After taking some time to digest everything that we learned at the conference, I’d like to take a moment to share a few actionable thoughts on enterprise risk management. If you’re new to the blog or you missed my last piece, John and I attended RiskWorld in San Francisco last month. This was a well-timed opportunity to meet some of the top minds in our industry, as well as share the beginnings of our State of the Industry Report on the US’s Energy Sector with our peers.
Cyber Insurance: What Underwriters Want
One of our laser-focused goals heading into the convention was to speak with cyber insurance underwriters and their coworkers to see where cyber risk falls on their concern chart. We were thrilled to learn that this type of insurance was still very much top-of-mind, with two main goals for the future of underwriting these types of policies. Cyber insurance policies typically protect online infrastructure and assets for enterprises, organizations, and municipalities; for a quick briefing on the topic, take a look at my piece Insuring Unnatural Disasters.
Back to what we learned. At RiskWorld everyone we spoke to in cyber insurance wants to:
1. Reduce claims
2. Speed up underwriting
Not surprising given the topic. Work smarter, not harder, right? As I’ve said before, it’s easy enough to explain what cyber insurance is and why it’s important, so you’d hope these policies are flying off the shelf in the current political climate. Therein lies the rub: because of the sheer newness (by comparison to other parts of business operation) of this particular risk, enterprise risk management is often the elephant in the room. Executives hear horror stories about this business or that person who, having been hit with ransomware and suffered a severe breach, was sued or went out of business or both, because they didn’t have a clue they were at risk. Whether in business or in war, when human beings encounter something new and scary they try not to poke it until they have the headspace or the weapon to handle it.
Cyber Insurance: What C-Level Executives Want (Really, Really)
So, if you’re an underwriter for cyber insurance, or manage policies of this sort, here’s the weapon of choice for your clients. They need a turn-key, automated tool that takes a button press to spit out easy-to-understand facts. That’s what every CEO/CFO/technician wants once they learn there’s a need for an organization. Take payroll, or communication, or HR, for instance. Few CEOs walk into their first business with every talent needed to run the show. They learn the basics and acquire tools over time to speed up their processes. Enterprise Risk Management can be tailored and ready-made for each and every policy written for your clients.
Far from being scary, having accurate and well-maintained data on an organization's cyber risks arms the executives with the knowledge they need to plug holes or move on. For cyber insurance underwriters it means faster underwriting and more accurate data to base premiums on, making you more valuable as a carrier and broker.
John and I didn’t learn this stuff in school. We learned it in the trenches, we learned it on the ground with real people, and we learned it through countless real-world scenarios where cyber risk scoring has made the difference between a business and a hole in the ground.