Carrier Management
Run Time: 34:43

EP. 17: Leading by Example: How Insurers Can Manage Cyber Risk Within Their Own Operations

1 Star2 Stars (+81 rating, 79 votes)


Embed Video

Use the below code to add this video to your website.

Insurers often advise clients on cyber resilience, however, many in the industry overlook their own risks or struggle to take their own advice to insureds, according to guests on this episode of The Insuring Cyber Podcast.

“I'm not sure that our cyber risks are all that different than many of the office-based risks that we insure,” says Steve Aronson, CEO of independent insurance agency Aronson Insurance and a board member of ID Federation, a non-profit insurance organization that created the trust framework called SignOn Once. “So it's time to slow down and take a little bit of our own advice.”

But when it comes to cyber risks within their own operations, how can insurers make sure they’re protected?

“Pay attention,” Aronson says. “Listen to the stories in the news. Listen to the advice you're giving your clients. Listen to the stories that other businesses are having difficulty with and think about how that could happen to you.”

It’s something Aronson knows all too well, as he shares during this interview a story about a time his own agency experienced a cyber event. While his agency was able to take action and handle the event quickly, other agencies may not be so fortunate if they’re not paying close attention, he warns.

“You've got the litigation to defend, which is not only the cost of the attorneys but the time and the energy that it takes to put together a defense, let alone trying to figure out what the heck happened,” he says. “And maybe as large or maybe more painful is the loss of reputation. It could kill an agency, particularly those in a smaller area where reputation is everything.”

Rob Terrin, a cyber professional with a focus on mergers and acquisitions, fintech and catastrophe modeling, says earlier in this episode that while the insurance industry’s notoriously slow pace in adopting change can often be helpful at times, as it allows the industry to make calculated, informed decisions, this approach can be at odds with the pace of technological change.

“Technological change is happening so quickly,” he says. “These organized crime ecosystems are developing in these economies, developing so quickly, that the insurance industry I think probably needs to step up its game in terms of responding with speed and with focus on this issue.”

However, he says the insurance industry does have a couple of advantages when it comes to handling cyber events within its own operations.

“I think one really cool thing about the insurance industry is the best insurers have built this culture of risk management,” he says. “And it's one of the few places in the business world where you see this kind of long-term thinking and this incentive structure, particularly on the underwriting side, where these companies have built really impressive cultures. In some ways, that's a huge step up from the rest of the financial services industry or business at large.”

Another advantage that he points to is the insurance industry’s wealth of data, which can assist with cyber risk management.

“Insurance can really lead the way here,” he says.

Even so, Aronson urges caution and careful planning as cyber risks continue to ramp up for every industry, including insurance.

“I'm fearing that every organization is going to have some kind of event somewhere along the way,” he says. “Do I think it's inevitable? I'm afraid it is.”

Check out the rest of the episode to see what else Rob and Steve have to say, and be sure to check back for new episodes publishing every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.

Other videos you might like: