Information Technology

Community Linux distributions are easygoing with updates and patches. Yes, they’d like you to update, but they don’t insist on it. Now, though, the popular Linux Mint distribution has had enough of people running out-of-date distributions and programs. In the future, Mint’s Update Manager may “insist” you make important security updates.  

ZDNet Recommends

The best cyber insurance
The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.
Read More

This all started because Mint’s maintainers found many Mint users were not keeping their software up-to-date. Mint researchers found less than a third of its users updated their web browser within a week of a new version’s release, and as many as 30% of users may still be still running Linux Mint 17.x. That specific distribution hasn’t been supported since April 2019. This, in turn, meant they haven’t received security updates for close to two years. 
Yes, Linux tends to be more secure than other operating systems, but that doesn’t mean there have been no serious security bugs. For example, a decade-old sudo bug has recently been patched, and the ancient — but always troublesome — memory addressing tool set_fs() was finally removed. As lead Mint maintainer Clement “Clem” Lefebvre wrote, you must update not just because an outdated system is vulnerable, “it is known to be vulnerable.”
Besides, Update Manager doesn’t just patch Linux bugs, it also updates and patches all software on your Linux system. So, for example, when you update Linux Mint, you’re also updating the default Firefox web browser. 
It’s not like it’s hard to do either. Clem said: “Linux Mint comes with one of the best update managers available. It’s very easy to use, it’s configurable, and it shows a lot of information.” He’s right. “All you need to do is use it.”
Unfortunately, even after warning users that they need to keep their Mint systems up to date, people still aren’t doing it. 
Why? Clem explained in a note: “Many users think updates should be applied but don’t do it often, either because they haven’t gotten around to automate the process, or they thought they’d do it often but they don’t, or for some, they even got used of that little orange dot in their system tray and don’t really pay attention to it anymore. Giving these users a reminder after a while is something they might appreciate, they’re the people we’re doing this for.”

Therefore, Mint developers are working on Update Manager improvements. Besides looking for available updates, the Manager will also track cases where updates are overlooked. This will include metrics on when updates were last applied; when were packages last upgraded; and how many days have passed since a particular update was made available. 
Armed with this data, “in some cases, the Update Manager will be able to remind you to apply updates. In a few of them, it might even insist.”
The developers don’t want to get in your way. As Clem wrote, “We have key principles at Linux Mint. One of them is that this is your computer, not ours.” 
This also means that this data won’t be sent to the Linux Mint organization. Clem explained, “Under no circumstances will the data be sent anywhere.” Instead, the Update Manager only keeps the data it needs to make sure you’re at least looking at available patches. If you are, it then deletes the local data. 
At the same time, they don’t want users continuing to run potentially dangerously out-of-date setups. So, at this point, “We’re still forming strategies and deciding when and how the manager should make itself more visible so it’s too soon to speak about these aspects and get into the details which probably interest you the most here. So far we worked on making the manager smarter and giving it more information and more metrics to look at.”
Eventually, Mint may be more aggressive about insisting you secure your system, but for now, its developers are trying to strike a balance between keeping users safe and not annoying them. Stay tuned for more developments.
Related Stories: More

Image: iStock/Drazen Zigic
Once upon a time, remote work was something only tech startups considered to be an option for staff members scattered across the globe. Then a pandemic struck, forcing businesses everywhere to reconsider the possibility that allowing employees to work from home might be the only way to keep the company from failing.

According to a TechRepublic survey, 61% of businesses have gone out of their way to make remote work possible for most employees. That’s not a blip on the radar. Given that an overwhelming majority of respondents (61%) would rather work from home than in an office, it’s safe to say the remote work option is here to stay.
For employees, it’s a change in routine and locale, but for businesses, it’s much more than that — every company has far more to consider. Let’s dive into five considerations that your company must understand for a smooth and productive work-from-home experience.
SEE: Speed up your home office: How to optimize your network for remote work and learning (free PDF) (TechRepublic)
Remote office tools
No matter where your employees work, they need the right tools. When those employees are working in the office, you provide them with everything necessary to get the job done: Computers, printers, mobile devices, desks, chairs, network devices, software, white boards, and more. If you believe employees working from home should be on their own for equipment, you’re doing remote work wrong. If you’re not willing to directly pay for the tools your employees need, you should at least consider allowing them to expense those costs. But all purchases must be approved — otherwise, you’ll wind up with employees buying extravagant chairs and laptops. 
According to our survey, 56% of respondents said that their company had done a poor job of supplying the necessary hardware (computers, printers, and so on) and 52% of respondents said their company had done a poor job supplying them with the necessary office equipment (desks, chairs, etc.) to work remotely. Unless this improves, staff will either be incapable of doing their jobs with any level of productivity (at best) or they’ll burn out and quit (at worst).
At a bare minimum, your company should supply remote workers with:
A computer or laptop for work only
A printer (if needed)
All software necessary to do their jobs
A VPN (if security is a concern)
Managing burnout

Burnout is a serious issue with employees who are not accustomed to working from home. Why does this happen? The biggest reason is the inability to separate work from home. When this happens, the lines blur so much that employees can begin to feel as though they’re working 24/7/365. On top of that, people no longer get a much-needed break from family life. That one-two punch makes burnout happen faster and on a more profound level.
How do you manage this? The most important thing you can do is keep the lines of communication open. You’ll need to have someone (or multiple people) on hand to talk to staff in order to help them through these periods.
You’ll need to educate your staff to:
Create a routine such as scheduled work times that clearly define ‘work time’ and ‘home time’.
Set boundaries like, “When the office door is closed, I’m at work.”
Communicate with family — make sure your employees are doing a good job of communicating with their loved ones.
Practice self-care. Your employees will need, on some level, to learn how to take care of themselves to avoid stress.
Understand priorities so your staff always know what work takes priority and what work can be put off.
According to our survey, 78% of respondents indicated they were working from home five days a week. If those staff members don’t work smart, they’ll suffer burnout fast. Feeling like you’re ‘in the office’ day in and day out can be exhausting. To that end, you’ll need to consider allowing staff to work a flexible schedule.
Managing a flexible schedule
This one is a challenge for most businesses because nearly every company works on the assumption that business hours are universal. There’s a reason why Dolly Parton’s “9 to 5” resonates so well with a majority of the population around the world. 
However, with remote workers, the idea of a set work schedule needs to be thrown out the door. You must remember that people are working at home, which can throw a major wrench in the works. What am I talking about?
Tending to children who aren’t in school
The possibility of burnout
Family responsibilities
Less reliable networks
Equipment failure
The single most important thing to consider is that your employees do prefer to work from home, and can be even more productive working in that comfortable environment. But that improved productivity might come with a price for your company in the form of allowing for flexible schedules. 
Remember: As long as work is getting done in a timely fashion, it shouldn’t matter when it’s getting done.
Security is key
One thing your business must consider is security, and how to help your remote workers do their jobs without compromising company data. This might mean you’ll need to purchase enterprise-class VPN services for those who must transmit sensitive data from their home networks. Those employees who deal with very sensitive data might also need to be trained on how to use encryption.
Another issue that must be addressed is passwords. You probably have password policies in place for office-based staff, but you can’t enforce those policies on their home networks, which means you’ll need to train your remote workers to change all network passwords (such as those for wireless routers) to be strong and unique. Even if you also have to get those employees up to speed on using a password manager (which they should anyway), this cannot be stressed enough.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
KPIs to monitor
You need to know which Key Performance Indicators (KPIs) to monitor, and I suggest these KPIs as a good starting point.
Self-discipline: An employee’s ability to work independently.
Effective communication: An employee’s ability to communicate effectively and efficiently with teams and clients.
Learning skills: An employee’s ability to not just follow a known instruction set, but also to learn new things efficiently.
Remote vs. local tasks: Are there tasks that can or cannot be performed remotely? You must know the difference.
Accountability: Employees must learn to hold themselves accountable to get their tasks done with less supervision.
Self-discipline: Employees must be capable of staying on-task with less supervision.
Collaboration: Employees must be capable of working with other teammates efficiently via video/audio chat and email.
Availability: Managers must be available to discuss work-related matters during business hours. Although employees might work a flexible schedule, they must also be available during business hours.
Conclusion
Your company’s transition from a standard work environment to a full remote or hybrid (remote and in-house) environment doesn’t have to be a challenge. Given that nearly every business across the globe has been practically forced into this new world order, the hard part is already taken care of. With just a bit of extra planning and work, you can make this new reality not only seamless but even more productive. 
Also see More

Malaysia Airlines has suffered a data security “incident” that compromised personal information belonging to members of its frequent flyer programme, Enrich. The breach is purported to have occurred at some point during a period that spans almost a decade and involves a third-party IT service provider. 
The airline had sent out an emailer to Enrich members this week, stating it was notified of a “data security incident” at the third-party IT supplier. The breach involved “some personal data” and occurred some time between March 2010 and June 2019, it said, adding that these details included members’ name, date of birth, contact information, and various frequent flyer data such as number, status, and tier level. 

Travel data such as itineraries, reservations, ticketing, and ID card, as well as payment details were not compromised, according to Malaysia Airlines. Its own IT infrastructure or systems also were not affected, the carrier said.  
It noted that there was “no evidence” any personal data had been misused and the breach did not expose any account passwords, though, it urged Enrich members to change their passwords as a precaution. The airline also directed customers to pose any queries they might have directly via email to its data privacy officer. 
At press time, Malaysia Airlines had yet to make a public statement on the security breach or post a notice on its website. It did, however, appear to confirm the incident on Twitter in its replies to customers. 
In one of several such responses, the national carrier said: “The data security incident occurred at our third-party IT service provider and not Malaysia Airlines’ computer systems. However, the airline is monitoring any suspicious activity concerning its members’ accounts and in constant contact with the affected IT service provider to secure Enrich members’ data and investigate the incident’s scope and causes.”
It reiterated its stance that there was no indication the breach impacted any account passwords, but advised members to change their passwords as a precautionary measure. 

The airline just in January had announced plans to introduce a fare-based earning programme and new tier qualification framework for Enrich, slated to commence in April 2021. 
Singapore telco Singtel also recently suffered a data security breach that involved a third-party IT vendor, which file-sharing system had contained vulnerabilities that were unsuccessfully patched. 
RELATED COVERAGE More

Two very different forms of ransomware with different methods targeting two different operating systems likely to have started off as one kind of ransomware, before those working on it split apart, demonstrating how ransomware is constantly evolving and how new threats continue to pose a risk to potential victims.

ZDNet Recommends

Cybersecurity researchers at Intezer analysed two forms of ransomware — QNAPCrypt and SunCrypt — and have concluded that one evolved from the other.
QNAPCrypt first emerged in mid-2019 and targets network-attached storage devices running on Linux. Meanwhile. SunCrypt ransomware first appeared in October 2019 and targets Windows systems, but it didn’t really gain notoriety until attacks increased in the middle of 2020, following an update.
At first glance, QNAPCrypt and SunCrypt appear unrelated — they’re two different forms of ransomware, distributed by two different groups and they target two forms of operating system.
The two ransomware-as-a-service operations are also run in different ways, with the distributor behind QNAPCrypt rarely posting about their ransomware on underground forums.
Meanwhile, the operator behind SunCrypt appears to be purely focused on advertising their product, repeatedly posting messages to recruit affiliates in order to make as much money from receiving percentages of ransom payments as possible. The operators of SunCrypt also favour the double extortion technique, threatening to leak stolen data of victims which don’t pay ransom demands — as well as targeting hospitals.
But while it’s clear that the two campaigns are very different and operated by different individuals, analysis of both forms of ransomware reveals that QNAPCrypt and the early version SunCrypt share identical code logic for file encryption, leading researchers to conclude with “high certainty” that both forms of ransomware were compiled from the same source code.

SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)  
Researchers also identified similarities in key generation and how the code is written and deployed for checking the geographic location of the infected victim. Both QNAPCrypt and SunCrypt will cease encryption operations if running on a Belarusian, Russian or Ukrainian machine — while SunCrypt also adds Kyrgyzstan and Syria to the list.
SunCrypt has evolved since being released and is more distinct now, but the analysis of the older code makes it clear that the two forms of ransomware started life as one and the same thing — although how this ended up as two distinct variants and two different campaigns remains a mystery.
“They may have collaborated with the initial version of SunCrypt and the collaboration fell apart and they went their separate ways. Another theory is that the QNAPCrypt actor was hired to create the initial ransomware to launch the first version of the service,” Joakim Kennedy, security researcher at Intezer told ZDNet.
What the discovery of the two forms of ransomware being related does teach us, however, is that ransomware is constantly evolving and just because one family of ransomware is related to another, they don’t necessarily act in the same way — and that could be in ways which make it more dangerous.
“If a malware is exchanged, whether to an affiliate or over the dark web, then the new operators may choose different procedures, attack vectors, and targets. They might invest considerably in the new malware, adding features and evasion techniques,” said Kennedy.
Both QNAPCrypt and SunCrypt remain active in 2021, with QNAPCrypt in particular targeting systems with which haven’t had security patches applied for are secured with weak passwords. Applying the appropriate security patches and applying strong passwords — and multi-factor authentication — can go a long way towards protecting against falling victim to ransomware attacks.
MORE ON CYBERSECURITY More

Credit: Microsoft

It wouldn’t be a Microsoft event without a slew of Teams announcements. And on Day 1 of Microsoft’s virtual Ignite Spring 2021 event, officials didn’t disappoint.Microsoft announced a new channel-sharing feature coming to Teams broadly later this calendar year. Called Teams Connect, the feature will enable users to share channels with anyone — internal or external — to one’s organization. The shared channel will appear within a user’s primary Teams tenant, alongside other Teams channels. The new Teams Connect feature will be available in private preview starting today.If you’re wondering how Teams Connect compares to Teams Guest Access, it seems that with Guest Access, you can add an external user to your Teams environment, where they become a guest. With Teams Connect shared channels, multiple organizations can share a single channel that all members can then access from their own Teams environments.Channel sharing seems more suited for scenarios where multiple organizations are collaborating together on a specific project. Guest Access seems more suited to situations where an external party needs broad access to organizational data and information, above and beyond the channel.
See also: Microsoft Teams Panels wants to make your meetings easier when you’re back in the office |  Multi-account sign-in support added (sort of) | Teams Pro adds new webinar and ‘meeting intelligence’ capabilities | Outlook reminder gain a ‘join meeting’ button
Microsoft execs also said today that Teams will support end-to-end encyrption (E2EE) for one-to-one Teams calls. IT will have discretion over which users can use E2EE. E2EE for Teams 1:1 ad-hoc VoIP calls (as the feature is known officially) will be available in preview to commercial customers later in the first half of this calendar year.In addition, Microsoft is announcing officially the expected webinar capability for Teams which leaked last month under the name “Teams Pro.” Officials said today that Teams users can organize webinars for those inside and outside an organization of up to 1,000 attendees. Webinars can make use of custom registration; rich presentation options; host controls; and post-event reporting. Officials said those who want to broadcast to larger audiences (up to 20,000 people until June 30 and 10,000 after that) can switch to view-only broadcast. The webinar functionality will be included for no additional cost in many existing Microsoft 365/Office 365 business plans.Microsoft is adding to Teams a number of features that public speakers and PowerPoint jockeys will appreciate.PowerPoint Live in Microsoft Teams is all about enabling presenters to lead meetings with notes, slides, chat and participants in a single view. PowerPoint Live is available in Teams as of today. The new Presenter Mode in Teams lets users customize how their video feed and content appear to the audience. A mode called Standout shows the speaker’s video feed in front of shared content. There are also Reporter and Side-by-Side modes coming. Standout in Presenter Mode is launching this month; Reporter and Side-by-Side are “coming soon.” In addition, there is a Dynamic View which arranges elements of a meeting prioritized for an optimal video experience, officials said. Dynamic View is scheduled for rollout later this month, officials said.
At Ignite, Microsoft announced a new category of speakers called Teams Intelligent Speakers. Teams Intelligent Speakers can identify and differentiate the voices of up to 10 people talking in a Microsoft Teams Room. The speakers were created in partnership with EPOS and Yealink, officials said, two OEMs which both have devices certified as Intelligent Speakers. (Surface Hub also is considered a supported Teams Intelligent Speaker device, officials said.) Users can turn attribution on or off at any time for privacy and security reasons. And if these devices sound familiar, yes, there is/was a precedent: A conical speaker Microsoft demonstrated publicly in 2018 which could recognize multiple speakers even when their discussions overlapped.

Microsoft Ignite More

Cyberattackers behind ObliqueRAT campaigns are now disguising the Trojan in benign image files on hijacked websites. 

The ObliqueRAT Remote Access Trojan (RAT), discovered in early 2020, has been traced back to attacks against organizations in South Asia.
When first discovered, the malware was described as a “simple” RAT with the typical, core functionality of a Trojan focused on data theft — such as the ability to exfiltrate files, connect to a command-and-control (C2) server, and the ability to terminate existing processes. The malware is also able to check for any clues indicating its target is sandboxed, a common practice for cybersecurity engineers to implement in reverse-engineering malware samples. 
Since its initial discovery, ObliqueRAT has been upgraded with new technical capabilities and utilizes a wider set of initial infection vectors. In a blog post on Tuesday, Cisco Talos said a new campaign designed to deploy the RAT in the same region has changed how the malware is served on victim systems. 
Previously, Microsoft Office documents would be sent via phishing emails to a target that contained malicious macros leading to the direct deployment of ObliqueRAT. Now, however, these maldocs are directing victims to malicious websites instead — likely in a bid to circumvent email security controls. 
A technique known as steganography is in play. Steganography is used to hide code, files, images, and video content within other content of file formats, and in this case, the researchers have found .BMP files that contain malicious ObliqueRAT payloads. 
Websites that have been compromised by threat actors host these .BMP files. While the files do contain legitimate image data, executable bytes are also concealed in RGB data — and when viewed, trigger the download of a .ZIP file containing ObliqueRAT. 

According to the researchers, the malicious macros contained in the maldoc extract the archive file and deploy the Trojan on the target endpoint system. 
In total, four new versions of the malware have been recently discovered and appear to have been developed between April and November 2020. Improvements include checks for blocklisted endpoints and computer names, as well as the inclusion of the ability to extract files from external storage. A new command prompt, as of yet unassigned, also indicates that additional updates will occur in the future. 
ObliqueRAT has also been connected to campaigns distributing CrimsonRAT. There are potential links to Transparent Tribe (.PDF), a state-sponsored threat group Proofpoint says has previously attacked Indian embassies in Saudi Arabia and Kazakhstan. Due to C2 infrastructure overlaps, there may also be ties to RevengeRAT campaigns. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Google Cloud, Allianz Global Corporate and Specialty (AGCS), and Munich Re are pairing up to make cyber insurance more mainstream and embed it into cloud services.

ZDNet Recommends

The best cyber insurance
The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.
Read More

The partnership comes as it becomes increasingly clear that cyber insurance is going to play a role in enterprises of all sizes. Specifically, the trio of companies is launching the Risk Protection Program.
Also: What is cyber insurance? Everything you need to know
The Risk Protection Program aims to cut cloud security risks and offer cyber insurance designed for Google Cloud customers. What’s notable about the program is that cyber insurance, which is evolving, could become more mainstream should it be resold via technology providers.
Sunil Potti, general manager and vice president of Google Cloud Security, said that the partnership with Allianz and Munich Re has been “in the works for a few years.” Potti added that cyber insurance is an effort to turn the concept of shared responsibility of security into shared fate. “This is the first down payment on that journey,” said Potti.

Should the Google Cloud, Allianz, and Munich Re model be emulated, businesses could procure cyber insurance through enterprise software makers, security companies, web hosting firms, and other providers.
Google Cloud said that the Risk Protection Program aims to address the reality that more sensitive workloads are being housed in the public cloud. That fact also means that risk protection has to be more integrated with services. Customers, who were previously expected to create their own security models, will be able to leverage Google’s Trusted Cloud and layer in cyber insurance protection.

The parts of Risk Protection Program go like this:
Risk Manager, a diagnostic tool that enables Google Cloud customers to manage and measure risks on the platform get reporting. The Risk Manager tool is available to Google Cloud customers by request and will be prioritized for Security Command Center Premium customers in the US.
Cloud Protection +, a cyber insurance product that’s offered by AGCS and Munich Re, and designed for Google Cloud customers.
Customers would run Risk Manager and send to AGCS and Munich Re to obtain a quote for cyber insurance if eligible for Cloud Protection +. The companies’ theory is that cyber insurance procurement will be easier if integrated with Google Cloud.

A model to expand cyber insurance
AGCS said Cloud Protection + will cover cyber incidents within their own corporate environments as well as on Google Cloud.
For now, the offering is targeted at US Google Cloud users, but “this offering may be offered globally at a later date.”
Bob Parisi, head of cyber solutions at Munich Re, said that the partnership with Google Cloud will streamline applications and underwriting. Parisi added that Risk Manager will connect data to the underwriting process, but Munich Re and Allianz aren’t monitoring corporate networks in real time. “Risk Manager gives us an inside-out look at a company,” said Parisi. “We’re driving underwriting toward a more data-driven approach.”
Thomas Kang, the North American head of cyber, tech, and media at Allianz, said the goal was to make a program that was cloud-first given that’s where workloads are going.
The other moving part is that Risk Manager could gauge security posture of an enterprise over time. As a result, the more frictionless experience may improve underwriting speed as well as discounts over time.
In addition, Google Cloud also gets a bump from cyber insurance via the Allianz and Munich Re partnership. By leveraging cyber insurance partnerships, it can target more regulated industries such as financial services and healthcare. Allianz and Munich Re will share the coverage 50/50.  
Bottom line: The Google Cloud alliance with Allianz and Munich Re may provide a blueprint for other cloud and tech services providers to emulate. You can expect similar bundles going forward aimed at enterprises of all sizes. More

Cyber insurance is quickly becoming a must-have amid cybercrime, ransomware, and daily threats. The problem is that wading through insurers is a bit daunting. With that in mind, I went shopping. 
For large enterprises, cyber policies are increasing the cost of doing business. Large firms such as Equifax, Marriott, and SolarWinds all had coverage to cushion the hit from high-profile data breaches. Smaller enterprises may not have the coverage.
Also: What is cyber insurance? Everything you need to know
I have a few working theories about the cyber insurance market.
This year — 2021 — will be the year that cyber insurance evolves significantly. It’s possible that cyber insurance will be required for businesses much like home and auto.
The market is dominated by massive insurers targeting large enterprises, but there will be segments of the marketing targeting mid-sized and smaller businesses.
Cyber insurance could be part of a cloud services stack. For instance, Google Cloud’s partnership with Munich Re and Allianz is a start, but cyber insurance could be resold by cloud providers, web hosting, and other parts of the business technology stack.
While cyber insurance may become part of a tech bundle or at least easier to acquire, there will be multiple players gunning for policies in a fragmented market. Reportlinker projects that cyber insurance will be a $70.6 billion global market in 2030, up $5.6 billion in 2019.
In any case, cyber insurance scouting needs to commence for businesses. According to the National Association of Insurance Commissioners (NAIC), the top 20 cyber insurance providers accounted for 92% of the market in the US.

Features risk mitigation tools

According to NAIC, AXA is the cyber insurance market share leader based on standalone policies. AXA’s cyber insurance covers North America and writes policies for data breach response and crisis management, privacy and security liability, business interruption, data recovery, cyber extortion and ransomware, and PCI among others.
AXA also provides risk mitigation resources via partners and an online service called CyberRiskConnect. Here’s a sample policy. 
View Now at Axa cyber insurance

Three flavors of cyber insurance

AIG’s cyber insurance can be standalone or added to an existing policy as an endorsement. AIG also offers three cyber insurance products.
CyberEdge, which covers the financial costs due to a breach as well as first-party costs.
CyberEdge Plus to cover physical world losses caused by a cyber event including business interruption and property damages.
CyberEdge PC, which can be added to traditional property and casualty policies.
AIG also offers threat scoring and analytics as well as tools to prevent attacks. AIG has a network of vendors to restore and recover, too.
View Now at AIG cyber insurance

Options for SMBs too

Travelers takes a broader approach to cyber insurance, with plans designed to mitigate risks for companies of all sizes. The insurer has cyber insurance plans for technology companies, public entities, and SMBs.
The company bundles pre- and post-breach services provided by Symantec and a hub to evaluate risks. 
Travelers policies fall into these categories:

View Now at Travelers cyber insurance

Big in cyber insurance

Compared to the big insurers, Beazley isn’t a household name, but NAIC rates the firm No. 4 with 11.2% market share just behind Travelers.
Beazley’s headliner is Beazley Breach Response, which is a customized policy based on a company’s situation. Beazley claims to be the “world’s best designed cyber insurance solution.” Beazley also covers breach response services for up to five million people. 
For companies in specific industries, Beazley looks like an option. Beazley counts healthcare, higher education, hospitality, financial services, and retail as target industries. 
View Now at Beazley cyber insurance

Partnership with Google Cloud

Allianz provides cyber insurance on a standalone basis but is now partnered with Google Cloud along with Munich Re under a program called Cloud Protection +. The pairing is likely to move Allianz as well as partner Munich Re up the cyber insurance rankings. 
View Now at Allianz cyber insurance

Targeting the mid-market companies

While the big-name insurers are going after the large enterprises, midmarket companies may gravitate toward a specialist. Midmarket companies often have their own tech providers since they are often ignored by large enterprise vendors.
Cyber insurance companies may also shortchange the midmarket. Resilience offers cyber insurance with a few interesting perks. First, it combines insurance and expertise like the large players. And, second, Resilience includes a program where customers can earn credit to put toward security services and products.
View Now at Resilience cyber insurance

Specializes in small businesses

Hiscox specializes in cyber insurance for small businesses. The firm is also spending heavily on marketing but is worth a look. The company offers a training academy to shore up small business defenses, or what it calls the “human firewall.”
According to Hiscox, its cyber insurance covers lost business revenue and data recovery costs, money lost to phishing, defense against fines and privacy lawsuits, and breach response. The Hiscox policies also include digital media upgrades. It doesn’t cover criminal action, fund transfer, infrastructure interruption, and prior acts of knowledge.
View Now at Hiscox cyber insurance
More notable providers
There is a bevy of other providers — and many insurers offer cyber insurance as part of a broader package of business offerings. Among those that looked interesting:

ZDNet Recommends More