Q: How did you get into the cyber insurance industry?
A: My career has been about following emerging and novel risks – as cyber exposures developed, I developed my skills accordingly. Two important triggers that expedited my interest in cyber risk were Y2K and reading “The Cuckoo’s Egg” by Cliff Stoll. Finally, I’ve had an interest in technology since I purchased my first computer in 1986 and learned how to navigate “DOS” – as a result, I assisted our computer consultants, throughout the late ’90s and early ’00s and gained a better understanding of networking and technology troubleshooting.
Q: What brought you to the Certified Cyber Insurance Specialist (CCIS) course?
A: I already had expertise in handling cyber risk exposures and innovation risk but, after several weeks of deliberations and consultations with Asaf, the Academy’s CTO, I decided that the course was the logical next step for me to take in my career. And I am glad that I agreed to it as the CCIS course has filled in knowledge gaps and has made me a more well-rounded cyber insurance professional.
Q: The Cybersphere is brimming with buzzwords. Which buzzwords have you previously had difficulties with and are clearer now thanks to the CCIS course?
A: The technology section provided excellent definitions for many key terms used throughout the industry. In particular, it filled in gaps in my knowledge of sector-specific acronyms. I have found that a better understanding of how to apply specialist vocabulary to my professional conversations has made it easier for me to establish trust both with other industry professionals and with clients.
Q: What tools and skills has the cyber insurance course equipped you with so far?
A: The technology and cyber-focused aspects of the course helped me to better understand frameworks for cyber security from both a theoretical and practical perspective. This was an academic gap that I hoped to fill when I started the course and I’m confident that I have now achieved this. I was also able to use the course as a springboard for further, personal research to embellish some of the concepts taught. In the insurance-focused part of the course, I found learning about sector-specific needs and the use of technology as an underwriting tool particularly helpful.
Q: Thinking about the current cyber insurance products on the market, what do you think needs to change soon?
A: Businesses need to understand that cyber security is critical to protecting democracy. We cannot have billions of dollars drained from economies to finance the activity of hackers and their sponsors. I think this is overlooked in terms of business responsibilities. Cyber insurance underwriting and cyber insurance products facilitate more effective cyber security, particularly for small and medium-sized businesses where cyber security may be lacking (due to limited awareness and finances). The benefits of good cyber hygiene go far beyond financial stability, and this needs to be recognized more universally.
Q: Where do you see the Cyber Insurance market in the next 3 years?
A: I anticipate closer collaboration and partnerships between technology companies and insurers and a stronger emphasis on employee awareness programs.
I hope that we’ll see initiatives from the cyber insurance industry to bring cyber education into high school programs, as I’m concerned about the disconnect with and lack of understanding of cyber security in a generation that has grown up with an abundance of social media and increased digital connection.
I believe next-generation cyber security products will take a modular approach (as some insurers are already doing) and that the approach may involve insurer-provided, managed detection and response services (i.e. risk management services), in preparation for evolving cyber threats. I’d like to see more insurance products for SMBs that are package policies built around the cyber and digital exposures of today. I believe we’re at a point where we must be incorporating (to the greatest extent possible) coverage for bodily injury, property damage, environmental events, and other physical perils, into cyber coverage programs. As an industry, we should be vocal about standards for built-in security in IoT devices.
I have some personal thoughts on how new insurance products should be designed, but they will take some innovation to get beyond traditional insurance-speak. Having noted the latter, the insurance industry should be proud of its response and development of products to address cyber risk. I’m looking forward to the future.