thousand cuts. We’ll just go back to large ransomware payouts. And so yeah, just big changes in the industry. So to give you some context, the grand total for successful reported ransomware payouts was exceeded in the fourth month of 2022, or sorry, 2023. So they beat the 2022 total four months into 2023. And then the average payout, or I guess successful payout has gone up four times that of 2022. And so it’s more often and it’s larger dollars. And then I guess what I find very shocking as well is when it came to ransomware across the industry, so all industries all reported 40% of extortion payments were successful 40% of the time. If they had something you needed, you paid the freight, which it is a pretty high success rate.

Paul Martin:

Those are staggering numbers. And to think that it had gone away, or at least we had the perception that it had gone away. In fact, all it was doing was evolving. And I guess any other business, the business of being a cyber pirate, you look at ways to get more efficient and lower your costs and increase your revenue. And they were able to start to figure it out that I don’t go for your whole envelope of data, I just start to get more selective and get the stuff that’s more sensitive.

Colin Rooke:

And it’s really important to understand that this is for profit. There’s colleges, there’s whole organizations that only exist for cyber crime, and these are not individuals playing pranks on companies in their basement. I mean, this is big business. And so they took a step back. And so the nature of ransomware as completely changed. So they are essentially moving away from data encryption. They’ve determined that on the cybersecurity side of things, that it’s proving to be more difficult to get in. They can do it, it just takes longer. So it might take a week to actually get ready to encrypt from the initial breach. And then it takes a lot of manpower to both encrypt the data and then actually when the ransom is paid, it takes a lot of manpower to get that up and running. So they’re saying, we don’t like that because that’s a lot of overhead.

And so the more successful they are, the more overhead they have. And maybe they don’t like paying employee benefits, I don’t know. So what they’ve turned to is back to sensitive or restricted data. And so rather than say we have just turned everything off, and if you want that back, you’ll pay the following. They said too much work. They’re looking for sensitive data, restricted data, data that you don’t want out. And all they do is say, this is what we have. If you don’t pay the following by X, we’re going to release it. And so the challenge with that is when you’re dealing with encryption, you’ve got some choices. You can say, I have backups. Yeah, we’ll be down for a week, but we prepped for this. We listen to call and show we’ve got an incident response plan, and we we’re pretty confident that we’ll be up and running right away and the impacts will be minimal. And the cyber crime experts know that. And so they say, okay, well yep, we’re going to go back to those tidbits that you will pay to not have released. Or if we do, there may be litigation against you for losing it. And that seems to be the new angle.

Paul Martin:

It is just getting more sophisticated, isn’t it? I mean, this is the whole point, and you made a comment earlier and I had like to explore that is that I gather to a degree, this is state sponsored stuff as well. Some of these, you talk about the war in Russia and Ukraine, that part of this is a mechanism for funding the military effort, isn’t it?

Colin Rooke:

Yeah, they say that.

Paul Martin:

I guess we don’t really know, but we can speculate on that.

Colin Rooke:

Yeah. Where if you look at where the crime is primarily centered, the activity and the investment in these publicly, or sorry, yeah, publicly funded schools, it certainly appears that there’s an investment made and its government involvement. Another interesting stat that it’s funny that I have to completely change my tune on from the last five or six years. So I used to say, and the data now reflects a totally different argument, that if you were a victim of ransomware, there was honour among seeds that said it all the time, that typically you aren’t hit again. And the other funny thing about this business is that there’s a lot of competition. So there’s some research that shows now that 80% of organizations that do pay are victims again. And also 29% of extortion victims. When that company does in fact pay, that data is still released. Nonetheless, I guess there’s less honour among CS and because of competition, there’s no real list that says this is off limits. We already got them once. They’ll come back because they know that someone else is going to anyway. So it’s particularly concerning.

Paul Martin:

Alright, we’ve got to take a little break, Colin, so just stand by. We’ll be back in a couple of minutes. You’re listening to Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. This is Risky Business. I’m Paul Martin back after this.

Paul Martin:

Welcome back to Risky Business Commercial Insurance with Butler Byers, Paul Martin here. And joining me is Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. Colin, I guess what we’re seeing is this evolution that we’ve been talking about in the way the cyber criminals and ransomware is being played out now. So even if you’re kind of up to speed as a business owner, you really have to refresh yourself on this, doesn’t it? Because this game is changing and the way the pirates are coming at you is changing and evolving as well. You’re seeing any other trends here? Are we able to see in data what direction this thing is moving into?

Colin Rooke:

Yeah, another, I guess, shocking overall trend. Then I’ll give some sort of industry trends on the nature of the crime and where it’s going. But so what’s happening? So there’s a new, I guess, big game target, and these are third party vendors. And so rather than go after the mothership, they’ll go after a third party supplier. And often that is an IT provider. And so a cautionary note is that when choosing a third party vendor, someone to, if you’re outsourcing your it, you really want to make sure, I guess you are feeling they have a handle on your cybersecurity. You want to see a detailed plan, you want to be completely up to speed, you want know that they’re going, they’re lifelong learners because again, I guess in the effort to be efficient, they’re saying, well, rather than go after one company, we can go after a company that services hundreds, maybe thousands of companies, and then we can extract sensitive data from it and all of them at the same time. And so I’ve talked about cloud providers, how they’re just a business as well, and that your data could still be lost, but there seems to be a trend saying, well, we’ll go after a third party vendor that works with some of these large, and we’ll start there. And so really further to that, just where is this going?

How is this threat going to evolve from 2024 into 2025? Well, it’s about 101 billion projected by the start of 2025 spent on service providers specific to cybersecurity. There is 3.5 million open cybersecurity positions worldwide. So that’s a today’s stat, 3.5 million jobs. These are people saying, we need help with this and come work for us, whether it’s a third party or not. But that’s a lot of open positions. Premium growth is expected to increase by 21%. Now, that’s not all increases, but those choosing to take out cyber liability policies, depending on the industry, we actually, we are seeing rates stabilize some decrease depending on who they are. So it’s not all just rate increases, but premium growth overall. And they’re anticipating by the end of 2025 that the total cyber, the annual cost of cyber crime globally will be 10.5. Trillion’s a big number.

Paul Martin:

That’s a staggering number. It really is. And I mean, as someone who watches the evolution of the business community, I’m taken by just how much the IT and security industries are coming together and how they are changing. I think back three, four or five years ago, I might’ve known of one or two companies in the province, for example, or players that were kind of specialized in the cyber world, and now there’s way more of them and they’re far more sophisticated, but they’re also getting size. They’re getting the weight and scale and clout that they need to be able to take this on. So what this says to me is that the player on the negative side, the pirate, if I can use that term, they’re getting more sophisticated. They’re turning into heavyweights. And to compete with them, to actually protect yourself against them, you need to be a heavyweight on your side of the equation as well.

Colin Rooke:

And one of the best ways to actually get a handle on where you stack up is to purchase cyber liability insurance. And here’s why. Almost every single insurer now will do a third party scan or an audit, or they will monitor your system remotely included in the premium. And you think, well, there’s no free lunches. Why would they do that? Why would they monitor my system 24 7 and why would they invest? And there’s got to be a hidden fees. No, because if you are paying a premium, let’s say it’s $20,000 for 5 million in cyber liability coverage, rest assured they don’t want to pay that 5 million. So if they can invest and if they can look for abnormalities, if they can help you avoid an incident they’re going to. And so some of the best ways to get a handle of do I have a breach that I don’t know about is actually through the policy itself.

They’re very good at doing scans on the dark web to say, do I have customer data that’s leaked or email addresses or websites or web addresses linked to the business they don’t know about? And so they’re actually contrary to a lot of lines of coverage. They’re really putting in the effort, and it’s one of the best ways to actually monitor activity is to have a policy because the insurers are saying, this has to be profitable for us. I mean, we’ve got to offer the coverage, but we have to make money while we do it. And so it’s really a great way to mitigate risk.

Paul Martin:

All of this sounds quite daunting. And so if I’m a small business owner or a medium-sized business owner or someone in management is responsible for this, saying, what do I do with this? This just starts to get to where I feel like I want to crawl in a hole and pull a blanket over myself.

Colin Rooke:

Yeah, I can see there’d be an urge to just cut the internet cord and go back to handwritten checks. It is pretty scary stuff, but there’s a lot you can do, but really, if you’re putting in the work, you can do a very good job of mitigation. It’s those that are saying, we don’t matter. There’s nothing that we have that someone wants or that’s someone else’s problem. It’s big businesses problem. But I’m going to give one last shocking stat. So this is from the United States government, the National Security Agency, and so last year, 4,000 ransomware attacks per day in the us. And again, this is right from a government agency, publicly available information. I mean, that’s a scary thought. That is just in the United States, that’s not worldwide, and that’s growing.

Paul Martin:

Yeah, it really is. It’s growing. It’s scary. And if we leave people who are listening to this, if we leave them with one message is, yeah, you can deal with it, but you have to deal with it, right? You can’t ignore it. You have to actually just take it head on and people such as yourself and your organization, you can help walk them through this and explain it and give them some confidence that you can significantly improve what you’ve got right now. Just give us a call. Yeah, absolutely. You’ve been listening to Colin Rooke, the Commercial Risk Reduction Specialist with Butler Byers. I’m Paul Martin. This is Risky Business. Thanks for joining us. Talk to you next time.