Elizabeth Harbison holds extensive years of international industry experience. She started her insurance career as an underwriter with major insurer Chubb. Now, Harbison is the first and current cyber practice leader at Crombie Lockwood.
With every cyber incident having its own unique DNA and bespoke policies proving popular, Insurance Business caught up with Harbison to learn more about the cyber insurance practice. In this Q&A, she talks about cyber risk and why she believes it is one of the top risk management issues for businesses today. She also shares the implications of revised privacy and data protection laws in New Zealand.
Insurance Business: Who or what has inspired you to be involved in the insurance industry?
Elizabeth Harbison: My father has been in insurance for over 30 years, but it was not until I met the St. Louis branch manager at Chubb, who would become a future mentor, for an informational networking lunch that I saw insurance in a different light. She was able to provide a unique perspective: one of career progression, opportunity and diversity that I had not associated with the industry previously. That conversation pushed me to apply for an underwriting job in management and professional liability, and ultimately is what led me to a career in insurance. Now, being able to share a common career with my father has given me a newfound respect for what he has been able to accomplish in his long career.
IB: You previously worked with Chubb in some of its USA branch networks. What have you learned from these experiences and how do these lessons help you now?
EH: My experience working for Chubb in St. Louis and Los Angeles was extremely impactful. Not only did I learn first-hand how to navigate a large acquisition, (ACE acquired Chubb in 2016 ), but also the importance of change and mobility when it comes to job opportunity. Each change in the larger organisation presented an opportunity for me to gain new exposure. The only way to get better and become more experienced in your profession is to put yourself in a position to gain that experience. Whether it is interacting with new people within your organisation, servicing new accounts, or taking on a territory – by putting my hand up for these opportunities, I was able to develop unique and diverse underwriting experience at Chubb.
IB: Tell us briefly about your role at Crombie Lockwood and in the industry as a whole.
EH: I am the cyber practice leader at Crombie Lockwood. Not only is this a new position for Crombie Lockwood, it is also a newly established designated practice. The cyber insurance market in New Zealand is still relatively new, so having a specialism practice is unique and a differentiator for Crombie Lockwood. While we have been educating our clients and selling cyber insurance products for much longer, building a designated practice shows the importance that Crombie puts on this evolving risk. Globally, cyber risk is one of the top, if not the top, risk management item for businesses today. My role is to build a structured practice around the sales process for our brokers and clients, ensure that we have the best product and coverage available, and create learning, development and risk awareness for cyber security inside and outside of Crombie Lockwood.
IB: Are New Zealand businesses well-equipped in terms of cybersecurity practices, i.e. having policies in place to prevent a cyber breach?
EH: While the majority of New Zealand individuals and businesses have experienced a cyber-related incident, the majority of that same group does not utilize cyber insurance to help them manage or transfer their cyber-related risk. There is a misconception that strong internal or outsourced IT will prevent you from facing a cyberattack. While cyber security mitigates your risk and is extremely important, a large number of cyber incidents are human error-related. As New Zealand businesses become more aware of the risk they face, it is important to realise that the best way to manage this risk is a unique combination of risk management and risk transfer. Cyber policies cannot prevent breaches, but they will provide you with the financial means to deal with a cyber-related incident quickly, with experts and in a way that manages your financial and reputational harm.
IB: What are the main challenges facing brokers today?
EH: We are in a tough market. As risk advisors, at every renewal we want to make sure that we are providing our clients with the best terms, coverage and pricing within the market. Each client prioritises their risk differently, but it is our job to make sure all elements of risk are always discussed. A lot of times with cyber insurance, clients are not open to discussing the risk because they do not think they are at risk, or don’t see the priority. Our biggest hurdle right now is breaking down those misconceptions and helping our clients understand their unique risk. We have so many clients that have passed up insurance and then suffer a non-insured event. These are the worst calls to get. When our clients suffer a loss, we suffer it with them.
The biggest risk that we face from the cyber market, is that it is constantly evolving. Cyber criminals are finding new ways to breach, attack, steal from, manipulate, impersonate and damage our businesses every day. The understanding of what “cyber risk” is and how to insure for it changes along with this evolution of cyber crime. At Crombie Lockwood, we are able to tap into our global Gallagher network and make sure we are aware of the latest coverage available, claims data and breach information.
IB: What are your predictions for cyber risk insurance in the years ahead?
EH: I think the biggest changes will come to cyber insurance once we have revised the privacy and data protection laws in New Zealand to include mandatory notification. Globally, this is a standard regulation and reflects the global awareness of this evolving risk. With this change, the fines, penalties and notification costs provided in insurance policies will be valued differently than they are now.
I also believe that with our increased awareness of data and privacy protection and increasing involvement with overseas partners, vendors, customers, etc.; that we will see cyber insurance becoming an insurance requirement for business/ service contracts. In the last six months, we have already seen an increase in this request, so I predict that this will only increase further.
IB: Outside the insurance business, what do you enjoy doing?
EH: Outside of insurance, I love travelling and exploring New Zealand with my husband. Living in Wellington, we have great access to the outdoors locally and the benefit of having easy access to both the North and South Island. We’ve loved exploring this beautiful country.
IB: Complete this sentence: If I wasn’t in insurance, we would be…
EH: I would be working as a travel consultant.