Learn about multi-factor authentication and other risk management controls that businesses can implement to protect their organizations. Discover what coverages are available and which are the best cyber insurance options.
CYNTHIA A ZIMMERMAN

Cynthia A. Zimmerman RPLU ACRA

Executive vice president and Broker at Socius Insurance Services

She is Socius’ east coast cyber practice leader. Her expansive insurance career began on the insurance company side, where she quickly moved up the ranks from underwriting to management. She has since moved into the wholesale brokerage space and is now considered a veteran management, professional and cyber liability wholesale broker.

Brett Klein

Brett Klein

Assistant Vice President at Socius Insurance Services

Andy Hartstein CIC CRM CWCA

Managing Partner at The Insurance Market
Person 1 : Good afternoon, everyone. It is about two o’clock on the dot, so I think we should get started. I’m Andy Hartstein. 2 00:00:12.660 –> 00:00:14.600 I’m one of the principals here at the insurance market, 3 00:00:14.600 –> 00:00:19.080 and I wanted to take a minute and welcome everybody to our latest installment of 4 00:00:19.100 –> 00:00:23.960 our Risk Academy series. Topic of the day is gonna be cyber liability. Uh, 5 00:00:24.030 –> 00:00:28.920 obviously this is a very important topic, a very fluid topic in our space. Uh, 6 00:00:28.920 –> 00:00:29.753 very timely, 7 00:00:29.900 –> 00:00:34.440 lot of changes happening in our world when it comes to cyber attacks and cyber 8 00:00:34.440 –> 00:00:39.040 insurance. Um, so we have two subject matter experts joining us today, 9 00:00:39.300 –> 00:00:43.640 and I want to thank all of you for jumping online, uh, and joining us as well. 10 00:00:44.450 –> 00:00:49.070 Uh, just a couple housekeeping topics. This will be recorded, so, um, 11 00:00:49.070 –> 00:00:52.590 we will have the ability and you will have the ability to go back onto our newly 12 00:00:52.590 –> 00:00:54.230 developed website to, uh, 13 00:00:54.230 –> 00:00:58.950 pull some of the material if you wanna watch it again at a later date. Also, um, 14 00:00:59.010 –> 00:01:03.390 on our website, we’ll be an I Q R M specific too. 15 00:01:03.640 –> 00:01:08.510 Cyber liability for those folks that have not taken an I Q R M or been a part of 16 00:01:08.510 –> 00:01:11.990 an I Q R M in the past. Um, basically what it is, 17 00:01:11.990 –> 00:01:14.510 is a quantifiable risk assessment tool. 18 00:01:14.890 –> 00:01:17.390 You answer a variety of questions on the given topic, 19 00:01:17.390 –> 00:01:20.510 could be between 15 and 25 questions. 20 00:01:20.930 –> 00:01:25.750 We take those questions and then develop a score for your organization based 21 00:01:25.750 –> 00:01:29.710 on how well you’re doing in a certain topic. There is one on cyber liability. 22 00:01:29.710 –> 00:01:34.430 There’s also IQs on fleet management, on sexual harassment training, 23 00:01:34.650 –> 00:01:37.670 on general liability workers’ compensation related topics. 24 00:01:38.410 –> 00:01:39.510 And then a score is produced. 25 00:01:39.660 –> 00:01:43.070 Once that score is produced accompanying it is also a report. 26 00:01:43.370 –> 00:01:48.190 And we can use that report and that score to be conversation starters and to 27 00:01:48.190 –> 00:01:53.070 look at areas of potential improvement within the organization in hopes to 28 00:01:53.070 –> 00:01:54.110 drive your score up. 29 00:01:54.380 –> 00:01:58.070 It’s very difficult at times for us to know exactly how well an organization is 30 00:01:58.070 –> 00:02:02.630 doing it. Something the I Q R M does its best job it can to put a score, 31 00:02:03.010 –> 00:02:06.630 uh, to your current performance, right? So that is available on our website. 32 00:02:06.890 –> 00:02:10.550 We just recently launched a new website. It’s still the same address. 33 00:02:10.550 –> 00:02:15.070 Insurance choices.com website has been totally revamped in all of our 34 00:02:15.450 –> 00:02:18.030 IQ rms are fully embedded into the website. 35 00:02:18.210 –> 00:02:19.990 So when we get done with this Risk Academy, 36 00:02:20.010 –> 00:02:22.070 if you wanna jump online and take that, 37 00:02:22.170 –> 00:02:25.270 the score will come directly to us here at the insurance market, 38 00:02:25.490 –> 00:02:29.430 and then we can be in contact with you to go over the report and share your 39 00:02:29.430 –> 00:02:33.950 score with you. All right, the other thing I wanted to mention is that, uh, 40 00:02:34.550 –> 00:02:38.430 questions can be answered at any time through or ask, excuse me, 41 00:02:38.430 –> 00:02:40.670 at any time throughout the entire Risk Academy. 42 00:02:41.170 –> 00:02:44.310 If you hover over the bottom of your screen, there is a chat functionality, 43 00:02:44.610 –> 00:02:47.350 please just type your question into the chat bar. 44 00:02:48.070 –> 00:02:51.350 Somebody can interrupt me at any time, and we can ask the question, uh, 45 00:02:51.490 –> 00:02:55.790 at the time that it’s actually posed. Please don’t wait till the end, uh, 46 00:02:55.790 –> 00:02:57.350 to ask a question. You might forget it. 47 00:02:57.350 –> 00:02:59.860 You might have to jump off for whatever reason. Um, 48 00:02:59.860 –> 00:03:04.180 so feel free to ask that question at the time that you think of it, 49 00:03:04.320 –> 00:03:07.620 and we will address it right then so we can make sure to get your question 50 00:03:08.060 –> 00:03:12.290 answered for you. Uh, with that, uh, one more, one more thing. This is, uh, 51 00:03:12.350 –> 00:03:15.410 for anybody that hasn’t been a part of our Risk Academy series, 52 00:03:15.790 –> 00:03:19.810 our hope with this is just to bring education and content, um, 53 00:03:19.830 –> 00:03:23.370 to our customers and our prospective customers about given topics. 54 00:03:24.180 –> 00:03:26.330 There are things changing in our space all the time. 55 00:03:26.380 –> 00:03:29.650 We’ve done risk academies historically on sexual harassment training. 56 00:03:29.660 –> 00:03:33.130 We’ve done them on medical marijuana in the workplace, right? 57 00:03:33.400 –> 00:03:37.890 This one in particular is on cyber reliability. And our goal whenever we, 58 00:03:38.350 –> 00:03:43.330 uh, produce these risk academies is to bring in two subject matter experts from 59 00:03:43.570 –> 00:03:45.250 wherever they are in the country, um, 60 00:03:45.270 –> 00:03:48.850 and get their opinions and get their insight. Today is no different. 61 00:03:48.850 –> 00:03:51.850 And I’m happy to say that we have two of the best in the business that are gonna 62 00:03:51.850 –> 00:03:55.770 be joining us today. So without further ado, I’ll go through some introductions, 63 00:03:55.790 –> 00:03:58.410 if that’s okay. Uh, we have Cynthia Zimmerman. 64 00:03:58.410 –> 00:04:02.050 She’s coming to us today from Melbourne Beach, Florida. Uh, 65 00:04:02.090 –> 00:04:05.610 I know it’s pretty warm here. I’m sure it’s warm where you are as well, Cynthia. 66 00:04:06.510 –> 00:04:06.730 Um, 67 00:04:06.730 –> 00:04:10.650 Cynthia is the Executive Vice President of Associates and Insurance Services. 68 00:04:11.030 –> 00:04:12.970 As I mentioned, she’s now just outside of Miami. 69 00:04:13.920 –> 00:04:17.540 She is the East Coast practice leader for them. Um, 70 00:04:17.560 –> 00:04:21.780 she was one of the first 100 registered professional liability underwriters and 71 00:04:21.780 –> 00:04:26.180 is a longtime member of the Professional Liability Underwriting Society. Um, 72 00:04:26.180 –> 00:04:28.660 and she holds a position of the, in their Southeast chapter, 73 00:04:29.320 –> 00:04:33.420 she specializes in cyber liability, professional, e and o, 74 00:04:33.420 –> 00:04:38.180 medical malpractice directors and officers, employment practices, liability, 75 00:04:38.370 –> 00:04:42.900 also another hot button topic, crime and media liability. So, Cynthia, 76 00:04:42.950 –> 00:04:43.940 thank you for joining us. 77 00:04:44.800 –> 00:04:46.020 You’re very welcome. Thank you. 78 00:04:46.960 –> 00:04:51.560 One of Cynthia’s, uh, coworkers and members of her team as well is Brett Klein. 79 00:04:51.580 –> 00:04:56.200 He is not in southern Florida. He is coming to us from Glastonbury, Connecticut. 80 00:04:56.860 –> 00:04:59.640 Um, Brett has been with associates for the last number of years, 81 00:04:59.780 –> 00:05:02.920 but BA began his career at Chubb. Um, 82 00:05:02.920 –> 00:05:06.720 he was there at the early stages of their, uh, tech cyber program, 83 00:05:06.900 –> 00:05:10.240 and he was part of the early leadership development team where he helped to 84 00:05:10.240 –> 00:05:13.920 develop new hires and educate underwriters with respect to cyber. 85 00:05:14.020 –> 00:05:18.600 And in the tech space, uh, Brett specializes in cyber slash internet liability, 86 00:05:18.680 –> 00:05:22.680 professional liability, and Arizona emissions insurance as well. 87 00:05:22.980 –> 00:05:27.400 So these two folks are on the cutting edge of a very, very dynamic industry, 88 00:05:27.780 –> 00:05:31.120 uh, and we are very, very fortunate to have them with us today. So Brett, 89 00:05:31.120 –> 00:05:35.640 welcome, uh, to the, to the Risk Academy. Glad to be here. Absolutely. Well, 90 00:05:35.730 –> 00:05:40.160 we’re gonna start the academy with a simple polling question. Um, 91 00:05:40.180 –> 00:05:41.560 if we can bring that up really quickly, 92 00:05:41.560 –> 00:05:45.760 we’re just gonna get a feel for if folks have cyber liability in their 93 00:05:46.200 –> 00:05:50.280 businesses today. So simple, yes or no question, do you have cyber insurance? 94 00:05:51.300 –> 00:05:51.670 Great. 95 00:05:51.670 –> 00:05:55.570 We will tally those votes here in a minute and we’ll come back with the result. 96 00:05:58.060 –> 00:06:01.150 With that in mind, we have a number of topics we want to jump into today. 97 00:06:01.610 –> 00:06:04.550 So we’ll go ahead and start with the first one. Obviously, 98 00:06:04.830 –> 00:06:09.030 I mentioned the word dynamic and fluid, and, uh, a couple of times, 99 00:06:09.400 –> 00:06:13.670 cyber liability is probably the one area of insurance that is 100 00:06:13.710 –> 00:06:16.710 experiencing the most change and the most volatility, 101 00:06:16.830 –> 00:06:21.470 I think that goes without saying insurance by nature is an industry that is very 102 00:06:21.830 –> 00:06:22.490 reactionary. 103 00:06:22.490 –> 00:06:25.910 We don’t quite know what we have to ensure until something bad happens, 104 00:06:25.920 –> 00:06:30.470 quite frankly. So Cynthia, I’m gonna go to you first. Talk a little bit, 105 00:06:30.490 –> 00:06:34.630 if you will, about the current state of cyber claims activity. 106 00:06:34.640 –> 00:06:37.350 We’re seeing it all over the news. Historically, 107 00:06:37.350 –> 00:06:40.030 it used to happen only to the big companies, right? Years ago, 108 00:06:40.030 –> 00:06:41.950 everybody’s heard about the, the, the, 109 00:06:41.950 –> 00:06:44.910 the compromises that might happen at Sony or, or Target, 110 00:06:45.250 –> 00:06:48.470 but those days are over. Everybody is a target now, correct? 111 00:06:49.020 –> 00:06:50.030 Everybody’s a target. 112 00:06:50.130 –> 00:06:54.190 If you’re using the internet or if you have electronic light bulbs that you can 113 00:06:54.190 –> 00:06:59.110 say, Alexa, turn ’em off and on, um, dishwashers, washing machines, 114 00:06:59.180 –> 00:07:03.350 refrigerators. It, it’s amazing when I look around my own house, 115 00:07:04.050 –> 00:07:06.590 how many devices I have that are connected to the internet, 116 00:07:06.730 –> 00:07:09.270 so it makes all of us vulnerable. Um, you know, 117 00:07:09.370 –> 00:07:14.270 claims over the last two years have been astronomical as 118 00:07:14.510 –> 00:07:17.590 compared to past. I think obviously the coverage in general, 119 00:07:18.010 –> 00:07:20.390 people were more aware of it, more people were buying, 120 00:07:20.420 –> 00:07:25.110 more claims were happening. Um, and it really spawned, um, a, 121 00:07:25.190 –> 00:07:26.750 a real big change in the market. You know, 122 00:07:26.750 –> 00:07:31.390 cyber is a newer product line when you compare it to property general liability, 123 00:07:31.700 –> 00:07:36.550 boat insurance, and so homeowners and so forth. And so in the beginning, 124 00:07:36.550 –> 00:07:39.110 everybody was sort of buying market share, right? 125 00:07:39.110 –> 00:07:43.430 They were giving policies that had a million or 2 million of coverage, 126 00:07:43.430 –> 00:07:48.350 15 to $2,500, and they were giving you every coverage under the sun. And it, 127 00:07:48.540 –> 00:07:51.190 when you thought it couldn’t get any broader, it couldn’t get any broader, 128 00:07:51.190 –> 00:07:53.030 it kept getting broader and it kept getting broader. 129 00:07:53.530 –> 00:07:57.150 And then in the last two years, you know, claim activity was really up, 130 00:07:57.150 –> 00:08:00.630 especially with ransomware and social engineering, um, 131 00:08:00.630 –> 00:08:04.710 being probably the two lead causes of, of cyber events. Um, 132 00:08:04.810 –> 00:08:07.550 and there’s so much coverage packed into these policies, 133 00:08:07.600 –> 00:08:11.390 which might be for another day or another question at least, 134 00:08:11.570 –> 00:08:13.990 but to get into all of what’s in a cyber policy. 135 00:08:14.610 –> 00:08:18.790 But carriers were getting inundated with claims, and they, they finally decided, 136 00:08:18.850 –> 00:08:22.070 you know what? We kind of need to underwrite this. Like we were sort of, 137 00:08:22.120 –> 00:08:25.590 gimme your name, address, nature of operations. Have you ever had an attack? 138 00:08:25.730 –> 00:08:28.550 And let’s give you a bindable quote or 5 million. 139 00:08:29.810 –> 00:08:34.350 And now it’s, you know, give me a seven page application. 140 00:08:34.590 –> 00:08:38.270 I don’t wanna scare anybody, but maybe not seven, um, maybe five. 141 00:08:39.230 –> 00:08:42.090 But they’re asking a lot of different information about procedures and 142 00:08:42.200 –> 00:08:46.890 processes. Um, and that has had a favorable impact, 143 00:08:46.890 –> 00:08:50.210 and we’ll talk about the processes and control requirements later, 144 00:08:50.550 –> 00:08:54.930 but it has had a favorable impact on reducing the effect, 145 00:08:54.980 –> 00:08:56.140 the efficacy of, 146 00:08:56.440 –> 00:09:00.140 of the threat actors getting into these systems hasn’t eliminated it. 147 00:09:00.600 –> 00:09:04.140 And we’re never gonna outsmart them. They’re always gonna be a step ahead of us. 148 00:09:04.240 –> 00:09:07.820 And just when you think you’ve kind of addressed every possible way they can 149 00:09:07.820 –> 00:09:12.340 find a vulnera vulnerability, they’ll find another one, right? Um, 150 00:09:12.400 –> 00:09:17.020 but it has reduced it, and I think it’s, it’s calmed that down a little bit. 151 00:09:17.160 –> 00:09:20.300 So the recent trend in the last, and, and jump in here, Brett, 152 00:09:20.360 –> 00:09:21.780 any time the last, 153 00:09:23.250 –> 00:09:27.910 at least 3, 4, 6 months at the most has been a drop in that 154 00:09:27.910 –> 00:09:30.190 ransomware. And I, I think it’s cyclical. 155 00:09:30.690 –> 00:09:34.630 And I think any one event will cause the whole thing to spike again. 156 00:09:34.770 –> 00:09:38.710 So I think it’s very, like you had mentioned in the beginning, very volatile, 157 00:09:39.450 –> 00:09:42.150 but the, the claim activity with ransomware, 158 00:09:42.780 –> 00:09:46.910 because so many procedures have been improved because backups are better because 159 00:09:46.910 –> 00:09:51.790 people have more of the controls that I don’t wanna step on Brett’s toes on 160 00:09:51.790 –> 00:09:54.550 that he’s gonna talk about later. It has made that better. 161 00:09:55.500 –> 00:09:57.640 The social engineering claims, uh, 162 00:09:57.640 –> 00:10:01.520 which are more the trickery into getting you to send your money to the wrong 163 00:10:01.570 –> 00:10:06.480 place. And, and a couple variations on that. Those have remain steady and in, 164 00:10:06.500 –> 00:10:09.400 in certain industries, you know, those in, um, 165 00:10:09.400 –> 00:10:13.120 that do a lot of wire transfer activity, uh, real estate and, 166 00:10:13.220 –> 00:10:15.760 and law firms and some of those industries, 167 00:10:15.790 –> 00:10:19.840 it’s really difficult to get that coverage because the claims are so prevalent 168 00:10:20.380 –> 00:10:23.960 in that area. Um, I think overall, you know, 169 00:10:24.270 –> 00:10:28.840 overall claims are down, not by a lot, but they’re holding steady. 170 00:10:29.460 –> 00:10:30.680 Um, and I think in general, 171 00:10:30.680 –> 00:10:34.200 people have a lot more awareness than they did a couple of years ago. 172 00:10:34.200 –> 00:10:38.720 They’re seeing it more, they’re realizing the, the small to business, uh, 173 00:10:38.720 –> 00:10:42.980 medium-sized enterprises, they’re like 58 or 60% of the claims. 174 00:10:43.640 –> 00:10:47.340 Wow. So when people think that I’m not target, you know, 175 00:10:47.480 –> 00:10:49.660 I’m not TJ Maxx, and you know, 176 00:10:49.660 –> 00:10:52.780 all the other millions of large breaches that you’ve heard of, 177 00:10:53.580 –> 00:10:58.010 small businesses are easier targets, right? They tend to be less secure, 178 00:10:58.010 –> 00:11:01.930 which is why the insurance companies started kind of coming down on them saying, 179 00:11:02.550 –> 00:11:04.730 you can’t be such easy targets. Right? 180 00:11:05.490 –> 00:11:06.290 Probably fair to say too, 181 00:11:06.290 –> 00:11:10.690 these cyber criminals will take $50,000 a pop 10 times and try to get a half a 182 00:11:10.690 –> 00:11:15.650 million dollar loss from a well constructed, uh, well-prepared organization, 183 00:11:15.650 –> 00:11:18.410 right? Absolutely. We talk about the vulnerability of a small business. I mean, 184 00:11:18.460 –> 00:11:21.890 we’re talking about cyber criminals that are sitting in basements and, you know, 185 00:11:21.990 –> 00:11:24.290 all across this country and other countries, and they, 186 00:11:24.290 –> 00:11:28.770 they will take 50 grand pop all day long, um, from very vulnerable players. 187 00:11:29.690 –> 00:11:34.650 Absolutely. Um, but the 50 grand ransomware demands are probably out the window. 188 00:11:34.930 –> 00:11:37.610 I mean, I think they’re h much higher than that. Sure. They can, 189 00:11:37.710 –> 00:11:41.770 the average demand, I, I’d say probably six to 800,000, uh, 190 00:11:41.770 –> 00:11:44.210 for a small to medium enterprise maybe more. Sure, 191 00:11:44.560 –> 00:11:46.570 Sure. And from a current event space, I mean, 192 00:11:46.600 –> 00:11:50.250 this is happening all over the country. We are not, uh, insulated from that. 193 00:11:50.270 –> 00:11:53.900 We have seen in our backyard a variety of different businesses that have been 194 00:11:54.100 –> 00:11:57.860 affected. Um, and it’s not just the demand, right? It’s the reputational damage, 195 00:11:57.970 –> 00:12:01.940 it’s the interruption of businesses. It’s a lot of effects that happen, um, 196 00:12:01.940 –> 00:12:03.580 when this activity does happen. 197 00:12:04.080 –> 00:12:08.540 Before we jumped on and before folks got into the actual, uh, zoom room here, 198 00:12:09.080 –> 00:12:11.020 but you mentioned a claim, uh, 199 00:12:11.020 –> 00:12:13.340 that that popped up on your radar just a couple of days ago. 200 00:12:13.340 –> 00:12:14.300 Would you mind going through that? 201 00:12:14.300 –> 00:12:17.020 Because these real world examples I think are very helpful. 202 00:12:17.490 –> 00:12:19.900 Yeah, absolutely. So we had a, uh, 203 00:12:20.200 –> 00:12:23.180 an agent bring an account to us that they have been trying to get, uh, 204 00:12:23.180 –> 00:12:27.540 the client who’s a, about a 3 million advertising agency, 3 million in revenue. 205 00:12:27.930 –> 00:12:31.220 They’ve been trying to get them to purchase cyber for now upwards of three to 206 00:12:31.220 –> 00:12:33.500 four years. And they’ve turned it down every year. 207 00:12:33.880 –> 00:12:36.620 And we got a call on Monday that they unfortunately, uh, 208 00:12:36.620 –> 00:12:40.740 sustained a social engineering incident where they were duped from a fake vendor 209 00:12:40.870 –> 00:12:44.940 email telling them to wire $64,000 to this party. 210 00:12:44.940 –> 00:12:49.500 They didn’t verify it and they were out the $64,000. So, um, 211 00:12:49.610 –> 00:12:53.300 kind of going to the claims world, the unfortunate reality also is if, 212 00:12:53.300 –> 00:12:56.180 if you have a claim, it doesn’t mean it’s all over, right? 213 00:12:56.180 –> 00:12:58.180 Obviously it’s the expense, it’s the strain, 214 00:12:58.290 –> 00:13:01.140 it’s the business loss or strain on that level. 215 00:13:01.200 –> 00:13:03.100 But then it’s also more often than not, 216 00:13:03.100 –> 00:13:07.580 people recognizing they then need the insurance after the fact and the terms 217 00:13:07.580 –> 00:13:11.060 being affected from that, right? So we, we wanna help, uh, 218 00:13:11.210 –> 00:13:14.980 both prospects and op clients who either haven’t ever purchased, 219 00:13:14.980 –> 00:13:19.260 currently purchased, or have had a loss and warranted. Um, to Cynthia’s point, 220 00:13:19.540 –> 00:13:20.620 everyone needs cyber insurance. 221 00:13:20.640 –> 00:13:24.540 And it’s unfortunate when you have a client or a prospect like that who has 222 00:13:24.540 –> 00:13:27.220 turned it down for years after not thinking they need it, 223 00:13:27.520 –> 00:13:29.100 who unfortunately suffered a loss. 224 00:13:29.610 –> 00:13:30.420 Well, I’ll tell you the, 225 00:13:30.420 –> 00:13:33.820 the sophistication of the emails from a social engineering perspective is, 226 00:13:33.920 –> 00:13:37.940 is mind boggling, right? I mean, it, uh, it happens to us all the time, right? 227 00:13:38.020 –> 00:13:40.860 I mean, they, they have copied my email signature. Now, 228 00:13:40.980 –> 00:13:44.940 a lot of the verbiage they use might not be exact to the way I would construct 229 00:13:44.940 –> 00:13:48.900 an email, but I’ll tell you, it’s getting closer and closer by the day. So, um, 230 00:13:48.900 –> 00:13:51.580 Cynthia made the point about folks being a step ahead, the, 231 00:13:51.720 –> 00:13:54.580 the degree of research and in, in, uh, 232 00:13:54.650 –> 00:13:57.580 time that they spend in trying to figure out who would be sending that email, 233 00:13:57.880 –> 00:14:01.820 uh, what their schedule looks like and how they construct emails. I mean, it, 234 00:14:01.820 –> 00:14:03.780 it is not by happenstance that this happens, 235 00:14:03.780 –> 00:14:07.060 there is a lot of work that goes in, uh, by these bad actors. 236 00:14:07.360 –> 00:14:10.220 It really is. Yeah, absolutely. They also monitor social media. 237 00:14:10.520 –> 00:14:12.500 So if they decide they’re gonna target you, 238 00:14:12.890 –> 00:14:16.340 they may try to find your LinkedIn and your, your Facebook page. 239 00:14:16.360 –> 00:14:20.620 And a lot of people go on Facebook and everywhere they go, they check in and, 240 00:14:20.640 –> 00:14:22.140 Hey, I’m here and I’m here and I’m here. 241 00:14:22.280 –> 00:14:23.820 And so they kind of know you’re out of town, 242 00:14:23.820 –> 00:14:26.780 or they know you’re on a cruise and you’re gonna be unavailable, you know, 243 00:14:26.780 –> 00:14:30.100 that kind of thing. And so they do that and they also, you know, 244 00:14:30.200 –> 00:14:34.410 try to see how you communicate and copy those words and, 245 00:14:34.430 –> 00:14:36.410 and make them more believable. If I may, 246 00:14:36.490 –> 00:14:41.130 I just wanna throw in an interesting example cuz you talk about how much time 247 00:14:41.130 –> 00:14:45.290 goes into, uh, being creative and making these, um, 248 00:14:45.290 –> 00:14:48.810 we’ll talk about social engineering claims. Um, so believable. 249 00:14:49.370 –> 00:14:54.220 I had an account where the fraudster created 250 00:14:54.320 –> 00:14:58.860 an email chain. So if I were trying to dupe you, I I, 251 00:14:58.860 –> 00:15:02.780 they actually broke into the system, so there was a breach as well. Um, 252 00:15:02.840 –> 00:15:04.940 and they compromised, we’ll say your email, 253 00:15:05.320 –> 00:15:09.260 and I’m communicating with you back and forth by email, 254 00:15:09.280 –> 00:15:12.980 but I’m really doing both sides of the communication and it, 255 00:15:13.200 –> 00:15:17.980 I’m using your email account and I’m blocking you from seeing it. Right? Right. 256 00:15:18.120 –> 00:15:22.820 And, and so he took this whole chain and it was like, Hey, I saw widgets. Oh, 257 00:15:22.820 –> 00:15:25.300 tell me about your widget. Oh, well our widget does this. Wow, 258 00:15:25.300 –> 00:15:26.580 that’s really cool. What about this? 259 00:15:26.720 –> 00:15:31.400 And it was this whole like multiple week long conversation 260 00:15:31.510 –> 00:15:34.600 back and forth about what this was that was being sold. 261 00:15:35.260 –> 00:15:39.720 And he took this chain that he created and he sent it to the C F O 262 00:15:41.060 –> 00:15:45.510 from a Andy will say, and said, Hey, Mr. C F O, 263 00:15:46.130 –> 00:15:50.470 I’m authorizing the purchase of this $1 million widget. Mm-hmm. 264 00:15:50.570 –> 00:15:55.470 Please wire the funds to this account and, and let’s get it ordered. 265 00:15:55.850 –> 00:15:56.310 And he did 266 00:15:56.310 –> 00:15:59.790 The fake conversation served as documentation or validation of the, you know, 267 00:15:59.870 –> 00:16:00.703 relationship. 268 00:16:00.860 –> 00:16:05.190 Exactly. It was so believable because it was this long drawn out conversation 269 00:16:06.350 –> 00:16:10.030 and he wired a million dollars and when they figured it out, 270 00:16:10.540 –> 00:16:11.790 he’s no longer employed there. 271 00:16:12.170 –> 00:16:16.670 Wow. Yeah, I imagine so. Um, wow. Well, it is a very sophisticated, 272 00:16:17.170 –> 00:16:20.590 uh, group that we’re up against. Um, but there is help, right? 273 00:16:20.590 –> 00:16:23.110 There are products available to us that, uh, 274 00:16:23.110 –> 00:16:26.630 we don’t make everybody completely cynical by watching this entire risk academy, 275 00:16:26.770 –> 00:16:30.270 and, uh, the world is not coming to an end point yet. So, but it is a very, 276 00:16:30.300 –> 00:16:34.390 very interesting battle that we find ourselves in with respect to this. So, uh, 277 00:16:34.630 –> 00:16:37.150 whenever there are, you know, upticks in claims activity, 278 00:16:37.970 –> 00:16:39.830 be it in severity or in frequency, 279 00:16:40.020 –> 00:16:42.990 there’s only one thing that could happen from an industry perspective, 280 00:16:42.990 –> 00:16:46.110 from an insurance industry perspective, and that is some type of response, 281 00:16:46.440 –> 00:16:49.950 right? The response usually comes in a couple of different ways. Um, 282 00:16:49.950 –> 00:16:51.550 and we’ll talk about those. So Brad, 283 00:16:51.570 –> 00:16:53.710 I’m gonna look to you to start this conversation if that’s okay, 284 00:16:53.710 –> 00:16:56.750 but what has the response been from the insurance industry where we always look 285 00:16:56.750 –> 00:17:00.470 at pricing changes, right? That is natural underwriting changes, 286 00:17:00.650 –> 00:17:03.870 be it an appetite or expectations for I’M from underwriters, 287 00:17:04.290 –> 00:17:05.590 and then contractual changes. 288 00:17:06.090 –> 00:17:08.910 Are the policies getting more restrictive in nature? 289 00:17:09.010 –> 00:17:10.670 Are there new exclusions being added? 290 00:17:11.050 –> 00:17:14.590 Can you talk about those three facets of the response from the insurance company 291 00:17:14.650 –> 00:17:16.350 and, and how those are playing out in real time? 292 00:17:16.740 –> 00:17:20.390 Yeah, absolutely. I, I think a primary driver to a lot of these changes, 293 00:17:20.440 –> 00:17:24.350 other than the obvious uptick in claims is also the evolution of technology, 294 00:17:24.400 –> 00:17:25.030 right? I mean, 295 00:17:25.030 –> 00:17:28.430 we just came out of a two to four year time period where a lot of businesses 296 00:17:28.430 –> 00:17:32.350 weren’t ready and, uh, prepared to go entirely remote. 297 00:17:32.370 –> 00:17:36.750 And many businesses still adopt and operate a hybrid or remote environment, 298 00:17:37.210 –> 00:17:40.870 um, which creates new exposure. So in that, and with the uptick of claims, 299 00:17:41.370 –> 00:17:44.030 we saw the market really in a rapid pace, 300 00:17:44.460 –> 00:17:49.260 both kind of adjust their pricing approach with charging a lot more premium for 301 00:17:49.260 –> 00:17:51.300 those standard policies, um, 302 00:17:51.350 –> 00:17:55.380 while also requiring a lot more information to Cynthia’s comments a few minutes 303 00:17:55.480 –> 00:17:59.660 ago. It used to be you give five pieces of information and you can get the most 304 00:17:59.660 –> 00:18:02.020 expansive quote for the cheapest premium, right? 305 00:18:02.030 –> 00:18:06.300 Based on the last few years that that’s not the case. The the pricing is up. Uh, 306 00:18:06.320 –> 00:18:10.620 the coverage is more restrictive in certain situations when it’s warranted based 307 00:18:10.680 –> 00:18:12.220 on lacking IT controls, 308 00:18:12.220 –> 00:18:17.140 and when the carriers feel they can only get comfortable quoting with that. Um, 309 00:18:17.520 –> 00:18:21.020 and the, uh, required information is a lot more, they’re, 310 00:18:21.020 –> 00:18:22.860 they’re asking for a lot more information on your, 311 00:18:23.040 –> 00:18:26.740 it controls your posture better understanding the risk as a whole, 312 00:18:26.740 –> 00:18:31.100 rather than what do you do? Where are you and have you had a loss? So I, 313 00:18:31.100 –> 00:18:34.380 I think we’ve seen in the last two to three years, uh, 314 00:18:34.380 –> 00:18:36.420 definitely an uptick in pricing. Um, 315 00:18:36.420 –> 00:18:38.900 and especially in the last one to two years, I’d say, uh, 316 00:18:39.010 –> 00:18:43.620 more coverage restrictions around risk and businesses who don’t have adequate 317 00:18:43.880 –> 00:18:46.740 IT controls. Um, I’d say for 2023, 318 00:18:46.740 –> 00:18:51.140 we started to see a little bit of a plateauing in that for risks who have been 319 00:18:51.140 –> 00:18:54.140 hearing this for many years and have at least implemented some of the controls 320 00:18:54.140 –> 00:18:56.460 that the carriers are, are looking for and requiring, 321 00:18:56.750 –> 00:18:59.260 we’re seeing some lessened restrictions on the coverage, 322 00:18:59.480 –> 00:19:03.140 but we’re still seeing markets who want to have coverage restrictions, 323 00:19:03.140 –> 00:19:07.980 whether it be a ransomware supplement and or co-insurance or a higher 324 00:19:08.340 –> 00:19:12.820 retention or a restriction on a specific limit or coverage altogether. 325 00:19:13.870 –> 00:19:16.610 Gotcha. Makes a lot of sense. Um, and this is, 326 00:19:16.690 –> 00:19:17.570 I I was gonna ask another question. 327 00:19:17.570 –> 00:19:20.210 It’s probably the best time as any to lead right into this. 328 00:19:20.230 –> 00:19:24.730 And we’ve talked about extortion and ransomware and all these variety of 329 00:19:24.930 –> 00:19:26.290 coverages that now exist. I mean, 330 00:19:26.290 –> 00:19:29.330 let’s say a couple of steps back to the infancy of cyber liability, 331 00:19:29.900 –> 00:19:33.010 those were nowhere even in our purview, right? I mean, 332 00:19:33.060 –> 00:19:36.090 cyber liability at the beginning basically was, Hey, 333 00:19:36.300 –> 00:19:40.490 we’ve been breached in some capacity. Uh, we need to do two things. 334 00:19:40.950 –> 00:19:43.650 We needed to notify everybody that could have been affected. 335 00:19:43.790 –> 00:19:46.810 So there was protection and notification expenses, right? 336 00:19:47.000 –> 00:19:51.490 Produce a letter or whatever I need to do to let all these 5,000 clients of mine 337 00:19:51.520 –> 00:19:52.930 know that they could have been affected. 338 00:19:53.430 –> 00:19:57.530 And then there was protection built into the coverage to monitor credit for 339 00:19:57.530 –> 00:20:01.250 those folks to make sure that there was not a negative impact to them, um, 340 00:20:01.250 –> 00:20:05.290 over a certain period of time that was usually driven by state law to say one to 341 00:20:05.290 –> 00:20:07.690 two years or whatever it might be, but that’s really what it was. 342 00:20:07.690 –> 00:20:12.260 Notification expenses, and credit monitoring, right? And from its infancy, 343 00:20:12.260 –> 00:20:16.860 it has grown into a laundry list of coverages that are now, now available. 344 00:20:17.420 –> 00:20:20.260 I mean, uh, talk a little bit about that if you can. Right? We, 345 00:20:20.260 –> 00:20:24.180 we mentioned cyber extortion, social, social engineering, reputational damage. 346 00:20:24.920 –> 00:20:28.900 The pro, the programs that are available are much more comprehensive, right? 347 00:20:28.900 –> 00:20:30.860 Than they were 5, 6, 7 years ago. 348 00:20:31.170 –> 00:20:34.260 Yeah, absolutely. I, I think the reality of it, and you nailed it, 349 00:20:34.280 –> 00:20:37.380 is it based on the way the market has gone and the amount of claims and the 350 00:20:37.380 –> 00:20:39.260 evolution of cyber, um, 351 00:20:39.260 –> 00:20:43.660 it’s no longer just back in the day when it was just paper records where there 352 00:20:43.660 –> 00:20:48.060 was no technology that was still exposure for cyber if someone stole a, uh, 353 00:20:48.060 –> 00:20:50.460 folder of protected information. Um, 354 00:20:50.680 –> 00:20:54.820 so the cyber policies are structured to have a multitude of coverages and more 355 00:20:55.060 –> 00:20:57.660 commonly broken up into first and third party coverages, 356 00:20:57.760 –> 00:21:00.340 so losses incurred by the business themselves, 357 00:21:00.480 –> 00:21:04.860 and then liability coverages after the fact through either fines, penalties, 358 00:21:04.880 –> 00:21:08.100 or lawsuits as a result of the breach. Um, 359 00:21:08.240 –> 00:21:12.340 but cyber’s definitely unique in the sense of it’s usually not just one coverage 360 00:21:12.530 –> 00:21:16.420 trigger that is triggered throughout the entirety of a claim, right? 361 00:21:16.420 –> 00:21:19.300 That the policies are very detailed. And to Cynthia’s point, 362 00:21:19.300 –> 00:21:22.180 we could probably have a whole another session just on that, 363 00:21:22.360 –> 00:21:27.260 but the initial structure of these policies is meant to have 364 00:21:27.260 –> 00:21:31.020 you call into the carrier the second you think there is a breach. Second, 365 00:21:31.020 –> 00:21:32.580 you think something is wrong. Second, 366 00:21:32.610 –> 00:21:37.260 something seems off and putting you in touch with the breach coach, 367 00:21:37.260 –> 00:21:41.180 they call them through the partnerships with the carriers to dissect what is 368 00:21:41.180 –> 00:21:44.500 going on. And from there, there could be, um, looping in, uh, 369 00:21:44.740 –> 00:21:47.820 forensics investigations to try to figure out, to Andy’s point, 370 00:21:48.170 –> 00:21:51.420 what information was compromised, who needs to be notified, 371 00:21:51.840 –> 00:21:54.140 and further going down the line of, uh, 372 00:21:54.140 –> 00:21:58.380 potential legal ramifications and other expenses incurred. Um, 373 00:21:58.960 –> 00:22:03.820 the forensics is the number one expense outside of potentially a ransom demand 374 00:22:04.170 –> 00:22:07.300 that we see on cyber claims. Um, and what’s that, 375 00:22:07.330 –> 00:22:10.020 what that is doing is figuring out really what happens, 376 00:22:10.290 –> 00:22:13.980 what data is compromised and how to get the system back up and running. 377 00:22:14.200 –> 00:22:18.420 So most cyber incidents are gonna have some sort of forensics investigation, 378 00:22:18.920 –> 00:22:23.460 and a lot of times people don’t think that cost is gonna add up and it does. 379 00:22:23.720 –> 00:22:26.580 So there’s a lot more, um, you touched on obviously, 380 00:22:26.600 –> 00:22:29.300 and we did the extortion and social engineering, um, 381 00:22:29.320 –> 00:22:33.500 but especially like the business interruption and reputational damage for a 382 00:22:33.660 –> 00:22:36.700 business that heavily relies on their technology systems and their systems 383 00:22:36.940 –> 00:22:37.773 altogether, 384 00:22:37.800 –> 00:22:42.540 if those go down and you’re unable to get income as a result 385 00:22:43.080 –> 00:22:45.220 for that downtime via the cyber breach, 386 00:22:45.290 –> 00:22:49.900 there’s a lot of potential exposure and business income loss from that. So, 387 00:22:50.240 –> 00:22:50.980 um, like I said, 388 00:22:50.980 –> 00:22:53.540 we can go farther into the weeds if there’s any questions specifically on the 389 00:22:53.740 –> 00:22:53.860 coverage, 390 00:22:53.860 –> 00:22:58.140 but they are built in a nice widespread structure to be both first and third 391 00:22:58.140 –> 00:22:58.973 party coverages. 392 00:22:59.700 –> 00:23:01.680 And Cynthia, I’m gonna come to you. Is it fair to say though, 393 00:23:01.680 –> 00:23:04.440 when we talked about volatility, we talked about restrictions being added, 394 00:23:04.440 –> 00:23:07.200 we talked about carrier changes at a pretty rapid level, 395 00:23:07.420 –> 00:23:10.480 not all contracts are created equal. Is that fair? I mean, 396 00:23:10.680 –> 00:23:15.200 I, I would say it’s fair to say that no two contracts are created equal. There, 397 00:23:16.010 –> 00:23:20.680 there is more differentiation from one program to the next in cyber than I’ve 398 00:23:20.680 –> 00:23:23.320 ever seen on any product line. Usually the, 399 00:23:23.320 –> 00:23:28.040 the wording follows a very similar structure and sometimes verbatim, um, 400 00:23:28.150 –> 00:23:32.600 each coverage section and cyber policies are as different as apples and cars, 401 00:23:32.820 –> 00:23:34.920 not even apples and oranges, right? 402 00:23:35.390 –> 00:23:38.680 Yeah. As, as simple consumers of insurance and everybody that’s on the call has, 403 00:23:38.680 –> 00:23:40.440 has bought an insurance in some capacity, 404 00:23:40.470 –> 00:23:44.240 general liability for the most part is general liability and property as pretty 405 00:23:44.240 –> 00:23:44.640 much property. 406 00:23:44.640 –> 00:23:48.700 There might be slight variations and limits across carriers or some wording from 407 00:23:48.700 –> 00:23:51.060 here or there, but the general, uh, 408 00:23:51.060 –> 00:23:54.380 program is kind of universal across the industry. But for cyber, 409 00:23:54.400 –> 00:23:56.060 that’s not the case at all. I mean, 410 00:23:56.060 –> 00:24:00.500 I think the key is to place yourself with a broker that understands and that has 411 00:24:00.500 –> 00:24:02.500 a valued interest in this. And then two, 412 00:24:03.160 –> 00:24:06.820 the broker has a relationship with somebody like associates that has a true 413 00:24:07.220 –> 00:24:11.460 industry understanding and is on the cutting edge of the changes, right? 414 00:24:11.460 –> 00:24:14.660 Because the way it looks today and the way it looks in six months or the way it 415 00:24:14.660 –> 00:24:16.820 looks six months ago could be dramatically different. 416 00:24:16.880 –> 00:24:18.860 So staying on top of this is, is critical. 417 00:24:19.570 –> 00:24:21.300 Yeah. And I, I think too, you know, 418 00:24:21.300 –> 00:24:24.420 being able to interpret those quotes and identify some of those major 419 00:24:24.420 –> 00:24:25.170 differences, 420 00:24:25.170 –> 00:24:28.700 because one of the things Brett and I look for right off the bat is, 421 00:24:28.800 –> 00:24:32.820 is there a sub-limit on ransomware? Like, that’s one of the biggest exposures. 422 00:24:32.920 –> 00:24:35.940 That’s an exposure you don’t want a sub-limit on, right? If, 423 00:24:36.040 –> 00:24:40.580 if it’s available at full limit, which it readily is in most cases. 424 00:24:41.440 –> 00:24:45.620 So how many times we’ve seen people say, oh, I got this really good quote, 425 00:24:46.240 –> 00:24:49.460 and then we look at it and you see something like that. So, you know, 426 00:24:49.460 –> 00:24:51.700 giving us the opportunity to help you and, 427 00:24:51.960 –> 00:24:53.580 and to point out some of those things, 428 00:24:54.010 –> 00:24:57.020 they can really affect your decision on which way to go. 429 00:24:58.140 –> 00:25:01.380 Absolutely. No, that is very critical. Now, obviously, a broker with, 430 00:25:01.380 –> 00:25:04.340 with great expertise and great, uh, market, you know, 431 00:25:04.340 –> 00:25:07.500 reach like yourselves is gonna have a variety of companies they can, uh, 432 00:25:07.600 –> 00:25:09.740 can go to at any time. And like a lot of things, 433 00:25:10.040 –> 00:25:14.900 we want to be in our best outfit when it’s time to go to market, 434 00:25:14.900 –> 00:25:19.020 right? We want to be in the best, put our best foot forward, if you will. So, 435 00:25:19.280 –> 00:25:20.900 you know, in spite of all these changes, 436 00:25:21.160 –> 00:25:25.020 I’m a firm believer that for a best in class operator, 437 00:25:25.020 –> 00:25:27.260 there’s always opportunity, right? 438 00:25:27.280 –> 00:25:31.700 If you’re gonna do the right things and you have processes and programs in place 439 00:25:31.960 –> 00:25:33.020 to protect yourself, 440 00:25:33.210 –> 00:25:37.540 there’s always a place in the market for you at a competitive level, right? 441 00:25:37.680 –> 00:25:39.900 So let’s talk a little bit about that, right? We’ve, 442 00:25:39.900 –> 00:25:41.740 this has been a pretty downer conversation. 443 00:25:41.740 –> 00:25:45.220 There’s a lot of claims prices going crazy, it’s volatile, all those things. 444 00:25:45.520 –> 00:25:49.820 But hey, in spite of all that, how do we position ourselves as best we can, 445 00:25:49.870 –> 00:25:50.320 right? 446 00:25:50.320 –> 00:25:54.900 So the next line of questioning is really about what can a client do to make 447 00:25:54.900 –> 00:25:58.660 themselves the most attractive in the market, right? 448 00:25:58.840 –> 00:26:03.420 So specifically I’d like to highlight what specific controls should they 449 00:26:03.610 –> 00:26:04.240 have in place, 450 00:26:04.240 –> 00:26:08.060 or will they possibly be mandated to have in place at the time a policy is put 451 00:26:08.060 –> 00:26:08.820 in place? Um, 452 00:26:08.820 –> 00:26:13.060 what are some things that underwriters look for in best in class risks? 453 00:26:13.760 –> 00:26:16.340 Are there any non-negotiable requirements? 454 00:26:16.440 –> 00:26:19.220 And that’s changing pretty rapidly too, if you don’t have this, 455 00:26:19.590 –> 00:26:22.420 don’t even start the conversation type of thing. Um, 456 00:26:22.420 –> 00:26:25.940 and then we’re gonna talk about utilization of some, some vulnerability scans, 457 00:26:25.940 –> 00:26:29.820 some of the tools that companies use to try to understand what the risk is, 458 00:26:29.820 –> 00:26:30.250 like, 459 00:26:30.250 –> 00:26:34.100 what the risk profile is like for an organization before they have the chance to 460 00:26:34.100 –> 00:26:36.180 engage with them. What do they know about you that might, 461 00:26:36.180 –> 00:26:39.620 you might not even know yourself? So, Cynthia, I’ll, I’ll jump to you first. 462 00:26:40.210 –> 00:26:40.860 Okay. Well, 463 00:26:40.860 –> 00:26:45.780 I would say the single most requested control procedure item is 464 00:26:46.120 –> 00:26:50.220 mfa multifactor authentication. Um, there’s several ways to do it. The, 465 00:26:50.580 –> 00:26:54.140 probably one of the most common is you get a text on your phone, um, 466 00:26:54.290 –> 00:26:57.620 with a code to enter. Sometimes it’s, uh, a key fob. 467 00:26:57.730 –> 00:27:02.180 Sometimes it’s some other secondary level of verification, right? 468 00:27:02.180 –> 00:27:05.260 That you are who you say you are. You know, with, 469 00:27:05.400 –> 00:27:09.930 if you log in from your computer and somebody say you use your 470 00:27:09.930 –> 00:27:12.330 credentials across multiple platforms, 471 00:27:12.390 –> 00:27:14.650 and one of those platforms gets compromised, 472 00:27:14.830 –> 00:27:18.530 now they have your u your username and password or your email and password 473 00:27:18.530 –> 00:27:19.363 combination, 474 00:27:19.640 –> 00:27:24.570 they start testing it across all different websites and platforms in order 475 00:27:24.590 –> 00:27:26.290 to try to get into your account. 476 00:27:26.870 –> 00:27:31.330 So when by having MFA you have another level to verify who you are, 477 00:27:31.840 –> 00:27:33.410 that is less likely for them to have, 478 00:27:33.440 –> 00:27:37.610 it’s less likely that that person who bought or stole your 479 00:27:38.550 –> 00:27:39.520 credentials in, 480 00:27:39.660 –> 00:27:44.000 in another breach also has your key fob or also has your cell phone, uh, 481 00:27:44.140 –> 00:27:49.120 or maybe knows your personal email where you can, um, get a a, a code at. 482 00:27:49.740 –> 00:27:53.800 So the MFA has done a great job in reducing, like, again, 483 00:27:53.870 –> 00:27:58.560 nothing is foolproof and sure the threat actors will always be a step ahead of 484 00:27:58.560 –> 00:28:03.000 us, but it has, it’s probably the most universally requested thing. 485 00:28:03.540 –> 00:28:06.360 Is it a hundred percent of the time? No. 486 00:28:06.860 –> 00:28:11.080 It got to a point where it was probably, what do you think, Brett? 99 or 98%? 487 00:28:11.350 –> 00:28:15.640 It’s softened maybe. Okay, maybe it’s in the nineties still, but it’s, 488 00:28:15.760 –> 00:28:18.960 it’s not necessarily as much as it was. The ones, 489 00:28:19.180 –> 00:28:23.960 the markets that will quote risks without MFA are usually quoting 490 00:28:24.250 –> 00:28:28.360 small vanilla, lesser hazard classes. Sure. Um, 491 00:28:28.660 –> 00:28:33.600 if they are larger or more complex or higher hazard classes, 492 00:28:34.940 –> 00:28:37.200 if they get quoted without having mfa, 493 00:28:37.200 –> 00:28:40.120 they probably have a ransomware, 494 00:28:40.140 –> 00:28:43.920 either sub-limit or exclusion or co-insurance or some combination. 495 00:28:45.000 –> 00:28:47.300 Um, so that’s one of the biggest ones. And then people say, well, 496 00:28:47.300 –> 00:28:48.460 where do they have to have MFA? 497 00:28:49.090 –> 00:28:53.200 Everywhere you can possibly have it is the best answer. Sure. Right. 498 00:28:53.980 –> 00:28:58.040 Um, the minimum standard is typically gonna be all remote access. 499 00:28:59.500 –> 00:29:03.880 So whether that is to your network account or to your email on your phone, 500 00:29:04.140 –> 00:29:07.440 you can, you can go through the MFA verification process on your phone. 501 00:29:08.180 –> 00:29:12.880 No one asks how frequently you do it, they just wanna know that you do it. So, 502 00:29:12.930 –> 00:29:16.320 right. Right. Because once that item has been validated, 503 00:29:16.470 –> 00:29:21.080 then unless you maybe change IP addresses, sign in from a different location, 504 00:29:21.080 –> 00:29:21.960 something like that, 505 00:29:22.340 –> 00:29:26.480 you’re probably not gonna get asked to re-authenticate unless the organization 506 00:29:26.480 –> 00:29:31.120 puts in more stringent requirements in the settings. Um, 507 00:29:31.120 –> 00:29:33.560 but from an underwriting standpoint, they’re usually just, 508 00:29:33.580 –> 00:29:37.200 if you’re doing it and you’re validating it, we’re good. Right? Um, 509 00:29:37.370 –> 00:29:39.920 email remote access, uh, 510 00:29:40.020 –> 00:29:43.540 to your account or your email network administration accounts, 511 00:29:43.540 –> 00:29:45.260 they like to see that. Um, 512 00:29:45.260 –> 00:29:50.260 because network administrators or privileged users have the keys to the 513 00:29:50.380 –> 00:29:53.420 castle, right? They have the access to the most sensitive information. 514 00:29:54.000 –> 00:29:58.700 So they like to see those people have M F A, whether they’re in the office, 515 00:29:58.920 –> 00:30:03.130 you know, inside the network or working remotely other places, 516 00:30:03.790 –> 00:30:08.610 backup tapes. Where else did I miss anything Brett? Um, backup cloud 517 00:30:08.610 –> 00:30:09.443 Service providers. 518 00:30:09.480 –> 00:30:12.450 Yeah, I, I say tapes, I don’t know why I keep saying that, 519 00:30:12.450 –> 00:30:16.890 just tells you how old I am, but back ups, um, having that, 520 00:30:17.030 –> 00:30:21.890 the them MFA protected. Yeah. Or access to cloud service providers. 521 00:30:22.430 –> 00:30:27.290 Um, if you’re a IT tech company that remotely accesses your clients, 522 00:30:27.320 –> 00:30:31.810 they like to see, you have to go through MFA to, to do that again, 523 00:30:31.810 –> 00:30:35.450 just anytime, especially remote access, 524 00:30:35.560 –> 00:30:38.690 they wanna see that or access to really sensitive information. 525 00:30:39.510 –> 00:30:42.610 That’s probably the number one most requested. And again, 526 00:30:42.800 –> 00:30:46.810 there’s some lightened flex and more flexibility in that area 527 00:30:47.590 –> 00:30:51.250 of recent, like literally the last less than six months. 528 00:30:51.830 –> 00:30:55.810 But most of that relaxation has been in this small 529 00:30:56.760 –> 00:31:00.050 vanilla low hazard type space. 530 00:31:00.050 –> 00:31:04.130 People that haven’t had an event understood happen and, and such like that. 531 00:31:04.700 –> 00:31:06.290 Other things, you know, and, 532 00:31:06.310 –> 00:31:09.850 and this is where underwriters are actually underwriting, cuz it’s, 533 00:31:10.080 –> 00:31:14.730 sometimes it’s a combination of responses that sways it one way or the other. 534 00:31:15.390 –> 00:31:15.750 You know, 535 00:31:15.750 –> 00:31:19.730 things that they might look for is do you have endpoint detection and response? 536 00:31:20.550 –> 00:31:23.890 Do you have employee training, you know, on, 537 00:31:24.190 –> 00:31:27.090 on like phishing training and what not to click on? Sure. 538 00:31:27.190 –> 00:31:31.650 Do you have en employee training on doing verifications on social 539 00:31:32.090 –> 00:31:35.410 engineering, potentially social engineering attacks, you know, 540 00:31:35.410 –> 00:31:39.850 where wire transfers, um, or changed instruction, uh, 541 00:31:40.360 –> 00:31:44.890 education for your employees. They look at, um, I don’t know, 542 00:31:44.890 –> 00:31:49.830 all sorts of things you do, you outsource your, your, uh, 543 00:31:50.330 –> 00:31:51.910 it, you know, so on and so forth. 544 00:31:51.910 –> 00:31:56.230 Then there’s usually at least a couple of pages or more of questions. 545 00:31:56.730 –> 00:31:59.750 And again, if you, if you kind of don’t pass on one, 546 00:32:00.170 –> 00:32:03.470 but you pass on enough others, you’re, you’re generally okay. 547 00:32:03.490 –> 00:32:06.190 But when you start getting more nos and yeses that, you know, 548 00:32:06.190 –> 00:32:07.023 you don’t have them, 549 00:32:07.930 –> 00:32:12.230 the stack of those things together might sway an underwriter. And, and Brett, 550 00:32:12.290 –> 00:32:14.790 you, you actually work as a cyber underwriter, 551 00:32:14.790 –> 00:32:18.110 so I don’t know if you have anything to add to that as to what you looked for 552 00:32:18.300 –> 00:32:20.430 when you were in that position. Yeah, 553 00:32:20.450 –> 00:32:23.030 I’d say, I mean the, the favorite acronyms, 554 00:32:23.370 –> 00:32:27.750 MFA and E D R are probably the most common that we see with MFA being the 555 00:32:27.750 –> 00:32:31.470 biggest, um, backups as well. And, and more importantly now, it, 556 00:32:31.470 –> 00:32:33.710 it’s no longer asking do you have backups? 557 00:32:33.710 –> 00:32:38.070 It’s trying to get a little more insight into what types are they segregated 558 00:32:38.070 –> 00:32:39.420 from your network. Um, 559 00:32:39.420 –> 00:32:44.020 and the reason for that is if a hacker gets into the system and you have backups 560 00:32:44.340 –> 00:32:48.060 directly connected to the network, the hacker will gain access to those backups, 561 00:32:48.060 –> 00:32:50.340 rendering them useless. So segregated, 562 00:32:50.340 –> 00:32:54.500 whether it be through a cloud provider or fully offline offsite from the 563 00:32:54.500 –> 00:32:56.740 network. So in the event the worst happens, 564 00:32:56.810 –> 00:33:01.380 there’s at least a way to restore to some capacity from those backups. 565 00:33:01.600 –> 00:33:03.100 Um, and to Cynthia’s point as well, 566 00:33:03.140 –> 00:33:07.100 I will say obviously depending on the class of business and nature of 567 00:33:07.100 –> 00:33:10.820 operations, some of these will be scrutinized more, some less, um, 568 00:33:10.850 –> 00:33:11.980 some that are kind of highly, 569 00:33:12.130 –> 00:33:16.140 more highly scrutinized regardless of size will range from municipalities, 570 00:33:16.450 –> 00:33:19.820 schools, banking, healthcare, um, 571 00:33:19.970 –> 00:33:23.100 even more recently manufacturing and somewhat contractors. 572 00:33:23.660 –> 00:33:24.980 I think a lot of these businesses, 573 00:33:24.980 –> 00:33:29.260 especially the nature of ops where there hadn’t been historically large amounts 574 00:33:29.260 –> 00:33:33.940 or frequency of severity of claims has seen an uptick that has resulted 575 00:33:34.080 –> 00:33:38.300 in the carriers responding to wanting more information. Um, 576 00:33:38.320 –> 00:33:42.540 and more specifically on the manufacturing side, prior to the last few years, 577 00:33:42.570 –> 00:33:46.420 they, they were viewed upon as some of the lowest hanging risks, um, 578 00:33:46.420 –> 00:33:50.420 and lowest exposed risks. Um, but some of the losses that come from those, 579 00:33:50.440 –> 00:33:54.220 or some of the largest claims that we see based on the business interruption and 580 00:33:54.380 –> 00:33:55.420 business income loss for, 581 00:33:55.420 –> 00:33:59.460 if a manufacturer is down for a step period of time and can’t produce their 582 00:33:59.460 –> 00:34:01.500 product, that’s their core business. 583 00:34:01.520 –> 00:34:04.780 So that’s just a few of the classes of business that some of the markets may 584 00:34:04.780 –> 00:34:06.780 want some of the more stringent controls on. 585 00:34:07.080 –> 00:34:09.820 And that can, can affect down the supply chain too. 586 00:34:11.130 –> 00:34:12.270 That’s good to know. Um, 587 00:34:12.430 –> 00:34:15.790 and it’s certainly we can help if people want to get a more robust program in 588 00:34:15.790 –> 00:34:19.310 place when it comes to protection in the phishing schemes and some of the 589 00:34:19.310 –> 00:34:21.710 efforts internally, we can certainly help with that. 590 00:34:21.830 –> 00:34:23.190 I think what you said though, 591 00:34:23.190 –> 00:34:26.670 Cynthia underwriters are still underwriting is very, is very important, right? 592 00:34:26.850 –> 00:34:30.350 So much of insurance has become, um, you know, uh, 593 00:34:30.540 –> 00:34:34.470 information that is compiled into, uh, data, you know, 594 00:34:34.470 –> 00:34:36.190 projection systems and that type of thing. 595 00:34:36.190 –> 00:34:40.190 And there’s no real human decision point, right? Um, 596 00:34:40.270 –> 00:34:42.910 a lot of homeowners and personal insurance has, has become that way. 597 00:34:42.910 –> 00:34:46.950 We’re looking at credit scores and dates of birth and all kinds of information, 598 00:34:47.330 –> 00:34:48.550 you know, vehicle history, 599 00:34:48.790 –> 00:34:52.270 whatever it is to give us the predictive modeling that’ll tell us what’s gonna 600 00:34:52.270 –> 00:34:53.310 try to happen before it happens. 601 00:34:53.540 –> 00:34:57.350 What we’re talking about here is still people making decisions based on what 602 00:34:57.350 –> 00:34:58.183 they know. 603 00:34:58.450 –> 00:35:03.150 So if you are doing these things and your broker does not know about them 604 00:35:03.370 –> 00:35:07.350 and can’t paint you in the best light or tell the best story for you, 605 00:35:07.900 –> 00:35:09.710 then we’re missing the boat, right? 606 00:35:09.890 –> 00:35:13.990 So if you are taking the extra step to take the preventative measures, 607 00:35:14.100 –> 00:35:15.550 then the underwriter needs to know that. 608 00:35:15.610 –> 00:35:17.150 And as I started this conversation with, 609 00:35:17.150 –> 00:35:20.950 there’s still an opportunity for best in class operator, 610 00:35:21.180 –> 00:35:22.270 even in difficult times. 611 00:35:22.660 –> 00:35:26.030 It’s just critical that we make sure the underwriter knows we are one of those 612 00:35:26.450 –> 00:35:29.750 and you here’s what we’re doing behind the scenes. Um, and, and, 613 00:35:29.750 –> 00:35:31.550 and we need to exemplify that to the underwriter. 614 00:35:32.320 –> 00:35:33.290 Yeah, and you know, 615 00:35:33.330 –> 00:35:36.250 I always have a corny phrase that Brett’s probably tired of hearing is, 616 00:35:36.550 –> 00:35:39.460 you know, when you have a client that has experienced an event, 617 00:35:39.810 –> 00:35:44.580 they’re not necessarily unplaceable, they’re, it’s much more difficult, 618 00:35:44.580 –> 00:35:47.820 obviously if they’re in the middle of the event because you don’t know 619 00:35:47.930 –> 00:35:50.300 necessarily how, how, 620 00:35:51.210 –> 00:35:54.790 how much the threat actor is in, if they’re in and that kind of thing. 621 00:35:55.210 –> 00:36:00.030 But especially post-incident, you know, we really spend a lot of time, um, 622 00:36:00.030 –> 00:36:04.110 doing a lot of conference calls and in, in my corny phrases, you know, 623 00:36:04.220 –> 00:36:08.940 help me prepare my closing arguments so that I can convince the jury not to 624 00:36:09.060 –> 00:36:10.700 sentence you to death. And so, you know, 625 00:36:10.700 –> 00:36:15.100 you work with retail agents and clients to find out, 626 00:36:15.490 –> 00:36:18.580 okay, what was done? Did you do a forensic investigation? 627 00:36:18.850 –> 00:36:21.380 What did the forensic investigation find? Maybe, 628 00:36:22.650 –> 00:36:26.520 maybe a third party was compromised and you weren’t, or maybe you were, 629 00:36:26.580 –> 00:36:29.520 but they found it and this is what they did to close it. If, 630 00:36:29.620 –> 00:36:31.680 if you’re sort of through all that, 631 00:36:32.220 –> 00:36:36.160 and especially if the forensic analysis has been done, 632 00:36:36.230 –> 00:36:39.360 even if there’s some hanging expenses out there, if, 633 00:36:39.420 –> 00:36:42.120 if the holes have been kind of buttoned up and so forth, 634 00:36:42.830 –> 00:36:46.960 then it makes it easier for us to, you know, produce better results for you. 635 00:36:47.060 –> 00:36:50.960 So we do see people that all phases, some that have never had a claim, 636 00:36:50.960 –> 00:36:54.280 some that have had a claim that’s open, some that are closed. Um, 637 00:36:54.340 –> 00:36:57.520 it doesn’t have to be the kiss of death, it just, it, 638 00:36:57.780 –> 00:37:02.320 it takes working with somebody that’s willing to invest the time to tell the 639 00:37:02.320 –> 00:37:04.960 story. And like you said, the paint in the best light. 640 00:37:05.350 –> 00:37:08.040 Yeah, that rehabilitation process seems important. And again, 641 00:37:08.040 –> 00:37:11.600 we want to be as proactive as we can, but you can’t pre, 642 00:37:11.600 –> 00:37:14.320 you can’t prevent against everything, right? So sometimes we have to be, 643 00:37:14.580 –> 00:37:16.840 you know, reactionary post-loss. Um, 644 00:37:16.840 –> 00:37:19.400 but I think that that rehabilitation process you talk about is critical, 645 00:37:19.620 –> 00:37:22.520 so mm-hmm. Nice to know that we don’t have to close our doors, you know, 646 00:37:22.840 –> 00:37:24.800 we can still reopen. It might be a little challenging for time, 647 00:37:24.820 –> 00:37:27.080 but everything is an opportunity to learn for sure. 648 00:37:27.580 –> 00:37:30.680 So let’s talk about that though. My next question, and this is perfect is, and, 649 00:37:30.680 –> 00:37:32.960 and, and Brad, I’ll go to you, I think you touched on it earlier, 650 00:37:33.690 –> 00:37:35.630 simple question, what do we do in the, in the, 651 00:37:35.650 –> 00:37:39.190 in the event of a claim or a possible claim is a better way to word it possibly, 652 00:37:39.190 –> 00:37:40.023 you know? 653 00:37:40.470 –> 00:37:43.190 Absolutely. So, uh, and Cynthia, I’m stealing one of your lines as well. 654 00:37:43.290 –> 00:37:45.030 We like to call it the bat phone. 655 00:37:45.120 –> 00:37:49.310 Every carrier now pretty much has a hotline established where they want 656 00:37:49.970 –> 00:37:53.550 the immediate thought thing, result. Whatever you think, 657 00:37:53.570 –> 00:37:55.830 if something seems off and whether, you know, 658 00:37:55.830 –> 00:37:59.390 definitively it’s a ransomware attack and you see a note saying your system’s 659 00:37:59.390 –> 00:38:03.070 locked up or something doesn’t seem right, or files were sent out, 660 00:38:03.770 –> 00:38:07.710 the carriers want you to call the hotline. And what it does is it put you in, 661 00:38:07.730 –> 00:38:12.470 it puts you in touch with one of their panel vendor law firms to 662 00:38:12.470 –> 00:38:16.670 establish privileged communication to figure out next steps and loop in the 663 00:38:16.670 –> 00:38:19.550 parties that may be needed to dissect what’s going on. 664 00:38:19.820 –> 00:38:21.630 Usually that’s to where I said earlier, 665 00:38:22.210 –> 00:38:24.430 the companies like the forensics investigations, 666 00:38:24.610 –> 00:38:28.230 if it warrants them going into the network to figure out what’s going on, 667 00:38:28.460 –> 00:38:31.270 sometimes it could be a blip or nothing. Um, 668 00:38:31.330 –> 00:38:36.020 and but the importance of it is waiting in a matter of minutes or hours 669 00:38:36.160 –> 00:38:38.380 can really extend the amount of a loss, 670 00:38:39.210 –> 00:38:40.860 tens or hundreds of thousands of dollars. 671 00:38:41.080 –> 00:38:45.620 So that’s why it is definitely a unique coverage to really any other insurance 672 00:38:45.670 –> 00:38:46.503 where the, 673 00:38:46.730 –> 00:38:50.660 they want you as the insured to call in the second you think something is wrong. 674 00:38:50.730 –> 00:38:53.860 They don’t want you to wait. Um, they don’t want you to hesitate. 675 00:38:54.250 –> 00:38:58.900 Hackers always also don’t hit at the right, at the perfect time for us. 676 00:38:59.050 –> 00:39:00.580 They hack at the perfect time for them. 677 00:39:00.630 –> 00:39:04.100 It’ll be at 2:00 AM when you’re in Jamaica on vacation. Um, 678 00:39:04.100 –> 00:39:08.340 it won’t be when you’re staring at your computer and prepared and really able to 679 00:39:08.340 –> 00:39:09.540 respond necessarily. 680 00:39:09.760 –> 00:39:12.700 So that’s kind of why the policies are set up to be a little unique, 681 00:39:12.700 –> 00:39:16.540 where it puts you in touch with those really those experts in that field to 682 00:39:16.540 –> 00:39:17.660 figure out, talk you through. 683 00:39:17.880 –> 00:39:21.300 And they’re called the breach coach because they essentially coach you through 684 00:39:21.420 –> 00:39:23.580 step-by-step what needs to be done, 685 00:39:23.640 –> 00:39:27.940 who needs to be involved with the end goal of mitigating loss, reducing, uh, 686 00:39:28.210 –> 00:39:31.580 expense, and getting you back up and running as quickly as possible. 687 00:39:32.460 –> 00:39:35.740 I, I’ll throw in a claim example there. I write a large, um, 688 00:39:35.740 –> 00:39:39.940 it’s a public school district and I had met with the, 689 00:39:40.000 –> 00:39:43.620 the agent and their, and the client several times, you know, myself, 690 00:39:43.620 –> 00:39:45.740 both in person and on phone and video. 691 00:39:46.320 –> 00:39:50.100 And so they knew me and it was a Friday night, 692 00:39:50.640 –> 00:39:55.600 Thanksgiving weekend, like Brett said, you know, holidays, 693 00:39:55.840 –> 00:39:57.520 weekends, nights when people, 694 00:39:58.300 –> 00:40:02.640 not everybody’s watching everything during the day. Yeah. And, 695 00:40:02.660 –> 00:40:03.720 and I was sitting outside, 696 00:40:03.720 –> 00:40:07.960 it was I think about 9:00 PM and I was sitting outside on our patio. 697 00:40:08.460 –> 00:40:11.560 We have a TV out there, we live out there and watching tv, 698 00:40:11.620 –> 00:40:13.680 that’s where I live in Florida, um, 699 00:40:14.640 –> 00:40:17.480 watching TV and my cell phone rings, you know, hi, 700 00:40:17.480 –> 00:40:21.240 this is so-and-so from so-and-so, and I’m thinking like, 701 00:40:21.240 –> 00:40:24.520 what is this guy calling me on a Friday night? And you know, as you say that, 702 00:40:24.660 –> 00:40:27.440 you know, and sure enough, they, he said, 703 00:40:27.440 –> 00:40:32.160 we are actively being attacked right now. And I’m like, here’s the backbone, 704 00:40:32.550 –> 00:40:36.760 call them right now. And they actually called me the next night and said, 705 00:40:36.820 –> 00:40:41.040 you know, by the next morning they had forensics and they had, you know, 706 00:40:41.040 –> 00:40:44.480 the attorney and so on and so forth launched and they were, 707 00:40:44.550 –> 00:40:47.640 they were so happy cuz the response was so fast and it, 708 00:40:47.980 –> 00:40:52.000 it went very far in mitigating the total cost of that claim. 709 00:40:52.650 –> 00:40:54.260 Sure. And I’m sure like a lot of things, 710 00:40:54.260 –> 00:40:55.620 we talk about coverages being different. 711 00:40:55.640 –> 00:40:58.300 I’m sure the response on certain carriers is, is better or, 712 00:40:58.360 –> 00:40:59.620 or not as up to par as others. 713 00:40:59.640 –> 00:41:03.140 So when you look to place a visa of business with a given carrier, 714 00:41:03.210 –> 00:41:05.500 that probably comes into the the thought process too. 715 00:41:05.640 –> 00:41:07.940 Who is gonna be best at response time, right? Ultimately, 716 00:41:08.120 –> 00:41:11.300 that’s what a carrier’s worth is, is when things are wrong, what do you do? 717 00:41:12.060 –> 00:41:12.890 Absolutely 718 00:41:12.890 –> 00:41:17.340 Good. So there is, there is hope, right? The bat phone analogy, the, the, 719 00:41:17.340 –> 00:41:21.780 the breach coach, all those are great things. Um, and immediacy is the, 720 00:41:21.800 –> 00:41:25.460 the key there, right? So, and again, not just, we know something’s going wrong, 721 00:41:25.460 –> 00:41:27.260 but we think something might be happening here. 722 00:41:27.560 –> 00:41:30.820 Err on the side of caution when it comes to communication with the company, 723 00:41:30.950 –> 00:41:35.020 right? So good to know. Um, and it’s safe to say that the carrier handles, 724 00:41:35.020 –> 00:41:39.140 when we get into a really, not just a breach, but a major situation whether, 725 00:41:39.240 –> 00:41:43.140 and we’re talking extortion, ransomware, the ca we’re, we’re, 726 00:41:43.140 –> 00:41:44.940 we’ve given up the reigns there, right? 727 00:41:44.960 –> 00:41:48.180 The carrier is handling all communication when it comes to any type of 728 00:41:48.180 –> 00:41:49.380 negotiation with a, 729 00:41:49.380 –> 00:41:52.700 with a bad actor as to the monies that are gonna be paid out that’s on them to 730 00:41:52.700 –> 00:41:53.533 make that decision. 731 00:41:54.710 –> 00:41:56.290 Uh, I’ll take that one if you don’t mind, Brett. 732 00:41:56.410 –> 00:42:00.530 I I think it’s really different by form. Okay. Uh, in general, 733 00:42:00.850 –> 00:42:04.970 I would say yes, that’s what most of the, the well-written forms are doing. 734 00:42:05.300 –> 00:42:09.770 There are some that are specifically written on a pay on behalf of where there 735 00:42:09.770 –> 00:42:11.130 are others that are saying, 736 00:42:11.270 –> 00:42:14.810 we will reimburse you for those expenses. 737 00:42:15.510 –> 00:42:20.170 So you would negotiate. But most of the carriers have kind of gone to this, 738 00:42:20.550 –> 00:42:22.330 let us handle it for you. Yeah. We 739 00:42:22.330 –> 00:42:22.610 Have the 740 00:42:22.610 –> 00:42:24.250 Expertise. We, we have the expertise. 741 00:42:24.430 –> 00:42:28.930 You’re gonna get our panel of providers that are discounted and we’re not gonna 742 00:42:29.010 –> 00:42:33.170 burn you through your limit so fast. Let us negotiate for you. And, 743 00:42:33.170 –> 00:42:37.050 and they do negotiate on ransom, believe it or not. Um, and, 744 00:42:37.270 –> 00:42:39.530 and they know a lot of times the, 745 00:42:39.550 –> 00:42:42.290 the people that they work with have handled so many breaches. 746 00:42:42.840 –> 00:42:47.130 They know like certain Bitcoin wallet numbers are associated 747 00:42:48.080 –> 00:42:51.530 with the x, y, Z threat actor group, right? 748 00:42:51.950 –> 00:42:56.690 And so they’ll have handled 20 other claims recently where they had to 749 00:42:56.750 –> 00:43:01.690 pay a ransom payment to that Bitcoin wallet and they know they got the key to 750 00:43:01.690 –> 00:43:04.850 the castle back so that the, the keys and the code, you know, 751 00:43:04.910 –> 00:43:09.570 the decryption key so that they could unlock that data where they may 752 00:43:09.800 –> 00:43:11.370 also look at one and say, well, 753 00:43:11.370 –> 00:43:16.250 we ha we worked with that and we paid a ransom and they never gave us 754 00:43:16.870 –> 00:43:20.810 the decryption key. That doesn’t happen too often. And I don’t know, Brett, 755 00:43:20.810 –> 00:43:23.410 when you were at Trevor Corvus, if you saw it, 756 00:43:23.690 –> 00:43:27.500 I think most of the time that’s their business, right? 757 00:43:27.600 –> 00:43:30.340 If they can’t deliver on that, then, 758 00:43:30.650 –> 00:43:32.780 then why would anybody ever pay the ransom? 759 00:43:32.780 –> 00:43:35.580 Because they’re known for not giving the decryption case. 760 00:43:35.580 –> 00:43:39.300 So it doesn’t happen too often, but a lot of those little nuances and insights, 761 00:43:39.480 –> 00:43:43.900 um, or even just knowing how well they negotiate and that kind of thing, 762 00:43:44.160 –> 00:43:46.900 are something that you really benefit from when you’re working with the 763 00:43:47.100 –> 00:43:49.460 providers that the carriers have have selected. 764 00:43:50.870 –> 00:43:53.980 Great. Good to know. We’ve covered a lot of topics and we’re approaching, 765 00:43:54.220 –> 00:43:57.380 I think, the 45 minute mark. So just a reminder to folks that are online, 766 00:43:57.480 –> 00:44:01.140 if you want your opportunity to ask questions, please take advantage of that. 767 00:44:01.140 –> 00:44:04.100 Now, we’re gonna be wrapping up here shortly, so it, this is the, 768 00:44:04.100 –> 00:44:05.940 this is the platform if you wanna do it. Um, 769 00:44:05.940 –> 00:44:10.500 it’d be a great opportunity to jump in. So final sort of segment for me. Um, oh, 770 00:44:10.500 –> 00:44:15.340 and we do have the, the results of the, uh, the initial poll question. So again, 771 00:44:15.340 –> 00:44:18.540 the question was, do you have cyber insurance? Uh, we’re about 50 50 here, 772 00:44:18.540 –> 00:44:22.860 so 57%, 13 out of the 23 respondents do, um, 773 00:44:22.920 –> 00:44:26.540 10 outta the 23 do not. So, uh, great opportunity to, 774 00:44:26.540 –> 00:44:29.900 to look at a potential program there. So, um, thank you for that, 775 00:44:29.900 –> 00:44:33.990 for putting that up. Um, so final question for me, uh, our final segment, 776 00:44:34.010 –> 00:44:37.430 if you will. You know, we’ve looked back, how did this all start? How, 777 00:44:37.430 –> 00:44:39.110 what has the development been like? Um, 778 00:44:39.110 –> 00:44:42.710 what has claims have been like in the past? Take a more positive spin on this. 779 00:44:42.710 –> 00:44:45.910 Let’s look into the future a little bit from your perspective, both of you. 780 00:44:46.060 –> 00:44:49.910 What do you feel like the future outlook is on the cyber liability markets? 781 00:44:50.350 –> 00:44:53.550 Specifically? Pricing expectations can never hold you to this, 782 00:44:53.550 –> 00:44:57.190 this might change tomorrow with some major event. I understand, um, 783 00:44:57.410 –> 00:45:00.950 the evolution of new coverages that maybe are in talks at carrier levels or 784 00:45:01.080 –> 00:45:02.910 could potentially come to market or, you know, 785 00:45:02.910 –> 00:45:07.070 just how does the consumer prepare, um, when, when volatility is, is the, 786 00:45:07.090 –> 00:45:10.110 the driver of an industry and how do we get ahead of that? 787 00:45:10.170 –> 00:45:13.830 So any thoughts on what the future might look like, be it six months, two years, 788 00:45:13.890 –> 00:45:14.910 or five years from now? 789 00:45:16.930 –> 00:45:21.410 I can absolutely. That’s a tough one. Very loaded. I, I’d say, yeah, I mean, 790 00:45:21.410 –> 00:45:21.690 Andy, 791 00:45:21.690 –> 00:45:24.370 I think you hit the nail on the head where something could hypothetically happen 792 00:45:24.610 –> 00:45:27.210 tomorrow. That blows my answer outta the water. But, um, 793 00:45:27.710 –> 00:45:32.090 the reality and the simplified answer is there’s always gonna be a home for best 794 00:45:32.090 –> 00:45:32.750 in class. 795 00:45:32.750 –> 00:45:37.370 It control businesses and businesses who are willing to invest in their IT and 796 00:45:37.460 –> 00:45:42.130 still need obviously the insurance. And even so for businesses that need help. 797 00:45:42.150 –> 00:45:43.450 And where that is, 798 00:45:43.590 –> 00:45:46.810 is obviously getting commentary and other educational insights, 799 00:45:46.810 –> 00:45:49.850 whether it be from your broker or, uh, a uh, 800 00:45:49.860 –> 00:45:54.690 contractor or a consultant to give insight into IT controls and to improve on 801 00:45:54.690 –> 00:45:58.730 those with the overall goal of still improving that posture. Um, 802 00:45:58.730 –> 00:46:01.970 but on the pricing side, I, I think barring a big event, 803 00:46:02.140 –> 00:46:04.370 which it’s not a matter of if, 804 00:46:04.370 –> 00:46:08.610 it’s a matter of when there will be another type of a a large scale event, um, 805 00:46:09.050 –> 00:46:11.850 i, I think the continuous kind of six month, nine month, 806 00:46:11.850 –> 00:46:15.770 12 month outlook is we’re sort of seeing a plateauing in the pricing compared to 807 00:46:15.770 –> 00:46:16.650 the last few years. 808 00:46:16.990 –> 00:46:21.730 But we saw such a rapid increase in pricing and restrictions in that time that, 809 00:46:22.110 –> 00:46:27.050 um, this was sort of to be expected in the way of, it’s sort of plateauing, 810 00:46:27.110 –> 00:46:31.130 but still, um, still up from what it was five, six years ago. 811 00:46:31.310 –> 00:46:33.690 So the hope and the realization, and Cynthia, unless you, 812 00:46:33.830 –> 00:46:35.770 I’m curious if you disagree, is, um, 813 00:46:35.850 –> 00:46:38.850 I think we’ll still continue to see the plateauing, good pricing, 814 00:46:38.920 –> 00:46:42.890 good coverage for those who have it controls in place that the carriers want, 815 00:46:43.470 –> 00:46:46.930 um, and more potential restrictions or higher pricing for those who, 816 00:46:47.030 –> 00:46:50.130 who may not. And especially in those sort of higher hazard industries. 817 00:46:51.380 –> 00:46:53.280 No, I, I agree. I think it’ll, 818 00:46:53.410 –> 00:46:57.960 it’ll plateau a little bit more until another big event happens where people are 819 00:46:58.100 –> 00:47:01.880 paying large amounts of funds. Um, 820 00:47:02.060 –> 00:47:06.120 one of the things that we’re seeing a little bit of a trend on is these 821 00:47:06.570 –> 00:47:11.240 widespread event type exclusions or restrictions. Um, 822 00:47:11.360 –> 00:47:16.200 I see that becoming a little bit more popular where it’s not, I, 823 00:47:16.640 –> 00:47:20.920 I wouldn’t say it’s the norm and we, we do all we can to avoid it, but I, 824 00:47:21.400 –> 00:47:25.680 I see that that would catch on a little bit where companies say, you know, 825 00:47:25.680 –> 00:47:27.720 if there’s a major catastrophic event, 826 00:47:27.730 –> 00:47:32.460 we’re gonna limit our coverage on ransomware, for example, or whatever coverage, 827 00:47:32.840 –> 00:47:37.820 you know, by X percent or, or maybe put a sub-limit on that type of coverage, 828 00:47:38.620 –> 00:47:41.750 primarily due to the aggregation exposure, right? You know, 829 00:47:41.750 –> 00:47:46.140 if you write a hundred thousand policies and, and you’ve got, you know, 830 00:47:46.160 –> 00:47:50.180 an average of 5 million or a million or whatever that it is on all these 831 00:47:50.540 –> 00:47:55.540 policies, it’s a lot of money to pay out in an event. So widespread event, um, 832 00:47:55.660 –> 00:47:58.700 I think will become a a little bit more restrictive. Um, 833 00:47:58.700 –> 00:48:00.740 we are seeing some trends, especially in London, 834 00:48:00.920 –> 00:48:04.990 has mandated that you can’t pay the ransomware payment. Um, 835 00:48:05.410 –> 00:48:10.040 and no, I’m sorry, that’s war. I always goof that up. Sorry, 836 00:48:10.660 –> 00:48:13.480 war, uh, they, they don’t want you to ensure war. 837 00:48:14.220 –> 00:48:17.960 And what happened in cyber is that the war in terrorism exclusions, 838 00:48:18.120 –> 00:48:20.600 a lot of people went and modified their form and said, 839 00:48:21.140 –> 00:48:25.440 but we’ll give you cyber terrorism. So Lloyd’s kind of mandated, 840 00:48:26.420 –> 00:48:29.920 and I think some people will try to follow it a little bit, um, 841 00:48:30.190 –> 00:48:34.000 that we can’t cover what, what they call a state backed event, 842 00:48:34.530 –> 00:48:36.720 which they’re classifying as war. 843 00:48:36.820 –> 00:48:41.590 So if you have a cyber terrorism event that is 844 00:48:42.220 –> 00:48:46.510 initiated at the urgent of say, Russia, I’ll pick on Russia, 845 00:48:47.370 –> 00:48:50.870 um, you know, when they determine that that’s a state back event, 846 00:48:50.870 –> 00:48:52.590 that they don’t want that to be insurable. 847 00:48:52.850 –> 00:48:57.430 So you may see some more trends towards other carriers kind of following that 848 00:48:57.430 –> 00:49:01.750 process, um, and some will do a better job than others as, 849 00:49:01.810 –> 00:49:05.270 as to what that’s divine defining. But from a pricing perspective, 850 00:49:06.130 –> 00:49:11.110 I’m not expecting any major increases barring another sort of 851 00:49:11.110 –> 00:49:12.630 high catastrophic type event. 852 00:49:13.770 –> 00:49:15.950 Got it. Yeah. That, that widespread event is interesting, right? 853 00:49:15.950 –> 00:49:19.830 Insurance is built for, uh, those that don’t have claims, 854 00:49:20.050 –> 00:49:23.310 pay for those that do, right? I mean, no, when we write Homer’s insurance, 855 00:49:23.530 –> 00:49:25.030 the entire country is not gonna, 856 00:49:25.250 –> 00:49:27.670 the homes of the entire country is not gonna catch on fire at the same time, 857 00:49:27.770 –> 00:49:30.030 let us hope not, right? We got major problems if we do, 858 00:49:30.090 –> 00:49:35.030 but cyber is one of these events, uh, where a number of people, thousands, 859 00:49:35.060 –> 00:49:39.390 tens of thousands of people could be hit simultaneously. Um, and insurance, 860 00:49:39.480 –> 00:49:42.350 quite frankly, the pricing is, it’s not built, uh, 861 00:49:42.350 –> 00:49:46.390 to handle anything of that scale. So that’s an interesting one, um, 862 00:49:46.390 –> 00:49:50.430 because a lot of people can get hit, uh, at the same time as you mentioned. Um, 863 00:49:50.490 –> 00:49:54.630 So we just, I, I’m sorry. I just gonna say we just had an email from, um, 864 00:49:54.930 –> 00:49:58.630 one of the companies and I sent it to our IT people and he went around and 865 00:49:58.740 –> 00:50:03.720 checked it out and had everybody update our outlook because there 866 00:50:03.720 –> 00:50:08.200 was a recent vulnerability affecting Outlook where people could send you email 867 00:50:08.620 –> 00:50:13.280 and you wouldn’t even have to open it and it could, uh, launch an attack. 868 00:50:13.300 –> 00:50:15.480 And so it was some new exploit. 869 00:50:15.780 –> 00:50:20.200 So that’s type of example and a lot of insurance companies, um, 870 00:50:20.200 –> 00:50:23.080 we didn’t talk about this, but I just want to throw this out there. Sure. 871 00:50:23.100 –> 00:50:26.640 Or we didn’t talk about it much. Um, the vulnerability scans that people do too. 872 00:50:26.640 –> 00:50:27.060 Yeah, I 873 00:50:27.060 –> 00:50:28.380 Was gonna mention that. I’m glad you said that. Go ahead. 874 00:50:28.690 –> 00:50:32.740 Yeah, you know, they do these vulnerability scans to kind of identify without, 875 00:50:32.740 –> 00:50:36.140 it’s a non-invasive scan, pings your website, um, 876 00:50:36.140 –> 00:50:39.500 and it can see kind of what software is communicating via the internet. 877 00:50:40.120 –> 00:50:44.460 And some of them will detect remote desktop protocol open, um, 878 00:50:44.480 –> 00:50:47.740 vulnerabilities or open ports, different things like that. 879 00:50:48.040 –> 00:50:51.060 But they can also detect like what versions are you, 880 00:50:51.060 –> 00:50:54.220 like when Microsoft Exchange had all these vulnerabilities, 881 00:50:54.730 –> 00:50:56.340 they could run these scans. 882 00:50:56.340 –> 00:51:00.820 These companies a lot of times do continuous monitoring and they run scans and 883 00:51:00.820 –> 00:51:04.460 they can see, oh, you’re running that version, that’s vulnerable, 884 00:51:04.520 –> 00:51:08.980 you haven’t patched it, and they can send a directed alert to that person, 885 00:51:09.880 –> 00:51:10.120 um, 886 00:51:10.120 –> 00:51:14.940 the contact for that insured and get that fixed before that 887 00:51:14.940 –> 00:51:15.860 exploit is, 888 00:51:16.120 –> 00:51:21.020 is ex or that that information is exploited and attack is conducted 889 00:51:21.020 –> 00:51:21.853 on them. 890 00:51:22.290 –> 00:51:24.220 Yeah, those vulnerabilities scans are interesting. 891 00:51:24.220 –> 00:51:26.420 I think it’s important to know if anybody’s ever been part of one, 892 00:51:26.420 –> 00:51:29.460 they’re a tool, right? They are not the rule type of thing. I mean, 893 00:51:29.490 –> 00:51:32.820 they’re intended to be a resource to provide some information. Uh, 894 00:51:32.820 –> 00:51:34.620 it is not an end all be all. For example, 895 00:51:34.740 –> 00:51:37.740 I was a part of one years ago and it said something about ports being open and, 896 00:51:37.760 –> 00:51:39.300 and we, and we got talking about it, well, 897 00:51:39.300 –> 00:51:42.020 the website can’t work if there aren’t some ports that are open, right? 898 00:51:42.020 –> 00:51:45.420 There’s gotta be a flow of communication. So, um, so yeah, 899 00:51:45.420 –> 00:51:48.820 they’re an interesting, uh, tool when the companies use them, but it is not a, 900 00:51:49.240 –> 00:51:53.420 we hope it not to be an end all be all on decision making, right? So, um, 901 00:51:53.420 –> 00:51:56.060 but in, in your comments, Cynthia, about the, the, the, 902 00:51:56.240 –> 00:51:59.300 the email that doesn’t even have to be clicked on being a problem. 903 00:51:59.410 –> 00:52:01.540 It’s interesting, right? The old rule of thumb has been, 904 00:52:01.540 –> 00:52:04.060 even if you open up an email that you think is bad, 905 00:52:04.060 –> 00:52:07.220 as long as you don’t click on the link, you’re sort of safe. Um, 906 00:52:07.320 –> 00:52:10.140 but to get to a point where even the receipt of an email, 907 00:52:10.480 –> 00:52:15.220 not a secondary action breeds, um, breeds a potential, you know, 908 00:52:15.220 –> 00:52:19.180 breach that’s, that’s concerning. So, but you’re, as you said, many, many times, 909 00:52:19.370 –> 00:52:21.340 they are one step ahead. These are very, very, 910 00:52:21.590 –> 00:52:24.700 these are highly intelligent people, uh, that are behind these efforts. 911 00:52:24.840 –> 00:52:26.860 So it’ll be interesting to see how the, 912 00:52:27.120 –> 00:52:30.740 how the world continues to develop in this space. So guys, 913 00:52:30.740 –> 00:52:33.060 we have covered a huge amount of topics. 914 00:52:33.160 –> 00:52:36.420 It is about 70 degrees here on Thursday afternoon. 915 00:52:36.680 –> 00:52:40.060 So the fact that we’ve maintained an audience, uh, 916 00:52:40.060 –> 00:52:43.500 for almost an hour on a very heavy topic, on a beautiful, uh, 917 00:52:43.500 –> 00:52:47.460 Sunday afternoon is a testament to the content. So I really appreciate you guys. 918 00:52:47.460 –> 00:52:51.220 You did an incredible job. Uh, I know that we have access to you at any time. 919 00:52:51.240 –> 00:52:53.700 So for, for clients that are on, or, 920 00:52:53.760 –> 00:52:57.420 or prospective clients that may be on that want to continue conversations about 921 00:52:57.420 –> 00:53:01.140 your specific businesses, we would love to do that. As a reminder, 922 00:53:01.140 –> 00:53:04.180 please hop onto our website, insurance choices.com, 923 00:53:04.490 –> 00:53:07.340 take a look at those IQ rms specific to cyber liability. 924 00:53:07.530 –> 00:53:10.300 Test out a couple other IQ rms on different topics while you’re there. 925 00:53:10.440 –> 00:53:12.940 And that’s a great conversation starter, um, 926 00:53:12.940 –> 00:53:17.620 from what you would like your cyber program to become or a, you know, 927 00:53:17.880 –> 00:53:21.860 an interesting look at what it already is. So, uh, Cynthia Brett, 928 00:53:21.950 –> 00:53:25.460 thank you so much for your time today. Uh, without question, 929 00:53:25.620 –> 00:53:28.860 I think I led with you saying you’re subject matter experts and you proved me 930 00:53:28.860 –> 00:53:32.100 right? So I appreciate all your time today. Thank you for everything. 931 00:53:32.140 –> 00:53:35.540 I hope everybody enjoyed it. Um, and then we’re always here if you guys need us, 932 00:53:35.600 –> 00:53:38.860 so we will have some more installments in our Risk Academy series coming up in 933 00:53:38.860 –> 00:53:40.460 the couple, in the coming months. Uh, 934 00:53:40.550 –> 00:53:42.940 we’ll make sure everybody’s aware of them and we look forward to doing this 935 00:53:43.100 –> 00:53:46.060 again. So guys, thank you. Thank you. Have a great afternoon. Thank 936 00:53:46.060 –> 00:53:48.660 You. We appreciate it all. Take care. Take care. Bye.
Search