EP. 27: Two Experts Debunk Some of the Biggest Myths Around Cyber Insurance
11/17/21 • 31 min
Cyber attacks are continuously evolving, and companies that don’t stay educated about the space could be caught off guard, experts say.
“A lot of times, I think cyber has this type of mentality that it’s not going to happen to me,” said Luis Gazitua, principal at JAG Insurance Group, on this episode of the Insuring Cyber Podcast.
However, that’s a misconception that businesses need to avoid as cyber losses mount, he said.
“Cyber specifically is one of those things that could take down your business,” he said. “It’s one of what I consider the biggest unknown losses.”
This is particularly true for small businesses, despite misconceptions that they won’t be targeted without as large of a footprint as bigger firms.
“Small businesses are the ultimate low hanging fruit,” he said. “It’s more likely that a cyber attack would shut them down indefinitely.”
However, many firms – especially in the small or mid-sized space – may be worried that they can’t afford cyber insurance. Earlier in this episode, Odin Olson, vice president of business development at security operations provider Arctic Wolf Networks, spoke about why he believes this is a false notion.
“Can you afford, or did you plan?” he said. “Maybe it’s a slightly different way to look at that. Can we afford things that come up within two weeks as an organization that maybe hasn’t budgeted or planned for this kind of thing? That’s painful. Can you afford if you’ve thought ahead of time and, as I mentioned just a minute ago, looked for different carriers, different options, different coverage options and that kind of thing?”
He also raised another important question.
“And can you afford not to?” he said. “I think you probably can’t afford to have a $5 million ransomware event.”
One method to ensure businesses can not only afford coverage but also will qualify for it is to get started early, he said.
“I think if you let this conversation go until you’re 30 days out or two weeks out from having to buy a new policy for the year, you’re probably out of time to qualify if you haven’t explored other carriers or brokers,” he said. “That may be one of the biggest items, which is start thinking about this now.”
This will give insureds more time to make technology decisions that are becoming primary drivers for insurers in deciding whether or not to grant coverage, he added.
“You can’t implement technology in two weeks to have the capabilities you need to get a lot of the policies these days,” he said.
For agents and brokers, education about technology and cybersecurity is equally important, he said. Whether it’s multifactor authentication, backup tools, 24/7 monitoring or privileged account management, Olson said brokers should be familiar enough with those terms to give clients at least a two-sentence explanation.
“I think that’s something that the brokers can also be doing to bring more value to their clients,” he said. “To really understand the why and what’s happening with these trends and with these technologies so they’ll be better advisors to their clients.”
According to Gazitua, however, the biggest misconception around cyber insurance is still summarized by the sentence, “It’ll never happen to me.”
“It’s not just, ‘I spent $10,000 on the best IT infrastructure,’ or, ‘I pay every month for the best malware system to protect me from a potential issue,’” he said. “But the truth is most of it is human error.”
He added that with the ongoing remote working environment due to the COVID-19 pandemic, this is even more prevalent.
“There are a lot of systems set up where it’s just human error,” he said. “It could be your kids using your laptop, right? Because how do you balance the personal and business laptop? Those things are happening. I think another big misconception is it’s not just about the system you have in place, but the human error element is never going to go away. That is the most likely reason why you’re going to have a cyber claim.”
For those still questioning whether cyber insurance is affordable or makes sense for their business, Gazitua has a word of caution.
“This is going to be something where maybe you get caught off guard,” he said. “More and more, it is going to become the norm in the next three to five years.”
Check out the rest of the episode to hear what else Odin and Luis had to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing every other Wednesday on Insurance Journal TV and Apple Podcasts along with the Insuring Cyber newsletter. Thanks for listening.
The post EP. 27: Two Experts Debunk Some of the Biggest Myths Around Cyber Insurance appeared first on Insurance Journal TV.
Cyber attacks are continuously evolving, and companies that don’t stay educated about the space could be caught off guard, experts say.
“A lot of times, I think cyber has this type of mentality that it’s not going to happen to me,” said Luis Gazitua, principal at JAG Insurance Group, on this episode of the Insuring Cyber Podcast.
However, that’s a misconception that businesses need to avoid as cyber losses mount, he said.
“Cyber specifically is one of those things that could take down your business,” he said. “It’s one of what I consider the biggest unknown losses.”
This is particularly true for small businesses, despite misconceptions that they won’t be targeted without as large of a footprint as bigger firms.
“Small businesses are the ultimate low hanging fruit,” he said. “It’s more likely that a cyber attack would shut them down indefinitely.”
However, many firms – especially in the small or mid-sized space – may be worried that they can’t afford cyber insurance. Earlier in this episode, Odin Olson, vice president of business development at security operations provider Arctic Wolf Networks, spoke about why he believes this is a false notion.
“Can you afford, or did you plan?” he said. “Maybe it’s a slightly different way to look at that. Can we afford things that come up within two weeks as an organization that maybe hasn’t budgeted or planned for this kind of thing? That’s painful. Can you afford if you’ve thought ahead of time and, as I mentioned just a minute ago, looked for different carriers, different options, different coverage options and that kind of thing?”
He also raised another important question.
“And can you afford not to?” he said. “I think you probably can’t afford to have a $5 million ransomware event.”
One method to ensure businesses can not only afford coverage but also will qualify for it is to get started early, he said.
“I think if you let this conversation go until you’re 30 days out or two weeks out from having to buy a new policy for the year, you’re probably out of time to qualify if you haven’t explored other carriers or brokers,” he said. “That may be one of the biggest items, which is start thinking about this now.”
This will give insureds more time to make technology decisions that are becoming primary drivers for insurers in deciding whether or not to grant coverage, he added.
“You can’t implement technology in two weeks to have the capabilities you need to get a lot of the policies these days,” he said.
For agents and brokers, education about technology and cybersecurity is equally important, he said. Whether it’s multifactor authentication, backup tools, 24/7 monitoring or privileged account management, Olson said brokers should be familiar enough with those terms to give clients at least a two-sentence explanation.
“I think that’s something that the brokers can also be doing to bring more value to their clients,” he said. “To really understand the why and what’s happening with these trends and with these technologies so they’ll be better advisors to their clients.”
According to Gazitua, however, the biggest misconception around cyber insurance is still summarized by the sentence, “It’ll never happen to me.”
“It’s not just, ‘I spent $10,000 on the best IT infrastructure,’ or, ‘I pay every month for the best malware system to protect me from a potential issue,’” he said. “But the truth is most of it is human error.”
He added that with the ongoing remote working environment due to the COVID-19 pandemic, this is even more prevalent.
“There are a lot of systems set up where it’s just human error,” he said. “It could be your kids using your laptop, right? Because how do you balance the personal and business laptop? Those things are happening. I think another big misconception is it’s not just about the system you have in place, but the human error element is never going to go away. That is the most likely reason why you’re going to have a cyber claim.”
For those still questioning whether cyber insurance is affordable or makes sense for their business, Gazitua has a word of caution.
“This is going to be something where maybe you get caught off guard,” he said. “More and more, it is going to become the norm in the next three to five years.”
Check out the rest of the episode to hear what else Odin and Luis had to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing every other Wednesday on Insurance Journal TV and Apple Podcasts along with the Insuring Cyber newsletter. Thanks for listening.
The post EP. 27: Two Experts Debunk Some of the Biggest Myths Around Cyber Insurance appeared first on Insurance Journal TV.
Previous Episode
EP. 26: Experts Say Cyber Risks Present ‘Significant’ Threat for Small Businesses
The idea that cyber criminals only target large companies with a wide footprint and more assets is “profoundly wrong,” experts say, as cyber attacks are becoming a growing threat for small and medium-sized firms.
“A lot of them think, ‘Well, I read about these breaches, but it’s big companies, and therefore I don’t really need to worry about it.’ And that is just profoundly wrong,” said Tom Wetzel of Thomas H. Wetzel and Associates in the latest episode of The Insuring Cyber Podcast. “They have to take it seriously, and they have to understand what their risks are going forward. They’re significant.”
According to a recent Small Business Administration survey, 88% of small business owners felt their business was vulnerable to a cyber attack. Even more alarming is that according to a recent Verizon data breach report, small businesses are the target of nearly half of all cyber attacks.
“The fact is everyone, in one way or another, is using technology or is a technology company today,” said Rob Meyer, founder and partner at Atlanta based, multi-family real estate developer Catalyst Partners, in this podcast episode. “The way we all do everyday business in the modern world makes us susceptible to risk.”
Meyer is one of TEKRiSQ’s small business clients. TEKRiSQ specializes in helping small and medium-sized businesses make improvements that minimize their technology risks, and Bill Haber, co-founder and head of business strategy, said in this episode that a lot of these firms are underserved by cybersecurity.
“We do think that cybersecurity is missing the mark, and I don’t think we’re alone,” he said. “Small businesses are sitting ducks and their trusted advisors, the insurance professionals, have got to help them move faster to solve this problem.”
This means agents selling cyber need to understand cybersecurity risks in much more detail than they do now, according to Wetzel.
“They can’t counsel clients about cybersecurity unless they understand it themselves and practice what they preach,” he said.
For insureds, however, it’s important know that insurance companies likely won’t provide coverage to a small business unless demonstrated steps are in place to protect the company, educate staff and monitor for attacks.
“One of the first questions that an insurance company’s going to ask is do you have a written plan? What happens if you have a breach? And what steps have you already taken?” he said. “Cybersecurity is now a core vulnerability for any small business. It’s something that they have to take seriously and address seriously.”
Haber agreed.
“Cyber underwriters, they deal with this every day, and they’ve started to take a pass on companies that aren’t doing the basic things they need to do to protect themselves,” he said.
However, Meyer added that this can be easier said than done for many small companies and brokers alike who are fairly new to the space.
“This is a new space for a lot of people like us, and even for our insurance broker,” he said.” I would say it’s much more prevalent than I thought it was, and that’s been eye-opening ... there are a lot of companies that have just really not addressed this, and to Bill’s point, those small and medium-sized companies are really sitting ducks right now. They’ve got to take it more seriously.”
Haber said this means hiring a trusted advisor as a third party if someone isn’t available in-house to do independent analysis, profile risks and make affordable recommendations within realistic budgets.
“It’s not something that we can cultivate in-house. It’s something that you really need to go to an expert for,” Meyer agreed. “That’s not something we ever really spent much time thinking about, but it’s going to be so important in the future for all companies to be focused on this.”
Check out the rest of this episode to find out what else Tom, Bill and Rob had to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing on Insurance Journal TV and Apple Podcasts every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.
The post EP. 26: Experts Say Cyber Risks Present ‘Significant’ Threat for Small Businesses appeared first on Insurance Journal TV.
Next Episode
EP. 28: Looking in the Rearview Mirror: Cyber Lessons Learned from 2021
The year is coming to an end and cyber insurers as well as their clients may be reflecting on lessons learned from this year’s biggest threats. However, Kurt Suhs, founder and CEO of cyber risk company Cyber Special Ops, says moving forward in the current threat landscape is an ongoing challenge.
“The thing about cyber is we want to get organizations on the road, but you will never get to your destination because the technology, the litigation, the threat landscape is changing so quickly that by the time you were actually even to model a threat landscape, you’re already going to be examining and looking at things from the rearview mirror,” he says. “So that’s the challenge, and that’s where I think organizations just need to get on that road, on that path, and move forward.”
Ransomware attacks have continued growing in scale and complexity this year as they affected businesses, hospitals, schools, local governments, critical infrastructure and even insurance companies’ own operations, and experts on this podcast episode say this cyber threat landscape will likely continue in the new year.
“I think certainly the lesson learned is that cyber attacks and the ransom malware that’s hitting so many organizations will look at your organization regardless of how large you are, what type of business you’re in and where you are geographically,” Suhs says. “So it just continues to get worse every day, and I think it will continue to do so in both frequency and severity.”
As cyber incidents become more and more unavoidable for many organizations, Vishaal Hariprasad, who goes by V8 and is the CEO of Resilience Cyber Insurance Solutions, warns that organizations need to begin planning for incidents early.
“Get more proactive,” he says.
Suhs agrees.
“People like to say it’s not if, but when,” he says. “I like to say it’s not if, it’s not when, but it’s how large.”
This means that insurers have an important job of educating clients and helping them to reduce their vulnerabilities to avoid getting exploited, Hariprasad says.
“Our companies, our clients, don’t have the specialty and time and resources to become cyber experts themselves,” he says. “The insurance world, I believe in all realms, including cyber, does a great job of clarifying what are the key items of risk that they need to address in providing the loss control and risk engineering guidance so that it’s actionable, and then providing the appropriate financial incentives, in the form of risk transfer, to incentivize the clients to adopt it.”
The key takeaway for cyber insurers and clients alike in 2022, although not necessarily hopeful, is an important one, Hariprasad adds.
“The key takeaway is the vulnerabilities will always be exploited,” he says. “It’s a continuous effort, not just a one-off where you block it and you’re done. Cyber’s going to always be a continuous cat and mouse game.”
Check out the rest of this episode to find out what else V8 and Kurt had to say, and be sure to check back for The Insuring Cyber Podcast’s first episode of 2022, publishing on Wednesday, January 19th. Thanks for listening.
The post EP. 28: Looking in the Rearview Mirror: Cyber Lessons Learned from 2021 appeared first on Insurance Journal TV.
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/insuring-cyber-podcast-insurance-journal-204156/ep-27-two-experts-debunk-some-of-the-biggest-myths-around-cyber-insura-20977495"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to ep. 27: two experts debunk some of the biggest myths around cyber insurance on goodpods" style="width: 225px" /> </a>
Copy