Paragon Blog

2021 March

Cyber insurance market update…..and six top tips

Posted by | News | No Comments

Cyber-attacks are never out of the press these days. And whilst these stories were previously confined to the insurance or IT publications, the mainstream media now heavily report these matters as more and more companies find themselves the target of hackers. The coronavirus pandemic has also brought an increase in the frequency and severity of ransom demands, as well as further dislocation in the cyber insurance market.


  • Increased number of hackers and a heightened sophistication of hackers operating, including “hacking as a service” whereby those with the knowledge and means to do so “sell” their services to clients.
  • The increase in successful ransom attacks encourages the hackers to launch further attacks and be bolder with their targets.
  • The pandemic has exponentially increased the number of individuals working remotely. This significantly increases a networks “surface” and potential vulnerabilities in the network.
  • Significant volumes of emails flowing in and out of any organization will create an increased vulnerability of an attack. Sectors who rely heavily on email to conduct business (e.g. law firms) are at an even greater risk of attack.
  • For some businesses, the need and desire to quickly establish remote working capabilities for their staff in Q1 2020 may have come at the cost of network security.


  • The “spray and pray” tactics of yesteryear did not differentiate their targets. A hacker would attack as many targets as possible, hoping someone would “bite”. Ransom demands were small ($5,000-$10,000) and the same for all targets.
  • Hackers now operate in a far more targeted way – they know who they are attacking, their financial means and (in one case we are aware of) the limit of their cyber insurance policy (the hacker was able to view the insured’s cyber policy details before bringing their network down).
  • It is no longer just about the data that an organization is holding, but also about their reliance on their network to do business. Historically we have seen many ransom attacks purely encrypting the network and providing the decryption keys once their demands are met. Now a new trend has emerged where hackers will look to exfiltrate the data as well as encrypt the network – threatening to post this data on the dark web if the ransom demand is not met. So, if your business is reliant on data or an IT network, or in many cases both, you are of interest to cyber hackers.
  • We understand the largest ransom demand paid by insurers is circa $40 million. We have seen ransom demands against our own clients running into the millions of dollars and this does not take into account the additional first party expenses, business interruption costs and extra expenses that are incurred during and post the ransom event.

What can firms do to protect themselves? There is no such thing as 100% secure when it comes to cyber security. The recent SolarWinds & Microsoft Exchange Server breaches demonstrates that a well-resourced hacker can hack any system, including the US government. However, there are some core cyber risk management tools that every organization should consider.

  1. Email controls & security – first line of defense against ransomware events. Use of an email filtering gateway, DKIM, SPF and DMARC will reduce (but not eliminate) the threat posed hackers.
  2. Multi-Factor Authentication (MFA), especially for all remote access, critical applications, back-ups and privileged accounts.
  3. Utilize an endpoint detection and response tool – in the current environment, endpoint protection alone is no longer good enough. Insurers will want to see firms use endpoint detection and response tools before offering terms.
  4. Secure back-ups – increasingly back-ups are also encrypted by the hackers. Secure back-ups are essential – segregated from the network, offline, backed up on to tapes, access via MFA. And test the back-ups frequently.
  5. Training – one of the weak links in most companies’ defense to hackers is their people. So, train and test all people with connectivity to the network in information security awareness, especially phishing threats running regular phishing campaigns. Share results. Give feedback. And continue to train/educate your people.
  6. Maintain good cyber security hygiene – no unsupported software/systems within the network, regular patching, monitoring and logging of access and suspicious activity, have separate credentials for privileged access, limit local administration rights access and employ a strong password policy, with an enhanced version for employees with administration rights.

When it comes to cyber insurance, subject to the terms and conditions of your policy, the ransom payment can be covered. More importantly, the IT/forensics vendor and specialized extortion vendor, in some cases, that comes with the policy will be able to provide support to the firm. They can:

  • Make efforts to assess whether the extortionist has access to what they say they do.
  • Make efforts to assess backups (or other control) in place to understand if the affected network can be restored via backups with minimal disruption to the business, thus not having to pay the ransom.
  • Communicate with the extortionist to try to negotiate the demand down and to determine whether the decryption key is likely to work – vendors often deal with the same hacking group on a daily basis, so become acquainted with their tactics.
  • Make efforts to determine whether the payment is being sent to a sanctioned territory or actor, a requirement under OFAC.
  • Make the payment of the final negotiated demand via cryptocurrency to preserve the firm’s anonymity in the event it was not a targeted attack. The vendor typically has access to cryptocurrency accounts which can help get payment made quickly (these events have very short fuses).

The cyber market is hardening at rapid pace. However, for risks that can demonstrate strong cyber security controls there is still a lot of capacity available, albeit at increased rates (20-50%) and sometimes increased retentions. If firms cannot demonstrate strong controls then a combination of higher premium, increased retentions, sub limits, no ransomware cover, lower capacity offered and, in some cases, declinations from insurers (renewal and new markets) should be expected. Paragon has a team of expert cyber insurance professionals who can help insureds through the renewal process and obtain the best terms and coverage available from the market.


James Noon

Senior Vice President

E: D:  +44 (0)207 280 8242

M: +44 (0)771 867 0599

Financial guarantees – are you at risk?

Posted by | Article, Blog, Clients Feedback, Latest News | No Comments

In April 2020, the Gazette carried an article titled “Many high street law firms face collapse, research suggests”.  The article quoted “alarming” Law Society research suggesting that thousands of firms might shut due to the Covid-19 crisis.  Although clearly aimed at lobbying the government for help, the study and publicity it gained reached a far wider audience.

I’m happy to say that the Law Society’s predictions have not materialised. From personal experience, our clients have shown remarkable resilience in adopting new working practices and weathering the financial challenges that the pandemic has ushered, but looking at the research contemporaneously, it’s unsurprising that it started alarm bells ringing.

Due to its commercial sensitivity, insurers are reluctant to publish results relating to individual business lines. Still, it’s a poorly kept secret that firms in run-off represent a challenge in terms of unpaid premium and excesses.  Faced with a prediction of unprecedented numbers of firms closing, it’s hardly unexpected that some insurers sought to secure payments by using personal guarantees from the partners.

For the benefit of those readers who have not been asked to provide personal guarantees, the situation is pretty straightforward.  Partners jointly or severally undertake to pay all monies due under the insurance policy, whether they are premium or excesses.  Given that run-off premiums alone are around 300% of the annual trading premium figure, the sums involved can be substantial.

For most insurers requiring guarantees, a separate undertaking document is prepared by the insurer for signature by the partner(s).  We are, however, aware that not all insurers’ positions are as clear cut.  Rather than using a separate undertaking, some insurers have inserted personal guarantees into their general policy conditions.  Where this is the case, we would expect the firm’s insurance broker to highlight the position so that the partners can evaluate the potential impact on their personal finances.

Although it’s easy to understand why insurers might adopt guarantees to protect themselves, especially as, under the Minimum Terms & Conditions, the policy is non-cancellable; guarantees are a blunt instrument.  Whether underwriters’ motivation is to secure payments or act as a moral litmus test for the firm, it’s my view that if an insurer has fundamental concerns regarding a firm’s finances, it should decline to quote.

If your insurer requires a separate guarantee, you’ll be all too familiar with this issue.  If, on the other hand, your insurer relies on guarantees embedded in its policy conditions, your broker should have specifically alerted you to the wording.  In the absence of such an alert, it’s unlikely that your insurers require a guarantee, but it’s well worth asking the question.  Alternatively, we’ll be happy to review your quotation for you; if you’d like to take  up this offer, please don’t hesitate to contact me.

Janine Parker
Partner and Head of UK Professions

CONTACT US – For more information about Paragon, our tailored indemnity solutions and specialist risk management services, please contact:

Janine Parker


T  +44 (0)20 7280 8207

M  +44 (0)7920 516303

Ryan Senior


T  +44 (0)20 7280 8254

M  +44 (0)7827 575 652

This article is published without responsibility on the part of the author or publishers for any loss occasioned by any person acting or refraining from action as a result of any views expressed in the article. Specific risk management advice requires detailed knowledge and analysis of firm and practice area facts relating to the risk. The information included in this article cannot and does not attempt to satisfy this requirement for any of its readers.

Copyright ©2021 Paragon International Insurance Brokers Ltd is authorised and regulated by the Financial Conduct Authority.Registered in England & Wales, Company No: 03215272. VAT Registration No: 685151130
Paragon Brokers (Bermuda) Ltd is authorised & regulated by the Bermuda Monetary Authority.Registered in Bermuda, Company No: 33838.