By rssfeeds-admin 
Related: Major breaches of insurance companies
Groups
A breach at an insurer does not just disrupt internal systems. It reverberates: rattling policyholders, triggering regulatory scrutiny, and unsettling partners across the risk-transfer chain. What begins as a cyber incident quickly escalates into a business crisis.
That is why the conversation in insurance circles is shifting from prevention to orchestration. Companies need a secure workspace to manage a crisis, playbooks that work under duress, and the ability to coordinate across legal, compliance, regulators, and the board.
Major providers such as AIG, Marsh, Beazley, and QBE have already validated CYGNVS as a trusted partner in this space. Founded in 2020, the startup has grown rapidly, serving thousands of organizations in 70+ countries. Its “Prepare, Practice, Respond, Report” framework is designed to turn static IR binders into guided, mobile workflows, complete with audit trails insurers and regulators demand.
Last Watchdog recently sat down with Arvind Parthasarathi, CEO and founder of CYGNVS, to explore what this shift means for insurers, enterprises, and the broader cyber economy.
LW: Why have insurers themselves become prime targets for cybercriminals?
Parthasarathi: Insurers hold something uniquely valuable: policy data. If attackers compromise an insurance carrier and get access to client lists and coverage limits, the attackers effectively have a hunting list. They learn who is insured, for how much, and against which losses. That intelligence lets them calibrate ransom demands and sequence attacks across an insurer’s book of business. A single breach can introduce aggregate risk, undermining the basic actuarial premise that not every client will suffer an event at the same time and potentially creating a systemic issue for the broader cyber insurance market.
At the same time, threat actors go after an organization’s ability to fight back. One of their first moves is often to target single sign-on (SSO), Active Directory, conferencing, and email — the very collaboration systems teams rely on to organize a response. Once those channels are compromised, attackers can watch, anticipate, and counter response steps in real time.
LW: Why can’t incident response be treated as an IT function anymore?
Parthasarathi: Cyber risk cannot be driven to zero. So like any other risk, like currency fluctuations or hurricane exposure, it has to be managed. That shifts the discussion from tools to governance: what risks do we accept, what do we transfer, and how will we respond when — not if — something happens? That becomes a board-level issue. We’re seeing regulators expecting boards to take increasing responsibility for with disclosures around oversight and material incidents.
Parthasarthi
Operationally, a breach response now involves every function. Marketing may draft a press statement. Sales and customer success have to notify and support clients. General counsel and outside counsel coordinate regulatory filings and notifications. Security and IT remain central, but the response becomes a cross-functional business process that demands planning, preparation, and practice. In insurance and financial services — where risk is the business — that expectation is even sharper.
LW: What does crisis management in a secure workspace look like, and why does it matter?
Parthasarathi: In a live incident, adversaries may already have visibility into the corporate network and the tools people instinctively reach for: email, chat, document shares, conferencing, even SSO. We have seen scenarios where a response team convenes a call, outlines next steps, and the attacker immediately counters because they are actually on the call. When the adversary can listen, watch, and be part of the response process, it becomes very difficult to respond successfully.
That’s why you need an out-of-band, separated environment, almost like a bunker or hurricane shelter, that is not tied to corporate SSO, email, or identity stores. It is where the right people can gather safely to assess facts, assign work, and execute decisions. Increasingly, organizations keep their playbooks, stakeholder contact lists, and regulatory notification templates there. Then they bring in the participants involved in the response: IT and security, business users like executives, legal, and communications, and also external providers such as forensics and outside counsel. Planning, practice, response, and reporting all happen in one place and adversaries are locked out.
LW: Insurers face heavier regulatory obligations than most industries. How do you preserve privilege and keep reporting accurate as facts change?
Parthasarathi: Chaos is a common theme in incident response. The people involved and workstreams can change hour by hour. To preserve legal privilege, access has to be tightly controlled: who can see what, when is a tightly controlled process by General Counsel and Outside Counsel. CYGNVS lets organizations translate playbooks into role-based workflows, set access levels, and then map real people into those roles as the incident unfolds. The platform maintains audit logs that a regulator or court can review to confirm that privileged workstreams stayed restricted.
Reporting is also challenging. Every regulator wants slightly different information. And timelines vary: some regulators expect notice within 12 hours, others within 24 or 72 hours. The facts at hour 12 may differ from what you learn at hour 36. A single pane of glass helps teams capture the current state across all appropriate workstreams; reconcile differences; and confidently complete required submissions. For carriers and financial institutions, that is essential to meeting obligations without compounding risk.
LW: You use a submarine analogy for readiness. What does constant drilling look like here?
Parthasarathi: Submarine crews drill daily and that continuous exercising builds the muscle memory for a real event.
Many companies have incident response plans – it’s a regulatory requirement, but these plans are long, outdated, or written by people who have moved on. This lack of familiarity and understanding by response teams makes tabletop exercises too often turn into a check-the-box type discussion without any real value to the organization.
So there’s real opportunity to build that muscle memory. CYGNVS converts static plans into guided workflows and lets teams practice in situ — in the same environment they will use during a real event. People discover where they stumble: finding the right playbook, logging in, pulling the correct customer list, or routing a draft through legal fast enough. Rehearsing inside the actual technology makes the exercise more engaging, more realistic, and easier to recall under stress. I like to call it Train Where You Fight.
LW: How have insurers shaped the platform itself?
Parthasarathi: Insurance industry leaders bring a vantage point few others have. Major incidents are not a daily occurrence for most organizations, but on any given day insurers may be helping dozens of clients through active incidents; over years, they accumulate insights from tens of thousands of claims. That experience also surfaces edge cases – and incident response is all about edge case management.
I liken it to building sprinklers. The insurance industry had the data to prove building sprinklers reduced harm, and they used it to drive adoption. Similarly, our insurance partners know what works. Their insights and lessons learned help us shape CYGNVS — ensuring customers get a robust and hardened platform.
LW: Looking ahead, how will insurance shape resilience standards across industries?
Parthasarathi: The insurance industry is in a unique position to shape resilience because of the breadth of information it touches. They’re not only involved when a claim is filed – which is the reaction to an incident – but they also see policy submissions and renewals across thousands of clients. That gives them a longitudinal view and the ability to spot patterns others might miss.
Cyber risk isn’t something you solve once and for all. Threats evolve, and what mattered two years ago may be irrelevant today. And it’s not just incident types — ransomware, insider fraud, data breaches — but combinations of industry and geography. It’s almost a chessboard view: data breach for a healthcare organization in Germany is different from ransomware for a retailer in the US.
That level of pattern recognition is where insurers bring real value. Insurers can act as a fulcrum to help industries move from one set of adversary tactics to the next, feeding those insights back to organizations so resilience evolves in step.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)
The post SHARED INTEL Q&A: Cyber insurance breaches expose resilience gap and need for orchestration first appeared on The Last Watchdog.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.