While the cyber market has seen a flood of capacity in recent years, that does not mean all entrants into the space will be able to provide the individualized full spectrum coverage and risk mitigation a client may need.
“It’s so easy, especially if you’re a smaller business, to get blinded by the lowest price, but you can lose sight of what the cyber product really is,” said Brandon Middleton (pictured), the assistant vice president of cyber, technology and mobility at Liberty Mutual.
“[Cyber coverage] is not just a contract, it’s not just a piece of paper where the company cuts a check and hands it to you and says, ‘good luck’.”
In the event of a cyberattack to a client’s network, they need a team of people to come in and be able to walk them through that potentially catastrophic situation and get them back up and running as quickly as possible.
“And that becomes a very intimate relationship. They’ll be dealing with a breach coach and a law firm, sharing both personal information and confidential information with that firm,” Middleton said.
“If you’re not partnering with a carrier who understands your business and has taken the time to actually have that initial discussion with you, getting out on the other end of an attack will be much more difficult.”
Cyber insurance should not be seen as a commodity, but instead, a carrier’s most important operational risk on a day-to-day basis.
“Experts need to treat a cyber product as the real solution to managing, mitigating and sharing that operational risk with a team of experts that a client can partner with and build that long term relationship,” the AVP added.
“It is really about the whole account solution and the service capabilities that we can bring to the table beyond just the insurance contract that we’ve got in front of the client.”
In an interview with Insurance Business, Middleton spoke about how cyber threats vary from more common and historical loss events impacting the industry. He also discussed some emerging risk mitigation techniques that cyber experts are championing.
Within insurance, the property and casualty markets come with an expansive collection of historical data sets that can delineate capacity, rates and impending threats with far more lucidity.
“However, cyber is a relatively new product, and while we have been collecting data over the past decade, the data from five years ago might be irrelevant for tomorrow because we’re dealing with completely different threat vectors,” Middleton said.
“It’s a very dynamic space that’s constantly in motion, and we need to be able to respond to those risks quickly and effectively.”
While there are threat actors and hacker groups that will always be at the forefront of carrying out breaches, cyberattacks are also informed by other social/political phenomena.
“Geopolitical issues pose a great threat to cyber security on a global scale,” Middleton said. The Russia-Ukraine war is just one contemporary example of this.
“However, there’s also new vulnerabilities discovered in ubiquitous software that are used by various companies,” he said. “It’s something that cyber experts have to keep an eye on every day because things can change and escalate quite quickly and without notice.”
Having participated as a panellist at this year’s NetDiligence conference in Toronto, Middleton was also able to sit in on various breakout sessions and learn more about the new frontiers in cyber resiliency.
“At last year’s event, the buzzword was multifactor authentication,” he said.
“This year, everyone is more focused on strong backup controls.”
If, for some reason, a threat actor circumvents the protection that MFA delivers, strong segmented backups that offer data encryption and are stored in more than one place are what cyber professionals are strongly urging for their clients going forward.
“A client can go to those backups and hopefully restore their network so they may not have to deal with having to pay back a ransom to a bad actor,” Middleton said.
Additionally, the AVP believes that it is also prudent that companies and organizations continue to foster a culture that promotes cyber awareness and preparedness to each of its employees.
“Being able to get this information about a client as an underwriter is imperative, and it can also allow brokers and their resources to help build up that cyber posture within a company,” Middleton said.
