Estimated reading time: 5 minutes
At this week’s PLUS Cyber Symposium in New York City, I sat down with John Menefee, Enterprise Cyber Lead at Travelers, for a wide-ranging discussion about cyber risk, cybercrime incentives, and the role of cyber liability insurance. Our conversation covered the evolution of cyber threats, how attackers choose targets, and why cyber liability insurance is now essential for modern risk management. We also discussed challenges in small-business adoption and insurers’ growing role in prevention.
The Evolution Of Cybercrime
Menefee began by explaining how cybercrime has changed over the past decade. Early attacks focused on stealing payment card data. Criminals monetized that information easily.
But technology changed the landscape.
“The barriers to entry for ransomware and social engineering fraud are already pretty low,” Menefee said. “With AI, it’s almost non-existent.”
He noted that improvements like chip-and-pin technology made payment card theft less profitable. Criminal groups quickly adapted.
They shifted toward ransomware, business email compromise, and social engineering schemes.
According to Menefee, cybercrime follows the same logic as any other business.
“Until social engineering fraud is no longer profitable, until ransomware stops working, until people aren’t paying ransoms, they have no incentive to change the way that they do things, they’re going to keep doing the things that make the money that’s easy for them to do.”
How Threat Actors Choose Targets
Cybercriminals rarely target industries. They target vulnerabilities.
Menefee explained that attackers scan the internet for vulnerable targets. When cybercriminals find one, they strike.
“If I’m a threat actor and I have an attack that works, and I’m doing my scan on the internet and I find they’ve got the thing that my attack works against, I’m going to target them,” Menefee said. “It could be a school, a city, a hospital, a manufacturer. It doesn’t matter.”
Take a read of our write up on this week’s PLUS Cyber Symposium
Cyber Liability Insurance: Key Takeaways From PLUS Cyber Symposium
Cybercrime is opportunistic.
Organizations become targets because of exposed systems, outdated software, or missing security controls.
This dynamic creates constant risk for companies of all sizes.
The Role Of Data And Intelligence In Cyber Liability Insurance
Menefee said cyber insurers increasingly rely on claims data and threat intelligence.
That information helps insurers detect patterns and warn customers about emerging risks.
Travelers analyzes thousands of policyholders across its portfolio. The company searches for the same vulnerabilities that criminals look for.
If a risky technology appears in customer networks, Travelers alerts those policyholders.
Insurers can tell them they are in the crosshairs.
“We know what the bad guys are targeting,” Menefee said. “We can reach out to customers and get them to update. Let’s make sure they’ve got MFA and notify them that they’re in the crosshairs.”
This proactive approach reflects a broader shift in cyber liability insurance.
The industry is moving beyond simple risk transfer.
Check Out Our Podcast – AI RISK ARE YOU READY?
From Risk Transfer To Risk Prevention
Cyber liability insurance once focused primarily on financial recovery after an attack.
Today, it increasingly emphasizes prevention.
Menefee said insurers now offer a range of cybersecurity services. These include employee training, penetration testing, and expert consultation.
The goal is to reduce the likelihood of an incident.
“Avoid the claim in the first place,” Menefee said. “Take advantage of the services the carriers are offering.”
This model benefits both insurers and policyholders. Preventing attacks is far cheaper than responding to them.
The Small Business Cyber Insurance Gap
One of the most significant challenges in the cyber insurance market involves small businesses.
Menefee said many small companies believe they already have cyber coverage through general liability or property insurance.
Often, that coverage is minimal or nonexistent.
“We definitely see it as a growth area,” Menefee said. “I think that there’s a lot of opportunity there to educate those customers on the benefits of coverage. think a lot of those customers think that they have more cyber coverage than they actually do.”
Get the Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Small businesses face real cyber risk. Yet many lack awareness or resources.
Insurers and brokers now focus heavily on education.
The industry is also working to simplify the buying process. Faster quotes and automated underwriting systems make it easier to obtain coverage.
The Future Of Cyber Liability Insurance
Menefee believes standalone cyber policies will remain a core product. However, cyber coverage may also appear embedded in other insurance offerings. That could help expand adoption across industries.
“If that opens up new markets, if it breaks down barriers to entrants that maybe otherwise wouldn’t purchase. I do think that there’s room for innovation in terms of where cyber can be offered, and we’re probably just scratching the surface.”
For Menefee, the reality is simple.
Cyber risk continues to grow. Digital systems run modern economies. Organizations must protect themselves.
Cyber liability insurance will remain a key part of that defense.
Related Cyber Liability Insurance Posts
- Cyber Liability Insurance: Key Takeaways From PLUS Cyber Symposium
- Who Bears Responsibility For AI Risk When Agents Can Email, Execute, And Exfiltrate?
- Retail Ransomware Demands Double to $2M — Why Ransomware Cyber Insurance Matters Now
- Personal Cybersecurity: 7 Powerful Ways to Stay Safe and Confident Online
- Non-Human Identity Sprawl Is a Cyber Liability Insurance Problem Now
