Person 1 : Good afternoon, everyone. It is about two o’clock on the dot, so I think we should get started. I’m Andy Hartstein. 2 00:00:12.660 –> 00:00:14.600 I’m one of the principals here at the insurance market, 3 00:00:14.600 –> 00:00:19.080 and I wanted to take a minute and welcome everybody to our latest installment of 4 00:00:19.100 –> 00:00:23.960 our Risk Academy series. Topic of the day is gonna be cyber liability. Uh, 5 00:00:24.030 –> 00:00:28.920 obviously this is a very important topic, a very fluid topic in our space. Uh, 6 00:00:28.920 –> 00:00:29.753 very timely, 7 00:00:29.900 –> 00:00:34.440 lot of changes happening in our world when it comes to cyber attacks and cyber 8 00:00:34.440 –> 00:00:39.040 insurance. Um, so we have two subject matter experts joining us today, 9 00:00:39.300 –> 00:00:43.640 and I want to thank all of you for jumping online, uh, and joining us as well. 10 00:00:44.450 –> 00:00:49.070 Uh, just a couple housekeeping topics. This will be recorded, so, um, 11 00:00:49.070 –> 00:00:52.590 we will have the ability and you will have the ability to go back onto our newly 12 00:00:52.590 –> 00:00:54.230 developed website to, uh, 13 00:00:54.230 –> 00:00:58.950 pull some of the material if you wanna watch it again at a later date. Also, um, 14 00:00:59.010 –> 00:01:03.390 on our website, we’ll be an I Q R M specific too. 15 00:01:03.640 –> 00:01:08.510 Cyber liability for those folks that have not taken an I Q R M or been a part of 16 00:01:08.510 –> 00:01:11.990 an I Q R M in the past. Um, basically what it is, 17 00:01:11.990 –> 00:01:14.510 is a quantifiable risk assessment tool. 18 00:01:14.890 –> 00:01:17.390 You answer a variety of questions on the given topic, 19 00:01:17.390 –> 00:01:20.510 could be between 15 and 25 questions. 20 00:01:20.930 –> 00:01:25.750 We take those questions and then develop a score for your organization based 21 00:01:25.750 –> 00:01:29.710 on how well you’re doing in a certain topic. There is one on cyber liability. 22 00:01:29.710 –> 00:01:34.430 There’s also IQs on fleet management, on sexual harassment training, 23 00:01:34.650 –> 00:01:37.670 on general liability workers’ compensation related topics. 24 00:01:38.410 –> 00:01:39.510 And then a score is produced. 25 00:01:39.660 –> 00:01:43.070 Once that score is produced accompanying it is also a report. 26 00:01:43.370 –> 00:01:48.190 And we can use that report and that score to be conversation starters and to 27 00:01:48.190 –> 00:01:53.070 look at areas of potential improvement within the organization in hopes to 28 00:01:53.070 –> 00:01:54.110 drive your score up. 29 00:01:54.380 –> 00:01:58.070 It’s very difficult at times for us to know exactly how well an organization is 30 00:01:58.070 –> 00:02:02.630 doing it. Something the I Q R M does its best job it can to put a score, 31 00:02:03.010 –> 00:02:06.630 uh, to your current performance, right? So that is available on our website. 32 00:02:06.890 –> 00:02:10.550 We just recently launched a new website. It’s still the same address. 33 00:02:10.550 –> 00:02:15.070 Insurance choices.com website has been totally revamped in all of our 34 00:02:15.450 –> 00:02:18.030 IQ rms are fully embedded into the website. 35 00:02:18.210 –> 00:02:19.990 So when we get done with this Risk Academy, 36 00:02:20.010 –> 00:02:22.070 if you wanna jump online and take that, 37 00:02:22.170 –> 00:02:25.270 the score will come directly to us here at the insurance market, 38 00:02:25.490 –> 00:02:29.430 and then we can be in contact with you to go over the report and share your 39 00:02:29.430 –> 00:02:33.950 score with you. All right, the other thing I wanted to mention is that, uh, 40 00:02:34.550 –> 00:02:38.430 questions can be answered at any time through or ask, excuse me, 41 00:02:38.430 –> 00:02:40.670 at any time throughout the entire Risk Academy. 42 00:02:41.170 –> 00:02:44.310 If you hover over the bottom of your screen, there is a chat functionality, 43 00:02:44.610 –> 00:02:47.350 please just type your question into the chat bar. 44 00:02:48.070 –> 00:02:51.350 Somebody can interrupt me at any time, and we can ask the question, uh, 45 00:02:51.490 –> 00:02:55.790 at the time that it’s actually posed. Please don’t wait till the end, uh, 46 00:02:55.790 –> 00:02:57.350 to ask a question. You might forget it. 47 00:02:57.350 –> 00:02:59.860 You might have to jump off for whatever reason. Um, 48 00:02:59.860 –> 00:03:04.180 so feel free to ask that question at the time that you think of it, 49 00:03:04.320 –> 00:03:07.620 and we will address it right then so we can make sure to get your question 50 00:03:08.060 –> 00:03:12.290 answered for you. Uh, with that, uh, one more, one more thing. This is, uh, 51 00:03:12.350 –> 00:03:15.410 for anybody that hasn’t been a part of our Risk Academy series, 52 00:03:15.790 –> 00:03:19.810 our hope with this is just to bring education and content, um, 53 00:03:19.830 –> 00:03:23.370 to our customers and our prospective customers about given topics. 54 00:03:24.180 –> 00:03:26.330 There are things changing in our space all the time. 55 00:03:26.380 –> 00:03:29.650 We’ve done risk academies historically on sexual harassment training. 56 00:03:29.660 –> 00:03:33.130 We’ve done them on medical marijuana in the workplace, right? 57 00:03:33.400 –> 00:03:37.890 This one in particular is on cyber reliability. And our goal whenever we, 58 00:03:38.350 –> 00:03:43.330 uh, produce these risk academies is to bring in two subject matter experts from 59 00:03:43.570 –> 00:03:45.250 wherever they are in the country, um, 60 00:03:45.270 –> 00:03:48.850 and get their opinions and get their insight. Today is no different. 61 00:03:48.850 –> 00:03:51.850 And I’m happy to say that we have two of the best in the business that are gonna 62 00:03:51.850 –> 00:03:55.770 be joining us today. So without further ado, I’ll go through some introductions, 63 00:03:55.790 –> 00:03:58.410 if that’s okay. Uh, we have Cynthia Zimmerman. 64 00:03:58.410 –> 00:04:02.050 She’s coming to us today from Melbourne Beach, Florida. Uh, 65 00:04:02.090 –> 00:04:05.610 I know it’s pretty warm here. I’m sure it’s warm where you are as well, Cynthia. 66 00:04:06.510 –> 00:04:06.730 Um, 67 00:04:06.730 –> 00:04:10.650 Cynthia is the Executive Vice President of Associates and Insurance Services. 68 00:04:11.030 –> 00:04:12.970 As I mentioned, she’s now just outside of Miami. 69 00:04:13.920 –> 00:04:17.540 She is the East Coast practice leader for them. Um, 70 00:04:17.560 –> 00:04:21.780 she was one of the first 100 registered professional liability underwriters and 71 00:04:21.780 –> 00:04:26.180 is a longtime member of the Professional Liability Underwriting Society. Um, 72 00:04:26.180 –> 00:04:28.660 and she holds a position of the, in their Southeast chapter, 73 00:04:29.320 –> 00:04:33.420 she specializes in cyber liability, professional, e and o, 74 00:04:33.420 –> 00:04:38.180 medical malpractice directors and officers, employment practices, liability, 75 00:04:38.370 –> 00:04:42.900 also another hot button topic, crime and media liability. So, Cynthia, 76 00:04:42.950 –> 00:04:43.940 thank you for joining us. 77 00:04:44.800 –> 00:04:46.020 You’re very welcome. Thank you. 78 00:04:46.960 –> 00:04:51.560 One of Cynthia’s, uh, coworkers and members of her team as well is Brett Klein. 79 00:04:51.580 –> 00:04:56.200 He is not in southern Florida. He is coming to us from Glastonbury, Connecticut. 80 00:04:56.860 –> 00:04:59.640 Um, Brett has been with associates for the last number of years, 81 00:04:59.780 –> 00:05:02.920 but BA began his career at Chubb. Um, 82 00:05:02.920 –> 00:05:06.720 he was there at the early stages of their, uh, tech cyber program, 83 00:05:06.900 –> 00:05:10.240 and he was part of the early leadership development team where he helped to 84 00:05:10.240 –> 00:05:13.920 develop new hires and educate underwriters with respect to cyber. 85 00:05:14.020 –> 00:05:18.600 And in the tech space, uh, Brett specializes in cyber slash internet liability, 86 00:05:18.680 –> 00:05:22.680 professional liability, and Arizona emissions insurance as well. 87 00:05:22.980 –> 00:05:27.400 So these two folks are on the cutting edge of a very, very dynamic industry, 88 00:05:27.780 –> 00:05:31.120 uh, and we are very, very fortunate to have them with us today. So Brett, 89 00:05:31.120 –> 00:05:35.640 welcome, uh, to the, to the Risk Academy. Glad to be here. Absolutely. Well, 90 00:05:35.730 –> 00:05:40.160 we’re gonna start the academy with a simple polling question. Um, 91 00:05:40.180 –> 00:05:41.560 if we can bring that up really quickly, 92 00:05:41.560 –> 00:05:45.760 we’re just gonna get a feel for if folks have cyber liability in their 93 00:05:46.200 –> 00:05:50.280 businesses today. So simple, yes or no question, do you have cyber insurance? 94 00:05:51.300 –> 00:05:51.670 Great. 95 00:05:51.670 –> 00:05:55.570 We will tally those votes here in a minute and we’ll come back with the result. 96 00:05:58.060 –> 00:06:01.150 With that in mind, we have a number of topics we want to jump into today. 97 00:06:01.610 –> 00:06:04.550 So we’ll go ahead and start with the first one. Obviously, 98 00:06:04.830 –> 00:06:09.030 I mentioned the word dynamic and fluid, and, uh, a couple of times, 99 00:06:09.400 –> 00:06:13.670 cyber liability is probably the one area of insurance that is 100 00:06:13.710 –> 00:06:16.710 experiencing the most change and the most volatility, 101 00:06:16.830 –> 00:06:21.470 I think that goes without saying insurance by nature is an industry that is very 102 00:06:21.830 –> 00:06:22.490 reactionary. 103 00:06:22.490 –> 00:06:25.910 We don’t quite know what we have to ensure until something bad happens, 104 00:06:25.920 –> 00:06:30.470 quite frankly. So Cynthia, I’m gonna go to you first. Talk a little bit, 105 00:06:30.490 –> 00:06:34.630 if you will, about the current state of cyber claims activity. 106 00:06:34.640 –> 00:06:37.350 We’re seeing it all over the news. Historically, 107 00:06:37.350 –> 00:06:40.030 it used to happen only to the big companies, right? Years ago, 108 00:06:40.030 –> 00:06:41.950 everybody’s heard about the, the, the, 109 00:06:41.950 –> 00:06:44.910 the compromises that might happen at Sony or, or Target, 110 00:06:45.250 –> 00:06:48.470 but those days are over. Everybody is a target now, correct? 111 00:06:49.020 –> 00:06:50.030 Everybody’s a target. 112 00:06:50.130 –> 00:06:54.190 If you’re using the internet or if you have electronic light bulbs that you can 113 00:06:54.190 –> 00:06:59.110 say, Alexa, turn ’em off and on, um, dishwashers, washing machines, 114 00:06:59.180 –> 00:07:03.350 refrigerators. It, it’s amazing when I look around my own house, 115 00:07:04.050 –> 00:07:06.590 how many devices I have that are connected to the internet, 116 00:07:06.730 –> 00:07:09.270 so it makes all of us vulnerable. Um, you know, 117 00:07:09.370 –> 00:07:14.270 claims over the last two years have been astronomical as 118 00:07:14.510 –> 00:07:17.590 compared to past. I think obviously the coverage in general, 119 00:07:18.010 –> 00:07:20.390 people were more aware of it, more people were buying, 120 00:07:20.420 –> 00:07:25.110 more claims were happening. Um, and it really spawned, um, a, 121 00:07:25.190 –> 00:07:26.750 a real big change in the market. You know, 122 00:07:26.750 –> 00:07:31.390 cyber is a newer product line when you compare it to property general liability, 123 00:07:31.700 –> 00:07:36.550 boat insurance, and so homeowners and so forth. And so in the beginning, 124 00:07:36.550 –> 00:07:39.110 everybody was sort of buying market share, right? 125 00:07:39.110 –> 00:07:43.430 They were giving policies that had a million or 2 million of coverage, 126 00:07:43.430 –> 00:07:48.350 15 to $2,500, and they were giving you every coverage under the sun. And it, 127 00:07:48.540 –> 00:07:51.190 when you thought it couldn’t get any broader, it couldn’t get any broader, 128 00:07:51.190 –> 00:07:53.030 it kept getting broader and it kept getting broader. 129 00:07:53.530 –> 00:07:57.150 And then in the last two years, you know, claim activity was really up, 130 00:07:57.150 –> 00:08:00.630 especially with ransomware and social engineering, um, 131 00:08:00.630 –> 00:08:04.710 being probably the two lead causes of, of cyber events. Um, 132 00:08:04.810 –> 00:08:07.550 and there’s so much coverage packed into these policies, 133 00:08:07.600 –> 00:08:11.390 which might be for another day or another question at least, 134 00:08:11.570 –> 00:08:13.990 but to get into all of what’s in a cyber policy. 135 00:08:14.610 –> 00:08:18.790 But carriers were getting inundated with claims, and they, they finally decided, 136 00:08:18.850 –> 00:08:22.070 you know what? We kind of need to underwrite this. Like we were sort of, 137 00:08:22.120 –> 00:08:25.590 gimme your name, address, nature of operations. Have you ever had an attack? 138 00:08:25.730 –> 00:08:28.550 And let’s give you a bindable quote or 5 million. 139 00:08:29.810 –> 00:08:34.350 And now it’s, you know, give me a seven page application. 140 00:08:34.590 –> 00:08:38.270 I don’t wanna scare anybody, but maybe not seven, um, maybe five. 141 00:08:39.230 –> 00:08:42.090 But they’re asking a lot of different information about procedures and 142 00:08:42.200 –> 00:08:46.890 processes. Um, and that has had a favorable impact, 143 00:08:46.890 –> 00:08:50.210 and we’ll talk about the processes and control requirements later, 144 00:08:50.550 –> 00:08:54.930 but it has had a favorable impact on reducing the effect, 145 00:08:54.980 –> 00:08:56.140 the efficacy of, 146 00:08:56.440 –> 00:09:00.140 of the threat actors getting into these systems hasn’t eliminated it. 147 00:09:00.600 –> 00:09:04.140 And we’re never gonna outsmart them. They’re always gonna be a step ahead of us. 148 00:09:04.240 –> 00:09:07.820 And just when you think you’ve kind of addressed every possible way they can 149 00:09:07.820 –> 00:09:12.340 find a vulnera vulnerability, they’ll find another one, right? Um, 150 00:09:12.400 –> 00:09:17.020 but it has reduced it, and I think it’s, it’s calmed that down a little bit. 151 00:09:17.160 –> 00:09:20.300 So the recent trend in the last, and, and jump in here, Brett, 152 00:09:20.360 –> 00:09:21.780 any time the last, 153 00:09:23.250 –> 00:09:27.910 at least 3, 4, 6 months at the most has been a drop in that 154 00:09:27.910 –> 00:09:30.190 ransomware. And I, I think it’s cyclical. 155 00:09:30.690 –> 00:09:34.630 And I think any one event will cause the whole thing to spike again. 156 00:09:34.770 –> 00:09:38.710 So I think it’s very, like you had mentioned in the beginning, very volatile, 157 00:09:39.450 –> 00:09:42.150 but the, the claim activity with ransomware, 158 00:09:42.780 –> 00:09:46.910 because so many procedures have been improved because backups are better because 159 00:09:46.910 –> 00:09:51.790 people have more of the controls that I don’t wanna step on Brett’s toes on 160 00:09:51.790 –> 00:09:54.550 that he’s gonna talk about later. It has made that better. 161 00:09:55.500 –> 00:09:57.640 The social engineering claims, uh, 162 00:09:57.640 –> 00:10:01.520 which are more the trickery into getting you to send your money to the wrong 163 00:10:01.570 –> 00:10:06.480 place. And, and a couple variations on that. Those have remain steady and in, 164 00:10:06.500 –> 00:10:09.400 in certain industries, you know, those in, um, 165 00:10:09.400 –> 00:10:13.120 that do a lot of wire transfer activity, uh, real estate and, 166 00:10:13.220 –> 00:10:15.760 and law firms and some of those industries, 167 00:10:15.790 –> 00:10:19.840 it’s really difficult to get that coverage because the claims are so prevalent 168 00:10:20.380 –> 00:10:23.960 in that area. Um, I think overall, you know, 169 00:10:24.270 –> 00:10:28.840 overall claims are down, not by a lot, but they’re holding steady. 170 00:10:29.460 –> 00:10:30.680 Um, and I think in general, 171 00:10:30.680 –> 00:10:34.200 people have a lot more awareness than they did a couple of years ago. 172 00:10:34.200 –> 00:10:38.720 They’re seeing it more, they’re realizing the, the small to business, uh, 173 00:10:38.720 –> 00:10:42.980 medium-sized enterprises, they’re like 58 or 60% of the claims. 174 00:10:43.640 –> 00:10:47.340 Wow. So when people think that I’m not target, you know, 175 00:10:47.480 –> 00:10:49.660 I’m not TJ Maxx, and you know, 176 00:10:49.660 –> 00:10:52.780 all the other millions of large breaches that you’ve heard of, 177 00:10:53.580 –> 00:10:58.010 small businesses are easier targets, right? They tend to be less secure, 178 00:10:58.010 –> 00:11:01.930 which is why the insurance companies started kind of coming down on them saying, 179 00:11:02.550 –> 00:11:04.730 you can’t be such easy targets. Right? 180 00:11:05.490 –> 00:11:06.290 Probably fair to say too, 181 00:11:06.290 –> 00:11:10.690 these cyber criminals will take $50,000 a pop 10 times and try to get a half a 182 00:11:10.690 –> 00:11:15.650 million dollar loss from a well constructed, uh, well-prepared organization, 183 00:11:15.650 –> 00:11:18.410 right? Absolutely. We talk about the vulnerability of a small business. I mean, 184 00:11:18.460 –> 00:11:21.890 we’re talking about cyber criminals that are sitting in basements and, you know, 185 00:11:21.990 –> 00:11:24.290 all across this country and other countries, and they, 186 00:11:24.290 –> 00:11:28.770 they will take 50 grand pop all day long, um, from very vulnerable players. 187 00:11:29.690 –> 00:11:34.650 Absolutely. Um, but the 50 grand ransomware demands are probably out the window. 188 00:11:34.930 –> 00:11:37.610 I mean, I think they’re h much higher than that. Sure. They can, 189 00:11:37.710 –> 00:11:41.770 the average demand, I, I’d say probably six to 800,000, uh, 190 00:11:41.770 –> 00:11:44.210 for a small to medium enterprise maybe more. Sure, 191 00:11:44.560 –> 00:11:46.570 Sure. And from a current event space, I mean, 192 00:11:46.600 –> 00:11:50.250 this is happening all over the country. We are not, uh, insulated from that. 193 00:11:50.270 –> 00:11:53.900 We have seen in our backyard a variety of different businesses that have been 194 00:11:54.100 –> 00:11:57.860 affected. Um, and it’s not just the demand, right? It’s the reputational damage, 195 00:11:57.970 –> 00:12:01.940 it’s the interruption of businesses. It’s a lot of effects that happen, um, 196 00:12:01.940 –> 00:12:03.580 when this activity does happen. 197 00:12:04.080 –> 00:12:08.540 Before we jumped on and before folks got into the actual, uh, zoom room here, 198 00:12:09.080 –> 00:12:11.020 but you mentioned a claim, uh, 199 00:12:11.020 –> 00:12:13.340 that that popped up on your radar just a couple of days ago. 200 00:12:13.340 –> 00:12:14.300 Would you mind going through that? 201 00:12:14.300 –> 00:12:17.020 Because these real world examples I think are very helpful. 202 00:12:17.490 –> 00:12:19.900 Yeah, absolutely. So we had a, uh, 203 00:12:20.200 –> 00:12:23.180 an agent bring an account to us that they have been trying to get, uh, 204 00:12:23.180 –> 00:12:27.540 the client who’s a, about a 3 million advertising agency, 3 million in revenue. 205 00:12:27.930 –> 00:12:31.220 They’ve been trying to get them to purchase cyber for now upwards of three to 206 00:12:31.220 –> 00:12:33.500 four years. And they’ve turned it down every year. 207 00:12:33.880 –> 00:12:36.620 And we got a call on Monday that they unfortunately, uh, 208 00:12:36.620 –> 00:12:40.740 sustained a social engineering incident where they were duped from a fake vendor 209 00:12:40.870 –> 00:12:44.940 email telling them to wire $64,000 to this party. 210 00:12:44.940 –> 00:12:49.500 They didn’t verify it and they were out the $64,000. So, um, 211 00:12:49.610 –> 00:12:53.300 kind of going to the claims world, the unfortunate reality also is if, 212 00:12:53.300 –> 00:12:56.180 if you have a claim, it doesn’t mean it’s all over, right? 213 00:12:56.180 –> 00:12:58.180 Obviously it’s the expense, it’s the strain, 214 00:12:58.290 –> 00:13:01.140 it’s the business loss or strain on that level. 215 00:13:01.200 –> 00:13:03.100 But then it’s also more often than not, 216 00:13:03.100 –> 00:13:07.580 people recognizing they then need the insurance after the fact and the terms 217 00:13:07.580 –> 00:13:11.060 being affected from that, right? So we, we wanna help, uh, 218 00:13:11.210 –> 00:13:14.980 both prospects and op clients who either haven’t ever purchased, 219 00:13:14.980 –> 00:13:19.260 currently purchased, or have had a loss and warranted. Um, to Cynthia’s point, 220 00:13:19.540 –> 00:13:20.620 everyone needs cyber insurance. 221 00:13:20.640 –> 00:13:24.540 And it’s unfortunate when you have a client or a prospect like that who has 222 00:13:24.540 –> 00:13:27.220 turned it down for years after not thinking they need it, 223 00:13:27.520 –> 00:13:29.100 who unfortunately suffered a loss. 224 00:13:29.610 –> 00:13:30.420 Well, I’ll tell you the, 225 00:13:30.420 –> 00:13:33.820 the sophistication of the emails from a social engineering perspective is, 226 00:13:33.920 –> 00:13:37.940 is mind boggling, right? I mean, it, uh, it happens to us all the time, right? 227 00:13:38.020 –> 00:13:40.860 I mean, they, they have copied my email signature. Now, 228 00:13:40.980 –> 00:13:44.940 a lot of the verbiage they use might not be exact to the way I would construct 229 00:13:44.940 –> 00:13:48.900 an email, but I’ll tell you, it’s getting closer and closer by the day. So, um, 230 00:13:48.900 –> 00:13:51.580 Cynthia made the point about folks being a step ahead, the, 231 00:13:51.720 –> 00:13:54.580 the degree of research and in, in, uh, 232 00:13:54.650 –> 00:13:57.580 time that they spend in trying to figure out who would be sending that email, 233 00:13:57.880 –> 00:14:01.820 uh, what their schedule looks like and how they construct emails. I mean, it, 234 00:14:01.820 –> 00:14:03.780 it is not by happenstance that this happens, 235 00:14:03.780 –> 00:14:07.060 there is a lot of work that goes in, uh, by these bad actors. 236 00:14:07.360 –> 00:14:10.220 It really is. Yeah, absolutely. They also monitor social media. 237 00:14:10.520 –> 00:14:12.500 So if they decide they’re gonna target you, 238 00:14:12.890 –> 00:14:16.340 they may try to find your LinkedIn and your, your Facebook page. 239 00:14:16.360 –> 00:14:20.620 And a lot of people go on Facebook and everywhere they go, they check in and, 240 00:14:20.640 –> 00:14:22.140 Hey, I’m here and I’m here and I’m here. 241 00:14:22.280 –> 00:14:23.820 And so they kind of know you’re out of town, 242 00:14:23.820 –> 00:14:26.780 or they know you’re on a cruise and you’re gonna be unavailable, you know, 243 00:14:26.780 –> 00:14:30.100 that kind of thing. And so they do that and they also, you know, 244 00:14:30.200 –> 00:14:34.410 try to see how you communicate and copy those words and, 245 00:14:34.430 –> 00:14:36.410 and make them more believable. If I may, 246 00:14:36.490 –> 00:14:41.130 I just wanna throw in an interesting example cuz you talk about how much time 247 00:14:41.130 –> 00:14:45.290 goes into, uh, being creative and making these, um, 248 00:14:45.290 –> 00:14:48.810 we’ll talk about social engineering claims. Um, so believable. 249 00:14:49.370 –> 00:14:54.220 I had an account where the fraudster created 250 00:14:54.320 –> 00:14:58.860 an email chain. So if I were trying to dupe you, I I, 251 00:14:58.860 –> 00:15:02.780 they actually broke into the system, so there was a breach as well. Um, 252 00:15:02.840 –> 00:15:04.940 and they compromised, we’ll say your email, 253 00:15:05.320 –> 00:15:09.260 and I’m communicating with you back and forth by email, 254 00:15:09.280 –> 00:15:12.980 but I’m really doing both sides of the communication and it, 255 00:15:13.200 –> 00:15:17.980 I’m using your email account and I’m blocking you from seeing it. Right? Right. 256 00:15:18.120 –> 00:15:22.820 And, and so he took this whole chain and it was like, Hey, I saw widgets. Oh, 257 00:15:22.820 –> 00:15:25.300 tell me about your widget. Oh, well our widget does this. Wow, 258 00:15:25.300 –> 00:15:26.580 that’s really cool. What about this? 259 00:15:26.720 –> 00:15:31.400 And it was this whole like multiple week long conversation 260 00:15:31.510 –> 00:15:34.600 back and forth about what this was that was being sold. 261 00:15:35.260 –> 00:15:39.720 And he took this chain that he created and he sent it to the C F O 262 00:15:41.060 –> 00:15:45.510 from a Andy will say, and said, Hey, Mr. C F O, 263 00:15:46.130 –> 00:15:50.470 I’m authorizing the purchase of this $1 million widget. Mm-hmm. 264 00:15:50.570 –> 00:15:55.470 Please wire the funds to this account and, and let’s get it ordered. 265 00:15:55.850 –> 00:15:56.310 And he did 266 00:15:56.310 –> 00:15:59.790 The fake conversation served as documentation or validation of the, you know, 267 00:15:59.870 –> 00:16:00.703 relationship. 268 00:16:00.860 –> 00:16:05.190 Exactly. It was so believable because it was this long drawn out conversation 269 00:16:06.350 –> 00:16:10.030 and he wired a million dollars and when they figured it out, 270 00:16:10.540 –> 00:16:11.790 he’s no longer employed there. 271 00:16:12.170 –> 00:16:16.670 Wow. Yeah, I imagine so. Um, wow. Well, it is a very sophisticated, 272 00:16:17.170 –> 00:16:20.590 uh, group that we’re up against. Um, but there is help, right? 273 00:16:20.590 –> 00:16:23.110 There are products available to us that, uh, 274 00:16:23.110 –> 00:16:26.630 we don’t make everybody completely cynical by watching this entire risk academy, 275 00:16:26.770 –> 00:16:30.270 and, uh, the world is not coming to an end point yet. So, but it is a very, 276 00:16:30.300 –> 00:16:34.390 very interesting battle that we find ourselves in with respect to this. So, uh, 277 00:16:34.630 –> 00:16:37.150 whenever there are, you know, upticks in claims activity, 278 00:16:37.970 –> 00:16:39.830 be it in severity or in frequency, 279 00:16:40.020 –> 00:16:42.990 there’s only one thing that could happen from an industry perspective, 280 00:16:42.990 –> 00:16:46.110 from an insurance industry perspective, and that is some type of response, 281 00:16:46.440 –> 00:16:49.950 right? The response usually comes in a couple of different ways. Um, 282 00:16:49.950 –> 00:16:51.550 and we’ll talk about those. So Brad, 283 00:16:51.570 –> 00:16:53.710 I’m gonna look to you to start this conversation if that’s okay, 284 00:16:53.710 –> 00:16:56.750 but what has the response been from the insurance industry where we always look 285 00:16:56.750 –> 00:17:00.470 at pricing changes, right? That is natural underwriting changes, 286 00:17:00.650 –> 00:17:03.870 be it an appetite or expectations for I’M from underwriters, 287 00:17:04.290 –> 00:17:05.590 and then contractual changes. 288 00:17:06.090 –> 00:17:08.910 Are the policies getting more restrictive in nature? 289 00:17:09.010 –> 00:17:10.670 Are there new exclusions being added? 290 00:17:11.050 –> 00:17:14.590 Can you talk about those three facets of the response from the insurance company 291 00:17:14.650 –> 00:17:16.350 and, and how those are playing out in real time? 292 00:17:16.740 –> 00:17:20.390 Yeah, absolutely. I, I think a primary driver to a lot of these changes, 293 00:17:20.440 –> 00:17:24.350 other than the obvious uptick in claims is also the evolution of technology, 294 00:17:24.400 –> 00:17:25.030 right? I mean, 295 00:17:25.030 –> 00:17:28.430 we just came out of a two to four year time period where a lot of businesses 296 00:17:28.430 –> 00:17:32.350 weren’t ready and, uh, prepared to go entirely remote. 297 00:17:32.370 –> 00:17:36.750 And many businesses still adopt and operate a hybrid or remote environment, 298 00:17:37.210 –> 00:17:40.870 um, which creates new exposure. So in that, and with the uptick of claims, 299 00:17:41.370 –> 00:17:44.030 we saw the market really in a rapid pace, 300 00:17:44.460 –> 00:17:49.260 both kind of adjust their pricing approach with charging a lot more premium for 301 00:17:49.260 –> 00:17:51.300 those standard policies, um, 302 00:17:51.350 –> 00:17:55.380 while also requiring a lot more information to Cynthia’s comments a few minutes 303 00:17:55.480 –> 00:17:59.660 ago. It used to be you give five pieces of information and you can get the most 304 00:17:59.660 –> 00:18:02.020 expansive quote for the cheapest premium, right? 305 00:18:02.030 –> 00:18:06.300 Based on the last few years that that’s not the case. The the pricing is up. Uh, 306 00:18:06.320 –> 00:18:10.620 the coverage is more restrictive in certain situations when it’s warranted based 307 00:18:10.680 –> 00:18:12.220 on lacking IT controls, 308 00:18:12.220 –> 00:18:17.140 and when the carriers feel they can only get comfortable quoting with that. Um, 309 00:18:17.520 –> 00:18:21.020 and the, uh, required information is a lot more, they’re, 310 00:18:21.020 –> 00:18:22.860 they’re asking for a lot more information on your, 311 00:18:23.040 –> 00:18:26.740 it controls your posture better understanding the risk as a whole, 312 00:18:26.740 –> 00:18:31.100 rather than what do you do? Where are you and have you had a loss? So I, 313 00:18:31.100 –> 00:18:34.380 I think we’ve seen in the last two to three years, uh, 314 00:18:34.380 –> 00:18:36.420 definitely an uptick in pricing. Um, 315 00:18:36.420 –> 00:18:38.900 and especially in the last one to two years, I’d say, uh, 316 00:18:39.010 –> 00:18:43.620 more coverage restrictions around risk and businesses who don’t have adequate 317 00:18:43.880 –> 00:18:46.740 IT controls. Um, I’d say for 2023, 318 00:18:46.740 –> 00:18:51.140 we started to see a little bit of a plateauing in that for risks who have been 319 00:18:51.140 –> 00:18:54.140 hearing this for many years and have at least implemented some of the controls 320 00:18:54.140 –> 00:18:56.460 that the carriers are, are looking for and requiring, 321 00:18:56.750 –> 00:18:59.260 we’re seeing some lessened restrictions on the coverage, 322 00:18:59.480 –> 00:19:03.140 but we’re still seeing markets who want to have coverage restrictions, 323 00:19:03.140 –> 00:19:07.980 whether it be a ransomware supplement and or co-insurance or a higher 324 00:19:08.340 –> 00:19:12.820 retention or a restriction on a specific limit or coverage altogether. 325 00:19:13.870 –> 00:19:16.610 Gotcha. Makes a lot of sense. Um, and this is, 326 00:19:16.690 –> 00:19:17.570 I I was gonna ask another question. 327 00:19:17.570 –> 00:19:20.210 It’s probably the best time as any to lead right into this. 328 00:19:20.230 –> 00:19:24.730 And we’ve talked about extortion and ransomware and all these variety of 329 00:19:24.930 –> 00:19:26.290 coverages that now exist. I mean, 330 00:19:26.290 –> 00:19:29.330 let’s say a couple of steps back to the infancy of cyber liability, 331 00:19:29.900 –> 00:19:33.010 those were nowhere even in our purview, right? I mean, 332 00:19:33.060 –> 00:19:36.090 cyber liability at the beginning basically was, Hey, 333 00:19:36.300 –> 00:19:40.490 we’ve been breached in some capacity. Uh, we need to do two things. 334 00:19:40.950 –> 00:19:43.650 We needed to notify everybody that could have been affected. 335 00:19:43.790 –> 00:19:46.810 So there was protection and notification expenses, right? 336 00:19:47.000 –> 00:19:51.490 Produce a letter or whatever I need to do to let all these 5,000 clients of mine 337 00:19:51.520 –> 00:19:52.930 know that they could have been affected. 338 00:19:53.430 –> 00:19:57.530 And then there was protection built into the coverage to monitor credit for 339 00:19:57.530 –> 00:20:01.250 those folks to make sure that there was not a negative impact to them, um, 340 00:20:01.250 –> 00:20:05.290 over a certain period of time that was usually driven by state law to say one to 341 00:20:05.290 –> 00:20:07.690 two years or whatever it might be, but that’s really what it was. 342 00:20:07.690 –> 00:20:12.260 Notification expenses, and credit monitoring, right? And from its infancy, 343 00:20:12.260 –> 00:20:16.860 it has grown into a laundry list of coverages that are now, now available. 344 00:20:17.420 –> 00:20:20.260 I mean, uh, talk a little bit about that if you can. Right? We, 345 00:20:20.260 –> 00:20:24.180 we mentioned cyber extortion, social, social engineering, reputational damage. 346 00:20:24.920 –> 00:20:28.900 The pro, the programs that are available are much more comprehensive, right? 347 00:20:28.900 –> 00:20:30.860 Than they were 5, 6, 7 years ago. 348 00:20:31.170 –> 00:20:34.260 Yeah, absolutely. I, I think the reality of it, and you nailed it, 349 00:20:34.280 –> 00:20:37.380 is it based on the way the market has gone and the amount of claims and the 350 00:20:37.380 –> 00:20:39.260 evolution of cyber, um, 351 00:20:39.260 –> 00:20:43.660 it’s no longer just back in the day when it was just paper records where there 352 00:20:43.660 –> 00:20:48.060 was no technology that was still exposure for cyber if someone stole a, uh, 353 00:20:48.060 –> 00:20:50.460 folder of protected information. Um, 354 00:20:50.680 –> 00:20:54.820 so the cyber policies are structured to have a multitude of coverages and more 355 00:20:55.060 –> 00:20:57.660 commonly broken up into first and third party coverages, 356 00:20:57.760 –> 00:21:00.340 so losses incurred by the business themselves, 357 00:21:00.480 –> 00:21:04.860 and then liability coverages after the fact through either fines, penalties, 358 00:21:04.880 –> 00:21:08.100 or lawsuits as a result of the breach. Um, 359 00:21:08.240 –> 00:21:12.340 but cyber’s definitely unique in the sense of it’s usually not just one coverage 360 00:21:12.530 –> 00:21:16.420 trigger that is triggered throughout the entirety of a claim, right? 361 00:21:16.420 –> 00:21:19.300 That the policies are very detailed. And to Cynthia’s point, 362 00:21:19.300 –> 00:21:22.180 we could probably have a whole another session just on that, 363 00:21:22.360 –> 00:21:27.260 but the initial structure of these policies is meant to have 364 00:21:27.260 –> 00:21:31.020 you call into the carrier the second you think there is a breach. Second, 365 00:21:31.020 –> 00:21:32.580 you think something is wrong. Second, 366 00:21:32.610 –> 00:21:37.260 something seems off and putting you in touch with the breach coach, 367 00:21:37.260 –> 00:21:41.180 they call them through the partnerships with the carriers to dissect what is 368 00:21:41.180 –> 00:21:44.500 going on. And from there, there could be, um, looping in, uh, 369 00:21:44.740 –> 00:21:47.820 forensics investigations to try to figure out, to Andy’s point, 370 00:21:48.170 –> 00:21:51.420 what information was compromised, who needs to be notified, 371 00:21:51.840 –> 00:21:54.140 and further going down the line of, uh, 372 00:21:54.140 –> 00:21:58.380 potential legal ramifications and other expenses incurred. Um, 373 00:21:58.960 –> 00:22:03.820 the forensics is the number one expense outside of potentially a ransom demand 374 00:22:04.170 –> 00:22:07.300 that we see on cyber claims. Um, and what’s that, 375 00:22:07.330 –> 00:22:10.020 what that is doing is figuring out really what happens, 376 00:22:10.290 –> 00:22:13.980 what data is compromised and how to get the system back up and running. 377 00:22:14.200 –> 00:22:18.420 So most cyber incidents are gonna have some sort of forensics investigation, 378 00:22:18.920 –> 00:22:23.460 and a lot of times people don’t think that cost is gonna add up and it does. 379 00:22:23.720 –> 00:22:26.580 So there’s a lot more, um, you touched on obviously, 380 00:22:26.600 –> 00:22:29.300 and we did the extortion and social engineering, um, 381 00:22:29.320 –> 00:22:33.500 but especially like the business interruption and reputational damage for a 382 00:22:33.660 –> 00:22:36.700 business that heavily relies on their technology systems and their systems 383 00:22:36.940 –> 00:22:37.773 altogether, 384 00:22:37.800 –> 00:22:42.540 if those go down and you’re unable to get income as a result 385 00:22:43.080 –> 00:22:45.220 for that downtime via the cyber breach, 386 00:22:45.290 –> 00:22:49.900 there’s a lot of potential exposure and business income loss from that. So, 387 00:22:50.240 –> 00:22:50.980 um, like I said, 388 00:22:50.980 –> 00:22:53.540 we can go farther into the weeds if there’s any questions specifically on the 389 00:22:53.740 –> 00:22:53.860 coverage, 390 00:22:53.860 –> 00:22:58.140 but they are built in a nice widespread structure to be both first and third 391 00:22:58.140 –> 00:22:58.973 party coverages. 392 00:22:59.700 –> 00:23:01.680 And Cynthia, I’m gonna come to you. Is it fair to say though, 393 00:23:01.680 –> 00:23:04.440 when we talked about volatility, we talked about restrictions being added, 394 00:23:04.440 –> 00:23:07.200 we talked about carrier changes at a pretty rapid level, 395 00:23:07.420 –> 00:23:10.480 not all contracts are created equal. Is that fair? I mean, 396 00:23:10.680 –> 00:23:15.200 I, I would say it’s fair to say that no two contracts are created equal. There, 397 00:23:16.010 –> 00:23:20.680 there is more differentiation from one program to the next in cyber than I’ve 398 00:23:20.680 –> 00:23:23.320 ever seen on any product line. Usually the, 399 00:23:23.320 –> 00:23:28.040 the wording follows a very similar structure and sometimes verbatim, um, 400 00:23:28.150 –> 00:23:32.600 each coverage section and cyber policies are as different as apples and cars, 401 00:23:32.820 –> 00:23:34.920 not even apples and oranges, right? 402 00:23:35.390 –> 00:23:38.680 Yeah. As, as simple consumers of insurance and everybody that’s on the call has, 403 00:23:38.680 –> 00:23:40.440 has bought an insurance in some capacity, 404 00:23:40.470 –> 00:23:44.240 general liability for the most part is general liability and property as pretty 405 00:23:44.240 –> 00:23:44.640 much property. 406 00:23:44.640 –> 00:23:48.700 There might be slight variations and limits across carriers or some wording from 407 00:23:48.700 –> 00:23:51.060 here or there, but the general, uh, 408 00:23:51.060 –> 00:23:54.380 program is kind of universal across the industry. But for cyber, 409 00:23:54.400 –> 00:23:56.060 that’s not the case at all. I mean, 410 00:23:56.060 –> 00:24:00.500 I think the key is to place yourself with a broker that understands and that has 411 00:24:00.500 –> 00:24:02.500 a valued interest in this. And then two, 412 00:24:03.160 –> 00:24:06.820 the broker has a relationship with somebody like associates that has a true 413 00:24:07.220 –> 00:24:11.460 industry understanding and is on the cutting edge of the changes, right? 414 00:24:11.460 –> 00:24:14.660 Because the way it looks today and the way it looks in six months or the way it 415 00:24:14.660 –> 00:24:16.820 looks six months ago could be dramatically different. 416 00:24:16.880 –> 00:24:18.860 So staying on top of this is, is critical. 417 00:24:19.570 –> 00:24:21.300 Yeah. And I, I think too, you know, 418 00:24:21.300 –> 00:24:24.420 being able to interpret those quotes and identify some of those major 419 00:24:24.420 –> 00:24:25.170 differences, 420 00:24:25.170 –> 00:24:28.700 because one of the things Brett and I look for right off the bat is, 421 00:24:28.800 –> 00:24:32.820 is there a sub-limit on ransomware? Like, that’s one of the biggest exposures. 422 00:24:32.920 –> 00:24:35.940 That’s an exposure you don’t want a sub-limit on, right? If, 423 00:24:36.040 –> 00:24:40.580 if it’s available at full limit, which it readily is in most cases. 424 00:24:41.440 –> 00:24:45.620 So how many times we’ve seen people say, oh, I got this really good quote, 425 00:24:46.240 –> 00:24:49.460 and then we look at it and you see something like that. So, you know, 426 00:24:49.460 –> 00:24:51.700 giving us the opportunity to help you and, 427 00:24:51.960 –> 00:24:53.580 and to point out some of those things, 428 00:24:54.010 –> 00:24:57.020 they can really affect your decision on which way to go. 429 00:24:58.140 –> 00:25:01.380 Absolutely. No, that is very critical. Now, obviously, a broker with, 430 00:25:01.380 –> 00:25:04.340 with great expertise and great, uh, market, you know, 431 00:25:04.340 –> 00:25:07.500 reach like yourselves is gonna have a variety of companies they can, uh, 432 00:25:07.600 –> 00:25:09.740 can go to at any time. And like a lot of things, 433 00:25:10.040 –> 00:25:14.900 we want to be in our best outfit when it’s time to go to market, 434 00:25:14.900 –> 00:25:19.020 right? We want to be in the best, put our best foot forward, if you will. So, 435 00:25:19.280 –> 00:25:20.900 you know, in spite of all these changes, 436 00:25:21.160 –> 00:25:25.020 I’m a firm believer that for a best in class operator, 437 00:25:25.020 –> 00:25:27.260 there’s always opportunity, right? 438 00:25:27.280 –> 00:25:31.700 If you’re gonna do the right things and you have processes and programs in place 439 00:25:31.960 –> 00:25:33.020 to protect yourself, 440 00:25:33.210 –> 00:25:37.540 there’s always a place in the market for you at a competitive level, right? 441 00:25:37.680 –> 00:25:39.900 So let’s talk a little bit about that, right? We’ve, 442 00:25:39.900 –> 00:25:41.740 this has been a pretty downer conversation. 443 00:25:41.740 –> 00:25:45.220 There’s a lot of claims prices going crazy, it’s volatile, all those things. 444 00:25:45.520 –> 00:25:49.820 But hey, in spite of all that, how do we position ourselves as best we can, 445 00:25:49.870 –> 00:25:50.320 right? 446 00:25:50.320 –> 00:25:54.900 So the next line of questioning is really about what can a client do to make 447 00:25:54.900 –> 00:25:58.660 themselves the most attractive in the market, right? 448 00:25:58.840 –> 00:26:03.420 So specifically I’d like to highlight what specific controls should they 449 00:26:03.610 –> 00:26:04.240 have in place, 450 00:26:04.240 –> 00:26:08.060 or will they possibly be mandated to have in place at the time a policy is put 451 00:26:08.060 –> 00:26:08.820 in place? Um, 452 00:26:08.820 –> 00:26:13.060 what are some things that underwriters look for in best in class risks? 453 00:26:13.760 –> 00:26:16.340 Are there any non-negotiable requirements? 454 00:26:16.440 –> 00:26:19.220 And that’s changing pretty rapidly too, if you don’t have this, 455 00:26:19.590 –> 00:26:22.420 don’t even start the conversation type of thing. Um, 456 00:26:22.420 –> 00:26:25.940 and then we’re gonna talk about utilization of some, some vulnerability scans, 457 00:26:25.940 –> 00:26:29.820 some of the tools that companies use to try to understand what the risk is, 458 00:26:29.820 –> 00:26:30.250 like, 459 00:26:30.250 –> 00:26:34.100 what the risk profile is like for an organization before they have the chance to 460 00:26:34.100 –> 00:26:36.180 engage with them. What do they know about you that might, 461 00:26:36.180 –> 00:26:39.620 you might not even know yourself? So, Cynthia, I’ll, I’ll jump to you first. 462 00:26:40.210 –> 00:26:40.860 Okay. Well, 463 00:26:40.860 –> 00:26:45.780 I would say the single most requested control procedure item is 464 00:26:46.120 –> 00:26:50.220 mfa multifactor authentication. Um, there’s several ways to do it. The, 465 00:26:50.580 –> 00:26:54.140 probably one of the most common is you get a text on your phone, um, 466 00:26:54.290 –> 00:26:57.620 with a code to enter. Sometimes it’s, uh, a key fob. 467 00:26:57.730 –> 00:27:02.180 Sometimes it’s some other secondary level of verification, right? 468 00:27:02.180 –> 00:27:05.260 That you are who you say you are. You know, with, 469 00:27:05.400 –> 00:27:09.930 if you log in from your computer and somebody say you use your 470 00:27:09.930 –> 00:27:12.330 credentials across multiple platforms, 471 00:27:12.390 –> 00:27:14.650 and one of those platforms gets compromised, 472 00:27:14.830 –> 00:27:18.530 now they have your u your username and password or your email and password 473 00:27:18.530 –> 00:27:19.363 combination, 474 00:27:19.640 –> 00:27:24.570 they start testing it across all different websites and platforms in order 475 00:27:24.590 –> 00:27:26.290 to try to get into your account. 476 00:27:26.870 –> 00:27:31.330 So when by having MFA you have another level to verify who you are, 477 00:27:31.840 –> 00:27:33.410 that is less likely for them to have, 478 00:27:33.440 –> 00:27:37.610 it’s less likely that that person who bought or stole your 479 00:27:38.550 –> 00:27:39.520 credentials in, 480 00:27:39.660 –> 00:27:44.000 in another breach also has your key fob or also has your cell phone, uh, 481 00:27:44.140 –> 00:27:49.120 or maybe knows your personal email where you can, um, get a a, a code at. 482 00:27:49.740 –> 00:27:53.800 So the MFA has done a great job in reducing, like, again, 483 00:27:53.870 –> 00:27:58.560 nothing is foolproof and sure the threat actors will always be a step ahead of 484 00:27:58.560 –> 00:28:03.000 us, but it has, it’s probably the most universally requested thing. 485 00:28:03.540 –> 00:28:06.360 Is it a hundred percent of the time? No. 486 00:28:06.860 –> 00:28:11.080 It got to a point where it was probably, what do you think, Brett? 99 or 98%? 487 00:28:11.350 –> 00:28:15.640 It’s softened maybe. Okay, maybe it’s in the nineties still, but it’s, 488 00:28:15.760 –> 00:28:18.960 it’s not necessarily as much as it was. The ones, 489 00:28:19.180 –> 00:28:23.960 the markets that will quote risks without MFA are usually quoting 490 00:28:24.250 –> 00:28:28.360 small vanilla, lesser hazard classes. Sure. Um, 491 00:28:28.660 –> 00:28:33.600 if they are larger or more complex or higher hazard classes, 492 00:28:34.940 –> 00:28:37.200 if they get quoted without having mfa, 493 00:28:37.200 –> 00:28:40.120 they probably have a ransomware, 494 00:28:40.140 –> 00:28:43.920 either sub-limit or exclusion or co-insurance or some combination. 495 00:28:45.000 –> 00:28:47.300 Um, so that’s one of the biggest ones. And then people say, well, 496 00:28:47.300 –> 00:28:48.460 where do they have to have MFA? 497 00:28:49.090 –> 00:28:53.200 Everywhere you can possibly have it is the best answer. Sure. Right. 498 00:28:53.980 –> 00:28:58.040 Um, the minimum standard is typically gonna be all remote access. 499 00:28:59.500 –> 00:29:03.880 So whether that is to your network account or to your email on your phone, 500 00:29:04.140 –> 00:29:07.440 you can, you can go through the MFA verification process on your phone. 501 00:29:08.180 –> 00:29:12.880 No one asks how frequently you do it, they just wanna know that you do it. So, 502 00:29:12.930 –> 00:29:16.320 right. Right. Because once that item has been validated, 503 00:29:16.470 –> 00:29:21.080 then unless you maybe change IP addresses, sign in from a different location, 504 00:29:21.080 –> 00:29:21.960 something like that, 505 00:29:22.340 –> 00:29:26.480 you’re probably not gonna get asked to re-authenticate unless the organization 506 00:29:26.480 –> 00:29:31.120 puts in more stringent requirements in the settings. Um, 507 00:29:31.120 –> 00:29:33.560 but from an underwriting standpoint, they’re usually just, 508 00:29:33.580 –> 00:29:37.200 if you’re doing it and you’re validating it, we’re good. Right? Um, 509 00:29:37.370 –> 00:29:39.920 email remote access, uh, 510 00:29:40.020 –> 00:29:43.540 to your account or your email network administration accounts, 511 00:29:43.540 –> 00:29:45.260 they like to see that. Um, 512 00:29:45.260 –> 00:29:50.260 because network administrators or privileged users have the keys to the 513 00:29:50.380 –> 00:29:53.420 castle, right? They have the access to the most sensitive information. 514 00:29:54.000 –> 00:29:58.700 So they like to see those people have M F A, whether they’re in the office, 515 00:29:58.920 –> 00:30:03.130 you know, inside the network or working remotely other places, 516 00:30:03.790 –> 00:30:08.610 backup tapes. Where else did I miss anything Brett? Um, backup cloud 517 00:30:08.610 –> 00:30:09.443 Service providers. 518 00:30:09.480 –> 00:30:12.450 Yeah, I, I say tapes, I don’t know why I keep saying that, 519 00:30:12.450 –> 00:30:16.890 just tells you how old I am, but back ups, um, having that, 520 00:30:17.030 –> 00:30:21.890 the them MFA protected. Yeah. Or access to cloud service providers. 521 00:30:22.430 –> 00:30:27.290 Um, if you’re a IT tech company that remotely accesses your clients, 522 00:30:27.320 –> 00:30:31.810 they like to see, you have to go through MFA to, to do that again, 523 00:30:31.810 –> 00:30:35.450 just anytime, especially remote access, 524 00:30:35.560 –> 00:30:38.690 they wanna see that or access to really sensitive information. 525 00:30:39.510 –> 00:30:42.610 That’s probably the number one most requested. And again, 526 00:30:42.800 –> 00:30:46.810 there’s some lightened flex and more flexibility in that area 527 00:30:47.590 –> 00:30:51.250 of recent, like literally the last less than six months. 528 00:30:51.830 –> 00:30:55.810 But most of that relaxation has been in this small 529 00:30:56.760 –> 00:31:00.050 vanilla low hazard type space. 530 00:31:00.050 –> 00:31:04.130 People that haven’t had an event understood happen and, and such like that. 531 00:31:04.700 –> 00:31:06.290 Other things, you know, and, 532 00:31:06.310 –> 00:31:09.850 and this is where underwriters are actually underwriting, cuz it’s, 533 00:31:10.080 –> 00:31:14.730 sometimes it’s a combination of responses that sways it one way or the other. 534 00:31:15.390 –> 00:31:15.750 You know, 535 00:31:15.750 –> 00:31:19.730 things that they might look for is do you have endpoint detection and response? 536 00:31:20.550 –> 00:31:23.890 Do you have employee training, you know, on, 537 00:31:24.190 –> 00:31:27.090 on like phishing training and what not to click on? Sure. 538 00:31:27.190 –> 00:31:31.650 Do you have en employee training on doing verifications on social 539 00:31:32.090 –> 00:31:35.410 engineering, potentially social engineering attacks, you know, 540 00:31:35.410 –> 00:31:39.850 where wire transfers, um, or changed instruction, uh, 541 00:31:40.360 –> 00:31:44.890 education for your employees. They look at, um, I don’t know, 542 00:31:44.890 –> 00:31:49.830 all sorts of things you do, you outsource your, your, uh, 543 00:31:50.330 –> 00:31:51.910 it, you know, so on and so forth. 544 00:31:51.910 –> 00:31:56.230 Then there’s usually at least a couple of pages or more of questions. 545 00:31:56.730 –> 00:31:59.750 And again, if you, if you kind of don’t pass on one, 546 00:32:00.170 –> 00:32:03.470 but you pass on enough others, you’re, you’re generally okay. 547 00:32:03.490 –> 00:32:06.190 But when you start getting more nos and yeses that, you know, 548 00:32:06.190 –> 00:32:07.023 you don’t have them, 549 00:32:07.930 –> 00:32:12.230 the stack of those things together might sway an underwriter. And, and Brett, 550 00:32:12.290 –> 00:32:14.790 you, you actually work as a cyber underwriter, 551 00:32:14.790 –> 00:32:18.110 so I don’t know if you have anything to add to that as to what you looked for 552 00:32:18.300 –> 00:32:20.430 when you were in that position. Yeah, 553 00:32:20.450 –> 00:32:23.030 I’d say, I mean the, the favorite acronyms, 554 00:32:23.370 –> 00:32:27.750 MFA and E D R are probably the most common that we see with MFA being the 555 00:32:27.750 –> 00:32:31.470 biggest, um, backups as well. And, and more importantly now, it, 556 00:32:31.470 –> 00:32:33.710 it’s no longer asking do you have backups? 557 00:32:33.710 –> 00:32:38.070 It’s trying to get a little more insight into what types are they segregated 558 00:32:38.070 –> 00:32:39.420 from your network. Um, 559 00:32:39.420 –> 00:32:44.020 and the reason for that is if a hacker gets into the system and you have backups 560 00:32:44.340 –> 00:32:48.060 directly connected to the network, the hacker will gain access to those backups, 561 00:32:48.060 –> 00:32:50.340 rendering them useless. So segregated, 562 00:32:50.340 –> 00:32:54.500 whether it be through a cloud provider or fully offline offsite from the 563 00:32:54.500 –> 00:32:56.740 network. So in the event the worst happens, 564 00:32:56.810 –> 00:33:01.380 there’s at least a way to restore to some capacity from those backups. 565 00:33:01.600 –> 00:33:03.100 Um, and to Cynthia’s point as well, 566 00:33:03.140 –> 00:33:07.100 I will say obviously depending on the class of business and nature of 567 00:33:07.100 –> 00:33:10.820 operations, some of these will be scrutinized more, some less, um, 568 00:33:10.850 –> 00:33:11.980 some that are kind of highly, 569 00:33:12.130 –> 00:33:16.140 more highly scrutinized regardless of size will range from municipalities, 570 00:33:16.450 –> 00:33:19.820 schools, banking, healthcare, um, 571 00:33:19.970 –> 00:33:23.100 even more recently manufacturing and somewhat contractors. 572 00:33:23.660 –> 00:33:24.980 I think a lot of these businesses, 573 00:33:24.980 –> 00:33:29.260 especially the nature of ops where there hadn’t been historically large amounts 574 00:33:29.260 –> 00:33:33.940 or frequency of severity of claims has seen an uptick that has resulted 575 00:33:34.080 –> 00:33:38.300 in the carriers responding to wanting more information. Um, 576 00:33:38.320 –> 00:33:42.540 and more specifically on the manufacturing side, prior to the last few years, 577 00:33:42.570 –> 00:33:46.420 they, they were viewed upon as some of the lowest hanging risks, um, 578 00:33:46.420 –> 00:33:50.420 and lowest exposed risks. Um, but some of the losses that come from those, 579 00:33:50.440 –> 00:33:54.220 or some of the largest claims that we see based on the business interruption and 580 00:33:54.380 –> 00:33:55.420 business income loss for, 581 00:33:55.420 –> 00:33:59.460 if a manufacturer is down for a step period of time and can’t produce their 582 00:33:59.460 –> 00:34:01.500 product, that’s their core business. 583 00:34:01.520 –> 00:34:04.780 So that’s just a few of the classes of business that some of the markets may 584 00:34:04.780 –> 00:34:06.780 want some of the more stringent controls on. 585 00:34:07.080 –> 00:34:09.820 And that can, can affect down the supply chain too. 586 00:34:11.130 –> 00:34:12.270 That’s good to know. Um, 587 00:34:12.430 –> 00:34:15.790 and it’s certainly we can help if people want to get a more robust program in 588 00:34:15.790 –> 00:34:19.310 place when it comes to protection in the phishing schemes and some of the 589 00:34:19.310 –> 00:34:21.710 efforts internally, we can certainly help with that. 590 00:34:21.830 –> 00:34:23.190 I think what you said though, 591 00:34:23.190 –> 00:34:26.670 Cynthia underwriters are still underwriting is very, is very important, right? 592 00:34:26.850 –> 00:34:30.350 So much of insurance has become, um, you know, uh, 593 00:34:30.540 –> 00:34:34.470 information that is compiled into, uh, data, you know, 594 00:34:34.470 –> 00:34:36.190 projection systems and that type of thing. 595 00:34:36.190 –> 00:34:40.190 And there’s no real human decision point, right? Um, 596 00:34:40.270 –> 00:34:42.910 a lot of homeowners and personal insurance has, has become that way. 597 00:34:42.910 –> 00:34:46.950 We’re looking at credit scores and dates of birth and all kinds of information, 598 00:34:47.330 –> 00:34:48.550 you know, vehicle history, 599 00:34:48.790 –> 00:34:52.270 whatever it is to give us the predictive modeling that’ll tell us what’s gonna 600 00:34:52.270 –> 00:34:53.310 try to happen before it happens. 601 00:34:53.540 –> 00:34:57.350 What we’re talking about here is still people making decisions based on what 602 00:34:57.350 –> 00:34:58.183 they know. 603 00:34:58.450 –> 00:35:03.150 So if you are doing these things and your broker does not know about them 604 00:35:03.370 –> 00:35:07.350 and can’t paint you in the best light or tell the best story for you, 605 00:35:07.900 –> 00:35:09.710 then we’re missing the boat, right? 606 00:35:09.890 –> 00:35:13.990 So if you are taking the extra step to take the preventative measures, 607 00:35:14.100 –> 00:35:15.550 then the underwriter needs to know that. 608 00:35:15.610 –> 00:35:17.150 And as I started this conversation with, 609 00:35:17.150 –> 00:35:20.950 there’s still an opportunity for best in class operator, 610 00:35:21.180 –> 00:35:22.270 even in difficult times. 611 00:35:22.660 –> 00:35:26.030 It’s just critical that we make sure the underwriter knows we are one of those 612 00:35:26.450 –> 00:35:29.750 and you here’s what we’re doing behind the scenes. Um, and, and, 613 00:35:29.750 –> 00:35:31.550 and we need to exemplify that to the underwriter. 614 00:35:32.320 –> 00:35:33.290 Yeah, and you know, 615 00:35:33.330 –> 00:35:36.250 I always have a corny phrase that Brett’s probably tired of hearing is, 616 00:35:36.550 –> 00:35:39.460 you know, when you have a client that has experienced an event, 617 00:35:39.810 –> 00:35:44.580 they’re not necessarily unplaceable, they’re, it’s much more difficult, 618 00:35:44.580 –> 00:35:47.820 obviously if they’re in the middle of the event because you don’t know 619 00:35:47.930 –> 00:35:50.300 necessarily how, how, 620 00:35:51.210 –> 00:35:54.790 how much the threat actor is in, if they’re in and that kind of thing. 621 00:35:55.210 –> 00:36:00.030 But especially post-incident, you know, we really spend a lot of time, um, 622 00:36:00.030 –> 00:36:04.110 doing a lot of conference calls and in, in my corny phrases, you know, 623 00:36:04.220 –> 00:36:08.940 help me prepare my closing arguments so that I can convince the jury not to 624 00:36:09.060 –> 00:36:10.700 sentence you to death. And so, you know, 625 00:36:10.700 –> 00:36:15.100 you work with retail agents and clients to find out, 626 00:36:15.490 –> 00:36:18.580 okay, what was done? Did you do a forensic investigation? 627 00:36:18.850 –> 00:36:21.380 What did the forensic investigation find? Maybe, 628 00:36:22.650 –> 00:36:26.520 maybe a third party was compromised and you weren’t, or maybe you were, 629 00:36:26.580 –> 00:36:29.520 but they found it and this is what they did to close it. If, 630 00:36:29.620 –> 00:36:31.680 if you’re sort of through all that, 631 00:36:32.220 –> 00:36:36.160 and especially if the forensic analysis has been done, 632 00:36:36.230 –> 00:36:39.360 even if there’s some hanging expenses out there, if, 633 00:36:39.420 –> 00:36:42.120 if the holes have been kind of buttoned up and so forth, 634 00:36:42.830 –> 00:36:46.960 then it makes it easier for us to, you know, produce better results for you. 635 00:36:47.060 –> 00:36:50.960 So we do see people that all phases, some that have never had a claim, 636 00:36:50.960 –> 00:36:54.280 some that have had a claim that’s open, some that are closed. Um, 637 00:36:54.340 –> 00:36:57.520 it doesn’t have to be the kiss of death, it just, it, 638 00:36:57.780 –> 00:37:02.320 it takes working with somebody that’s willing to invest the time to tell the 639 00:37:02.320 –> 00:37:04.960 story. And like you said, the paint in the best light. 640 00:37:05.350 –> 00:37:08.040 Yeah, that rehabilitation process seems important. And again, 641 00:37:08.040 –> 00:37:11.600 we want to be as proactive as we can, but you can’t pre, 642 00:37:11.600 –> 00:37:14.320 you can’t prevent against everything, right? So sometimes we have to be, 643 00:37:14.580 –> 00:37:16.840 you know, reactionary post-loss. Um, 644 00:37:16.840 –> 00:37:19.400 but I think that that rehabilitation process you talk about is critical, 645 00:37:19.620 –> 00:37:22.520 so mm-hmm. Nice to know that we don’t have to close our doors, you know, 646 00:37:22.840 –> 00:37:24.800 we can still reopen. It might be a little challenging for time, 647 00:37:24.820 –> 00:37:27.080 but everything is an opportunity to learn for sure. 648 00:37:27.580 –> 00:37:30.680 So let’s talk about that though. My next question, and this is perfect is, and, 649 00:37:30.680 –> 00:37:32.960 and, and Brad, I’ll go to you, I think you touched on it earlier, 650 00:37:33.690 –> 00:37:35.630 simple question, what do we do in the, in the, 651 00:37:35.650 –> 00:37:39.190 in the event of a claim or a possible claim is a better way to word it possibly, 652 00:37:39.190 –> 00:37:40.023 you know? 653 00:37:40.470 –> 00:37:43.190 Absolutely. So, uh, and Cynthia, I’m stealing one of your lines as well. 654 00:37:43.290 –> 00:37:45.030 We like to call it the bat phone. 655 00:37:45.120 –> 00:37:49.310 Every carrier now pretty much has a hotline established where they want 656 00:37:49.970 –> 00:37:53.550 the immediate thought thing, result. Whatever you think, 657 00:37:53.570 –> 00:37:55.830 if something seems off and whether, you know, 658 00:37:55.830 –> 00:37:59.390 definitively it’s a ransomware attack and you see a note saying your system’s 659 00:37:59.390 –> 00:38:03.070 locked up or something doesn’t seem right, or files were sent out, 660 00:38:03.770 –> 00:38:07.710 the carriers want you to call the hotline. And what it does is it put you in, 661 00:38:07.730 –> 00:38:12.470 it puts you in touch with one of their panel vendor law firms to 662 00:38:12.470 –> 00:38:16.670 establish privileged communication to figure out next steps and loop in the 663 00:38:16.670 –> 00:38:19.550 parties that may be needed to dissect what’s going on. 664 00:38:19.820 –> 00:38:21.630 Usually that’s to where I said earlier, 665 00:38:22.210 –> 00:38:24.430 the companies like the forensics investigations, 666 00:38:24.610 –> 00:38:28.230 if it warrants them going into the network to figure out what’s going on, 667 00:38:28.460 –> 00:38:31.270 sometimes it could be a blip or nothing. Um, 668 00:38:31.330 –> 00:38:36.020 and but the importance of it is waiting in a matter of minutes or hours 669 00:38:36.160 –> 00:38:38.380 can really extend the amount of a loss, 670 00:38:39.210 –> 00:38:40.860 tens or hundreds of thousands of dollars. 671 00:38:41.080 –> 00:38:45.620 So that’s why it is definitely a unique coverage to really any other insurance 672 00:38:45.670 –> 00:38:46.503 where the, 673 00:38:46.730 –> 00:38:50.660 they want you as the insured to call in the second you think something is wrong. 674 00:38:50.730 –> 00:38:53.860 They don’t want you to wait. Um, they don’t want you to hesitate. 675 00:38:54.250 –> 00:38:58.900 Hackers always also don’t hit at the right, at the perfect time for us. 676 00:38:59.050 –> 00:39:00.580 They hack at the perfect time for them. 677 00:39:00.630 –> 00:39:04.100 It’ll be at 2:00 AM when you’re in Jamaica on vacation. Um, 678 00:39:04.100 –> 00:39:08.340 it won’t be when you’re staring at your computer and prepared and really able to 679 00:39:08.340 –> 00:39:09.540 respond necessarily. 680 00:39:09.760 –> 00:39:12.700 So that’s kind of why the policies are set up to be a little unique, 681 00:39:12.700 –> 00:39:16.540 where it puts you in touch with those really those experts in that field to 682 00:39:16.540 –> 00:39:17.660 figure out, talk you through. 683 00:39:17.880 –> 00:39:21.300 And they’re called the breach coach because they essentially coach you through 684 00:39:21.420 –> 00:39:23.580 step-by-step what needs to be done, 685 00:39:23.640 –> 00:39:27.940 who needs to be involved with the end goal of mitigating loss, reducing, uh, 686 00:39:28.210 –> 00:39:31.580 expense, and getting you back up and running as quickly as possible. 687 00:39:32.460 –> 00:39:35.740 I, I’ll throw in a claim example there. I write a large, um, 688 00:39:35.740 –> 00:39:39.940 it’s a public school district and I had met with the, 689 00:39:40.000 –> 00:39:43.620 the agent and their, and the client several times, you know, myself, 690 00:39:43.620 –> 00:39:45.740 both in person and on phone and video. 691 00:39:46.320 –> 00:39:50.100 And so they knew me and it was a Friday night, 692 00:39:50.640 –> 00:39:55.600 Thanksgiving weekend, like Brett said, you know, holidays, 693 00:39:55.840 –> 00:39:57.520 weekends, nights when people, 694 00:39:58.300 –> 00:40:02.640 not everybody’s watching everything during the day. Yeah. And, 695 00:40:02.660 –> 00:40:03.720 and I was sitting outside, 696 00:40:03.720 –> 00:40:07.960 it was I think about 9:00 PM and I was sitting outside on our patio. 697 00:40:08.460 –> 00:40:11.560 We have a TV out there, we live out there and watching tv, 698 00:40:11.620 –> 00:40:13.680 that’s where I live in Florida, um, 699 00:40:14.640 –> 00:40:17.480 watching TV and my cell phone rings, you know, hi, 700 00:40:17.480 –> 00:40:21.240 this is so-and-so from so-and-so, and I’m thinking like, 701 00:40:21.240 –> 00:40:24.520 what is this guy calling me on a Friday night? And you know, as you say that, 702 00:40:24.660 –> 00:40:27.440 you know, and sure enough, they, he said, 703 00:40:27.440 –> 00:40:32.160 we are actively being attacked right now. And I’m like, here’s the backbone, 704 00:40:32.550 –> 00:40:36.760 call them right now. And they actually called me the next night and said, 705 00:40:36.820 –> 00:40:41.040 you know, by the next morning they had forensics and they had, you know, 706 00:40:41.040 –> 00:40:44.480 the attorney and so on and so forth launched and they were, 707 00:40:44.550 –> 00:40:47.640 they were so happy cuz the response was so fast and it, 708 00:40:47.980 –> 00:40:52.000 it went very far in mitigating the total cost of that claim. 709 00:40:52.650 –> 00:40:54.260 Sure. And I’m sure like a lot of things, 710 00:40:54.260 –> 00:40:55.620 we talk about coverages being different. 711 00:40:55.640 –> 00:40:58.300 I’m sure the response on certain carriers is, is better or, 712 00:40:58.360 –> 00:40:59.620 or not as up to par as others. 713 00:40:59.640 –> 00:41:03.140 So when you look to place a visa of business with a given carrier, 714 00:41:03.210 –> 00:41:05.500 that probably comes into the the thought process too. 715 00:41:05.640 –> 00:41:07.940 Who is gonna be best at response time, right? Ultimately, 716 00:41:08.120 –> 00:41:11.300 that’s what a carrier’s worth is, is when things are wrong, what do you do? 717 00:41:12.060 –> 00:41:12.890 Absolutely 718 00:41:12.890 –> 00:41:17.340 Good. So there is, there is hope, right? The bat phone analogy, the, the, 719 00:41:17.340 –> 00:41:21.780 the breach coach, all those are great things. Um, and immediacy is the, 720 00:41:21.800 –> 00:41:25.460 the key there, right? So, and again, not just, we know something’s going wrong, 721 00:41:25.460 –> 00:41:27.260 but we think something might be happening here. 722 00:41:27.560 –> 00:41:30.820 Err on the side of caution when it comes to communication with the company, 723 00:41:30.950 –> 00:41:35.020 right? So good to know. Um, and it’s safe to say that the carrier handles, 724 00:41:35.020 –> 00:41:39.140 when we get into a really, not just a breach, but a major situation whether, 725 00:41:39.240 –> 00:41:43.140 and we’re talking extortion, ransomware, the ca we’re, we’re, 726 00:41:43.140 –> 00:41:44.940 we’ve given up the reigns there, right? 727 00:41:44.960 –> 00:41:48.180 The carrier is handling all communication when it comes to any type of 728 00:41:48.180 –> 00:41:49.380 negotiation with a, 729 00:41:49.380 –> 00:41:52.700 with a bad actor as to the monies that are gonna be paid out that’s on them to 730 00:41:52.700 –> 00:41:53.533 make that decision. 731 00:41:54.710 –> 00:41:56.290 Uh, I’ll take that one if you don’t mind, Brett. 732 00:41:56.410 –> 00:42:00.530 I I think it’s really different by form. Okay. Uh, in general, 733 00:42:00.850 –> 00:42:04.970 I would say yes, that’s what most of the, the well-written forms are doing. 734 00:42:05.300 –> 00:42:09.770 There are some that are specifically written on a pay on behalf of where there 735 00:42:09.770 –> 00:42:11.130 are others that are saying, 736 00:42:11.270 –> 00:42:14.810 we will reimburse you for those expenses. 737 00:42:15.510 –> 00:42:20.170 So you would negotiate. But most of the carriers have kind of gone to this, 738 00:42:20.550 –> 00:42:22.330 let us handle it for you. Yeah. We 739 00:42:22.330 –> 00:42:22.610 Have the 740 00:42:22.610 –> 00:42:24.250 Expertise. We, we have the expertise. 741 00:42:24.430 –> 00:42:28.930 You’re gonna get our panel of providers that are discounted and we’re not gonna 742 00:42:29.010 –> 00:42:33.170 burn you through your limit so fast. Let us negotiate for you. And, 743 00:42:33.170 –> 00:42:37.050 and they do negotiate on ransom, believe it or not. Um, and, 744 00:42:37.270 –> 00:42:39.530 and they know a lot of times the, 745 00:42:39.550 –> 00:42:42.290 the people that they work with have handled so many breaches. 746 00:42:42.840 –> 00:42:47.130 They know like certain Bitcoin wallet numbers are associated 747 00:42:48.080 –> 00:42:51.530 with the x, y, Z threat actor group, right? 748 00:42:51.950 –> 00:42:56.690 And so they’ll have handled 20 other claims recently where they had to 749 00:42:56.750 –> 00:43:01.690 pay a ransom payment to that Bitcoin wallet and they know they got the key to 750 00:43:01.690 –> 00:43:04.850 the castle back so that the, the keys and the code, you know, 751 00:43:04.910 –> 00:43:09.570 the decryption key so that they could unlock that data where they may 752 00:43:09.800 –> 00:43:11.370 also look at one and say, well, 753 00:43:11.370 –> 00:43:16.250 we ha we worked with that and we paid a ransom and they never gave us 754 00:43:16.870 –> 00:43:20.810 the decryption key. That doesn’t happen too often. And I don’t know, Brett, 755 00:43:20.810 –> 00:43:23.410 when you were at Trevor Corvus, if you saw it, 756 00:43:23.690 –> 00:43:27.500 I think most of the time that’s their business, right? 757 00:43:27.600 –> 00:43:30.340 If they can’t deliver on that, then, 758 00:43:30.650 –> 00:43:32.780 then why would anybody ever pay the ransom? 759 00:43:32.780 –> 00:43:35.580 Because they’re known for not giving the decryption case. 760 00:43:35.580 –> 00:43:39.300 So it doesn’t happen too often, but a lot of those little nuances and insights, 761 00:43:39.480 –> 00:43:43.900 um, or even just knowing how well they negotiate and that kind of thing, 762 00:43:44.160 –> 00:43:46.900 are something that you really benefit from when you’re working with the 763 00:43:47.100 –> 00:43:49.460 providers that the carriers have have selected. 764 00:43:50.870 –> 00:43:53.980 Great. Good to know. We’ve covered a lot of topics and we’re approaching, 765 00:43:54.220 –> 00:43:57.380 I think, the 45 minute mark. So just a reminder to folks that are online, 766 00:43:57.480 –> 00:44:01.140 if you want your opportunity to ask questions, please take advantage of that. 767 00:44:01.140 –> 00:44:04.100 Now, we’re gonna be wrapping up here shortly, so it, this is the, 768 00:44:04.100 –> 00:44:05.940 this is the platform if you wanna do it. Um, 769 00:44:05.940 –> 00:44:10.500 it’d be a great opportunity to jump in. So final sort of segment for me. Um, oh, 770 00:44:10.500 –> 00:44:15.340 and we do have the, the results of the, uh, the initial poll question. So again, 771 00:44:15.340 –> 00:44:18.540 the question was, do you have cyber insurance? Uh, we’re about 50 50 here, 772 00:44:18.540 –> 00:44:22.860 so 57%, 13 out of the 23 respondents do, um, 773 00:44:22.920 –> 00:44:26.540 10 outta the 23 do not. So, uh, great opportunity to, 774 00:44:26.540 –> 00:44:29.900 to look at a potential program there. So, um, thank you for that, 775 00:44:29.900 –> 00:44:33.990 for putting that up. Um, so final question for me, uh, our final segment, 776 00:44:34.010 –> 00:44:37.430 if you will. You know, we’ve looked back, how did this all start? How, 777 00:44:37.430 –> 00:44:39.110 what has the development been like? Um, 778 00:44:39.110 –> 00:44:42.710 what has claims have been like in the past? Take a more positive spin on this. 779 00:44:42.710 –> 00:44:45.910 Let’s look into the future a little bit from your perspective, both of you. 780 00:44:46.060 –> 00:44:49.910 What do you feel like the future outlook is on the cyber liability markets? 781 00:44:50.350 –> 00:44:53.550 Specifically? Pricing expectations can never hold you to this, 782 00:44:53.550 –> 00:44:57.190 this might change tomorrow with some major event. I understand, um, 783 00:44:57.410 –> 00:45:00.950 the evolution of new coverages that maybe are in talks at carrier levels or 784 00:45:01.080 –> 00:45:02.910 could potentially come to market or, you know, 785 00:45:02.910 –> 00:45:07.070 just how does the consumer prepare, um, when, when volatility is, is the, 786 00:45:07.090 –> 00:45:10.110 the driver of an industry and how do we get ahead of that? 787 00:45:10.170 –> 00:45:13.830 So any thoughts on what the future might look like, be it six months, two years, 788 00:45:13.890 –> 00:45:14.910 or five years from now? 789 00:45:16.930 –> 00:45:21.410 I can absolutely. That’s a tough one. Very loaded. I, I’d say, yeah, I mean, 790 00:45:21.410 –> 00:45:21.690 Andy, 791 00:45:21.690 –> 00:45:24.370 I think you hit the nail on the head where something could hypothetically happen 792 00:45:24.610 –> 00:45:27.210 tomorrow. That blows my answer outta the water. But, um, 793 00:45:27.710 –> 00:45:32.090 the reality and the simplified answer is there’s always gonna be a home for best 794 00:45:32.090 –> 00:45:32.750 in class. 795 00:45:32.750 –> 00:45:37.370 It control businesses and businesses who are willing to invest in their IT and 796 00:45:37.460 –> 00:45:42.130 still need obviously the insurance. And even so for businesses that need help. 797 00:45:42.150 –> 00:45:43.450 And where that is, 798 00:45:43.590 –> 00:45:46.810 is obviously getting commentary and other educational insights, 799 00:45:46.810 –> 00:45:49.850 whether it be from your broker or, uh, a uh, 800 00:45:49.860 –> 00:45:54.690 contractor or a consultant to give insight into IT controls and to improve on 801 00:45:54.690 –> 00:45:58.730 those with the overall goal of still improving that posture. Um, 802 00:45:58.730 –> 00:46:01.970 but on the pricing side, I, I think barring a big event, 803 00:46:02.140 –> 00:46:04.370 which it’s not a matter of if, 804 00:46:04.370 –> 00:46:08.610 it’s a matter of when there will be another type of a a large scale event, um, 805 00:46:09.050 –> 00:46:11.850 i, I think the continuous kind of six month, nine month, 806 00:46:11.850 –> 00:46:15.770 12 month outlook is we’re sort of seeing a plateauing in the pricing compared to 807 00:46:15.770 –> 00:46:16.650 the last few years. 808 00:46:16.990 –> 00:46:21.730 But we saw such a rapid increase in pricing and restrictions in that time that, 809 00:46:22.110 –> 00:46:27.050 um, this was sort of to be expected in the way of, it’s sort of plateauing, 810 00:46:27.110 –> 00:46:31.130 but still, um, still up from what it was five, six years ago. 811 00:46:31.310 –> 00:46:33.690 So the hope and the realization, and Cynthia, unless you, 812 00:46:33.830 –> 00:46:35.770 I’m curious if you disagree, is, um, 813 00:46:35.850 –> 00:46:38.850 I think we’ll still continue to see the plateauing, good pricing, 814 00:46:38.920 –> 00:46:42.890 good coverage for those who have it controls in place that the carriers want, 815 00:46:43.470 –> 00:46:46.930 um, and more potential restrictions or higher pricing for those who, 816 00:46:47.030 –> 00:46:50.130 who may not. And especially in those sort of higher hazard industries. 817 00:46:51.380 –> 00:46:53.280 No, I, I agree. I think it’ll, 818 00:46:53.410 –> 00:46:57.960 it’ll plateau a little bit more until another big event happens where people are 819 00:46:58.100 –> 00:47:01.880 paying large amounts of funds. Um, 820 00:47:02.060 –> 00:47:06.120 one of the things that we’re seeing a little bit of a trend on is these 821 00:47:06.570 –> 00:47:11.240 widespread event type exclusions or restrictions. Um, 822 00:47:11.360 –> 00:47:16.200 I see that becoming a little bit more popular where it’s not, I, 823 00:47:16.640 –> 00:47:20.920 I wouldn’t say it’s the norm and we, we do all we can to avoid it, but I, 824 00:47:21.400 –> 00:47:25.680 I see that that would catch on a little bit where companies say, you know, 825 00:47:25.680 –> 00:47:27.720 if there’s a major catastrophic event, 826 00:47:27.730 –> 00:47:32.460 we’re gonna limit our coverage on ransomware, for example, or whatever coverage, 827 00:47:32.840 –> 00:47:37.820 you know, by X percent or, or maybe put a sub-limit on that type of coverage, 828 00:47:38.620 –> 00:47:41.750 primarily due to the aggregation exposure, right? You know, 829 00:47:41.750 –> 00:47:46.140 if you write a hundred thousand policies and, and you’ve got, you know, 830 00:47:46.160 –> 00:47:50.180 an average of 5 million or a million or whatever that it is on all these 831 00:47:50.540 –> 00:47:55.540 policies, it’s a lot of money to pay out in an event. So widespread event, um, 832 00:47:55.660 –> 00:47:58.700 I think will become a a little bit more restrictive. Um, 833 00:47:58.700 –> 00:48:00.740 we are seeing some trends, especially in London, 834 00:48:00.920 –> 00:48:04.990 has mandated that you can’t pay the ransomware payment. Um, 835 00:48:05.410 –> 00:48:10.040 and no, I’m sorry, that’s war. I always goof that up. Sorry, 836 00:48:10.660 –> 00:48:13.480 war, uh, they, they don’t want you to ensure war. 837 00:48:14.220 –> 00:48:17.960 And what happened in cyber is that the war in terrorism exclusions, 838 00:48:18.120 –> 00:48:20.600 a lot of people went and modified their form and said, 839 00:48:21.140 –> 00:48:25.440 but we’ll give you cyber terrorism. So Lloyd’s kind of mandated, 840 00:48:26.420 –> 00:48:29.920 and I think some people will try to follow it a little bit, um, 841 00:48:30.190 –> 00:48:34.000 that we can’t cover what, what they call a state backed event, 842 00:48:34.530 –> 00:48:36.720 which they’re classifying as war. 843 00:48:36.820 –> 00:48:41.590 So if you have a cyber terrorism event that is 844 00:48:42.220 –> 00:48:46.510 initiated at the urgent of say, Russia, I’ll pick on Russia, 845 00:48:47.370 –> 00:48:50.870 um, you know, when they determine that that’s a state back event, 846 00:48:50.870 –> 00:48:52.590 that they don’t want that to be insurable. 847 00:48:52.850 –> 00:48:57.430 So you may see some more trends towards other carriers kind of following that 848 00:48:57.430 –> 00:49:01.750 process, um, and some will do a better job than others as, 849 00:49:01.810 –> 00:49:05.270 as to what that’s divine defining. But from a pricing perspective, 850 00:49:06.130 –> 00:49:11.110 I’m not expecting any major increases barring another sort of 851 00:49:11.110 –> 00:49:12.630 high catastrophic type event. 852 00:49:13.770 –> 00:49:15.950 Got it. Yeah. That, that widespread event is interesting, right? 853 00:49:15.950 –> 00:49:19.830 Insurance is built for, uh, those that don’t have claims, 854 00:49:20.050 –> 00:49:23.310 pay for those that do, right? I mean, no, when we write Homer’s insurance, 855 00:49:23.530 –> 00:49:25.030 the entire country is not gonna, 856 00:49:25.250 –> 00:49:27.670 the homes of the entire country is not gonna catch on fire at the same time, 857 00:49:27.770 –> 00:49:30.030 let us hope not, right? We got major problems if we do, 858 00:49:30.090 –> 00:49:35.030 but cyber is one of these events, uh, where a number of people, thousands, 859 00:49:35.060 –> 00:49:39.390 tens of thousands of people could be hit simultaneously. Um, and insurance, 860 00:49:39.480 –> 00:49:42.350 quite frankly, the pricing is, it’s not built, uh, 861 00:49:42.350 –> 00:49:46.390 to handle anything of that scale. So that’s an interesting one, um, 862 00:49:46.390 –> 00:49:50.430 because a lot of people can get hit, uh, at the same time as you mentioned. Um, 863 00:49:50.490 –> 00:49:54.630 So we just, I, I’m sorry. I just gonna say we just had an email from, um, 864 00:49:54.930 –> 00:49:58.630 one of the companies and I sent it to our IT people and he went around and 865 00:49:58.740 –> 00:50:03.720 checked it out and had everybody update our outlook because there 866 00:50:03.720 –> 00:50:08.200 was a recent vulnerability affecting Outlook where people could send you email 867 00:50:08.620 –> 00:50:13.280 and you wouldn’t even have to open it and it could, uh, launch an attack. 868 00:50:13.300 –> 00:50:15.480 And so it was some new exploit. 869 00:50:15.780 –> 00:50:20.200 So that’s type of example and a lot of insurance companies, um, 870 00:50:20.200 –> 00:50:23.080 we didn’t talk about this, but I just want to throw this out there. Sure. 871 00:50:23.100 –> 00:50:26.640 Or we didn’t talk about it much. Um, the vulnerability scans that people do too. 872 00:50:26.640 –> 00:50:27.060 Yeah, I 873 00:50:27.060 –> 00:50:28.380 Was gonna mention that. I’m glad you said that. Go ahead. 874 00:50:28.690 –> 00:50:32.740 Yeah, you know, they do these vulnerability scans to kind of identify without, 875 00:50:32.740 –> 00:50:36.140 it’s a non-invasive scan, pings your website, um, 876 00:50:36.140 –> 00:50:39.500 and it can see kind of what software is communicating via the internet. 877 00:50:40.120 –> 00:50:44.460 And some of them will detect remote desktop protocol open, um, 878 00:50:44.480 –> 00:50:47.740 vulnerabilities or open ports, different things like that. 879 00:50:48.040 –> 00:50:51.060 But they can also detect like what versions are you, 880 00:50:51.060 –> 00:50:54.220 like when Microsoft Exchange had all these vulnerabilities, 881 00:50:54.730 –> 00:50:56.340 they could run these scans. 882 00:50:56.340 –> 00:51:00.820 These companies a lot of times do continuous monitoring and they run scans and 883 00:51:00.820 –> 00:51:04.460 they can see, oh, you’re running that version, that’s vulnerable, 884 00:51:04.520 –> 00:51:08.980 you haven’t patched it, and they can send a directed alert to that person, 885 00:51:09.880 –> 00:51:10.120 um, 886 00:51:10.120 –> 00:51:14.940 the contact for that insured and get that fixed before that 887 00:51:14.940 –> 00:51:15.860 exploit is, 888 00:51:16.120 –> 00:51:21.020 is ex or that that information is exploited and attack is conducted 889 00:51:21.020 –> 00:51:21.853 on them. 890 00:51:22.290 –> 00:51:24.220 Yeah, those vulnerabilities scans are interesting. 891 00:51:24.220 –> 00:51:26.420 I think it’s important to know if anybody’s ever been part of one, 892 00:51:26.420 –> 00:51:29.460 they’re a tool, right? They are not the rule type of thing. I mean, 893 00:51:29.490 –> 00:51:32.820 they’re intended to be a resource to provide some information. Uh, 894 00:51:32.820 –> 00:51:34.620 it is not an end all be all. For example, 895 00:51:34.740 –> 00:51:37.740 I was a part of one years ago and it said something about ports being open and, 896 00:51:37.760 –> 00:51:39.300 and we, and we got talking about it, well, 897 00:51:39.300 –> 00:51:42.020 the website can’t work if there aren’t some ports that are open, right? 898 00:51:42.020 –> 00:51:45.420 There’s gotta be a flow of communication. So, um, so yeah, 899 00:51:45.420 –> 00:51:48.820 they’re an interesting, uh, tool when the companies use them, but it is not a, 900 00:51:49.240 –> 00:51:53.420 we hope it not to be an end all be all on decision making, right? So, um, 901 00:51:53.420 –> 00:51:56.060 but in, in your comments, Cynthia, about the, the, the, 902 00:51:56.240 –> 00:51:59.300 the email that doesn’t even have to be clicked on being a problem. 903 00:51:59.410 –> 00:52:01.540 It’s interesting, right? The old rule of thumb has been, 904 00:52:01.540 –> 00:52:04.060 even if you open up an email that you think is bad, 905 00:52:04.060 –> 00:52:07.220 as long as you don’t click on the link, you’re sort of safe. Um, 906 00:52:07.320 –> 00:52:10.140 but to get to a point where even the receipt of an email, 907 00:52:10.480 –> 00:52:15.220 not a secondary action breeds, um, breeds a potential, you know, 908 00:52:15.220 –> 00:52:19.180 breach that’s, that’s concerning. So, but you’re, as you said, many, many times, 909 00:52:19.370 –> 00:52:21.340 they are one step ahead. These are very, very, 910 00:52:21.590 –> 00:52:24.700 these are highly intelligent people, uh, that are behind these efforts. 911 00:52:24.840 –> 00:52:26.860 So it’ll be interesting to see how the, 912 00:52:27.120 –> 00:52:30.740 how the world continues to develop in this space. So guys, 913 00:52:30.740 –> 00:52:33.060 we have covered a huge amount of topics. 914 00:52:33.160 –> 00:52:36.420 It is about 70 degrees here on Thursday afternoon. 915 00:52:36.680 –> 00:52:40.060 So the fact that we’ve maintained an audience, uh, 916 00:52:40.060 –> 00:52:43.500 for almost an hour on a very heavy topic, on a beautiful, uh, 917 00:52:43.500 –> 00:52:47.460 Sunday afternoon is a testament to the content. So I really appreciate you guys. 918 00:52:47.460 –> 00:52:51.220 You did an incredible job. Uh, I know that we have access to you at any time. 919 00:52:51.240 –> 00:52:53.700 So for, for clients that are on, or, 920 00:52:53.760 –> 00:52:57.420 or prospective clients that may be on that want to continue conversations about 921 00:52:57.420 –> 00:53:01.140 your specific businesses, we would love to do that. As a reminder, 922 00:53:01.140 –> 00:53:04.180 please hop onto our website, insurance choices.com, 923 00:53:04.490 –> 00:53:07.340 take a look at those IQ rms specific to cyber liability. 924 00:53:07.530 –> 00:53:10.300 Test out a couple other IQ rms on different topics while you’re there. 925 00:53:10.440 –> 00:53:12.940 And that’s a great conversation starter, um, 926 00:53:12.940 –> 00:53:17.620 from what you would like your cyber program to become or a, you know, 927 00:53:17.880 –> 00:53:21.860 an interesting look at what it already is. So, uh, Cynthia Brett, 928 00:53:21.950 –> 00:53:25.460 thank you so much for your time today. Uh, without question, 929 00:53:25.620 –> 00:53:28.860 I think I led with you saying you’re subject matter experts and you proved me 930 00:53:28.860 –> 00:53:32.100 right? So I appreciate all your time today. Thank you for everything. 931 00:53:32.140 –> 00:53:35.540 I hope everybody enjoyed it. Um, and then we’re always here if you guys need us, 932 00:53:35.600 –> 00:53:38.860 so we will have some more installments in our Risk Academy series coming up in 933 00:53:38.860 –> 00:53:40.460 the couple, in the coming months. Uh, 934 00:53:40.550 –> 00:53:42.940 we’ll make sure everybody’s aware of them and we look forward to doing this 935 00:53:43.100 –> 00:53:46.060 again. So guys, thank you. Thank you. Have a great afternoon. Thank 936 00:53:46.060 –> 00:53:48.660 You. We appreciate it all. Take care. Take care. Bye.