Morning Read: Lloyd’s MGA, CFC Underwriting, Launches Cyber Incident Response App

Welcome to the Morning Read, a daily post where I recommend and discuss a white paper, blog post, chapter of a book, or some sort of text I find useful for DFIR analysts.

Today’s morning read is a story discussing an improvement in breach notification to CFC Underwriting. The article can be found here:


It seems that each year the number of clients who I work with that have cyber insurance grows. Last year, 2016, might’ve been the first year at about 50/50 — a significant increase to only a few years before. Recognizing the growing importance, CFC Underwriting has developed a “breach notification” app, that allows customers to quickly notify CFC of a breach. This pops a flare that gets the IR team on CFC notified and involved.

I think this is a win for organizations. Other types of insurance are built to be on-demand and easily accessible (even though claims are sometimes not) — and the timing in data breaches is sometimes just as important.


I have to begin with one of my favorite quotes from this article:

“The longer it takes a policyholder to notify us that they’ve suffered a cyber incident, regardless of whether it is an extortion demand or a system outage, the more damaging the impact can be on their business,” said Anthony Hess, head of Incident Response at CFC.

I have a lot of respect for an insurance agency that realizes its place as a cog in the wheel, and how delays on their side can ultimately impact the client. Oftentimes, I’ve worked with lawyers and insurance agencies who don’t seem to have a sense of urgency, and have hurt the organization in the process.

Breach notification via an app. I’m torn on the implementation of this. I’m all for modern times — but I’m wondering the target audience that has an insurance app on their phone to report a cyber breach. Is counsel expected to load up their phone with notification apps?

Suggestions for Analysts

As I mentioned above, one of my highlights from the article was the focus on a sense of urgency in the event of a data breach — I can’t promote this enough. As you build out your incident response teams and plans, make sure that urgency is one of the top priorities.

Second, if you have cyber insurance, make sure to be aware of its limitations and offerings. I have, unfortunately, been in a few cases where the client acted as if cyber insurance was going to cover the engagement only to find out they had violated the policy and were on the hook. You buy it for a reason — understand it for the same reason.

Until tomorrow!