“We are an insurance and risk management consulting firm, not an agent or broker. We don’t sell insurance. We provide advice on how to handle risk to our clients. That is oftentimes an insurance product, but not always, there are a lot of ways to handle risk. So that’s what we talk with our clients about without actually selling them a product.”
You’re not our typical guest of an IT geek, but you definitely deal with risk. So why is security important?
It’s not only important for us to safeguard our own data, but it’s important to our clients as well that their data be properly protected. Without proper security, it increases our clients’ risk, and cyber insurance can become pretty costly or might not even be available if our clients don’t adequately secure their data.
How do you stay on top of the latest security threats?
We read everything we can on the topic, and we subscribe to a lot of publications and blogs, seminars are great – those are often very timely with the latest threats that are out there. Most of those, of course, is virtual today. We try and stay ahead of the changes, but as you know, it’s a challenge.
How quickly is cybersecurity insurance changing?
It depends on the insurance company, some companies are more flexible, more able to respond, and quicker than others. With some of the larger companies, sometimes it takes a while. And there are governmental constraints on the use of policy forms so that sometimes adds time. We don’t always get the response we want from insurance carriers as quickly as we’d like.
How do you address security awareness training for your clients?
It’s kind of interesting that no two insurance policies with different insurance carriers are exactly alike. So one of the steps, of course in the insurance process is to complete the application. What we find is that once the client works through the questions on the application with their IT department, and some of these applications can be pretty lengthy, we help them evaluate their answers, and how those answers will impact the coverage and maybe the price. In more than one case, we’ve advised clients to actually bring in an expert like you guys, to work with the clients, improve the security and then reapply for the insurance. Because one of the things we don’t want for our clients is for them to have a record of being declined for cyber insurance or any other kind of insurance for that matter. That red flag can stay on the record for a number of years. Then once they have the improvements in place, we have them complete the application again, which oftentimes, results in a more positive response to those questions on the application. Then we have them obtain cyber insurance that meets their needs. From there, it can often be at an affordable price and an affordable deductible. Pricing has gone down significantly over the 15 to 20 years that cyber insurance has been around.