As technology transforms the economy, businesses of all sizes have to navigate a new kind of risk: digital risk.

The most successful brokers will need to be prepared to help their clients navigate these complex risks. Our "Cyber Savvy Broker" series highlights forward-thinking brokers with the knowledge and skills to help their clients navigate this digital transformation.

This month, we talked with Jessica Centeno, Client Manager for Lockton Companies. Jessica shared why she gravitated towards cyber when she started selling insurance, why she’s passionate about helping her clients with cybersecurity strategy, and how management liability lines intertwine with cyber insurance.

How did you become a cyber insurance specialist, and what has changed most since you started?

I started my career in fashion and retail, so I had a sales background that I thought would be an asset in the insurance industry. I've always looked up to my mother, who works in the industry, as someone I could learn from. She introduced me to Gallagher, and I secured an internship — and that’s how I started my career as a producer. But I wanted to take a step back and learn more about the product I was selling to my clients. 

Out of all the products I was brokering, I gravitated towards cyber because it's unique and a newer product than most lines of insurance. It's transforming daily, and I enjoy being challenged with the constant changes of the developing product and market. So for me, it was an easy connection with that line of insurance. 

The cyber product has evolved tremendously since I started. The underwriting process has also changed immensely. Underwriters ask more questions, and the application process is so detailed. I feel like I've become an IT specialist because I’ve learned so much from the underwriting process.

What are your clients' biggest concerns when purchasing cyber insurance? 

Across the board, it’s responsiveness to an incident and a carrier’s claims experience. My clients want to ensure they are prepared for a cyber event. I find that everyone has gotten to the point where they understand it's not a matter of if but when a cyber attack will happen. 

Clients also want to find the right partner that will be there and be responsive. It’s important that I educate clients on their incident response plans, whether they have one to begin with, or if I’m helping them enhance the plan or create their first one. It’s important to know what to do and who to involve. Their overall spend on an incident ultimately depends on whether they’re prepared. I love that part of my job because I work with carrier partners like Coalition, who help me guide clients to take the steps needed to reduce their risk.

What do you look for when recommending partnerships for your clients?

How a carrier handles claims and the additional services offered. For example, continuous monitoring of my clients' networks for new vulnerabilities and the ability for my clients to talk to a security team to resolve one of those vulnerabilities. But it's not just carrier partnerships I look to introduce my clients to, but vendors and attorneys on Coalition’s recommended panel and those from within my network.

Responsiveness matters a lot to me, too. When my client needs something done, it helps to have a carrier that’s there for them (and me) when we have requests or questions. Working with a partner who values my client relationship and is willing to answer questions is key; Coalition excels at this.

How do you think cyber will evolve over the next few years?

I have an idea, but I wish I knew for sure! My clients ask me what's going to happen next all the time. The market will most likely harden again because the claims are increasing. It will also involve a lot of collaboration from the Executive Risks and P&C sides as cyber comes into play with their policies. For example, there can be property damage stemming from a cyber incident, and that intersection of Cyber and Property is known as "Silent Cyber." 

As an industry, we're still trying to understand what cyber should cover and not cover. Regarding D&O, we've seen claims in the public media about companies that don’t provide enough information on the severity of a cyber incident to their shareholders, which leads to suit. Another claim example we've seen on how Cyber can ultimately affect the D&O is when a cyber incident occurs, directors and officers have been sued, and their D&O policy has been triggered because of a negligent decision on purchasing non-sufficient cyber limits.

Cyber and Crime Insurance interrelate with Social Engineering. It's important to explain the necessity of holding both policies and how the coverage is triggered on each based on a social engineering incident.

It’s interesting to see how cyber affects D&O and interrelates with other coverage lines. We still haven't had decades of claims data like P&C or D&O. Cyber is still brand new; we need the claims data to show us how cyber is going to evolve.

What has the insurance industry done well to evolve, and where do you see areas of improvement?

It has conformed to what is happening in the marketplace. It's nice to see a carrier on top of things, and Coalition's always one of the first carriers I see share information saying, 'This is what’s going on, and here’s how we’re handling it.'

The uptick in cyber claims led to quick underwriting changes as we went from a soft to a hard market. But, as we figured it out together, it was a lesson for brokers, clients, carriers, and claims handlers. 

Underwriting consistency is an area for improvement. It's difficult when there's a lot of back and forth with each client to be thorough on submissions. When you're leading a marketing effort with the client, it becomes inconsistent at times and makes more work for the client when they're asked to complete a new submission for each carrier. It'd be more convenient for the client if markets could be more accepting of certain applications or have a streamlined approach to questions. 

What is the most complicated deal you worked through, and how did you keep it moving forward?

I don’t have one specific deal, but the most challenging—and my favorite part of my job—is teaching my clients the importance of cybersecurity hygiene. I help them understand cybersecurity culture and that they’re not just implementing multi-factor authentication (MFA) because their carrier is asking them to, it's because they’re protecting their organization from serious risk.

I also enjoy coordinating between IT and risk management teams and getting creative or strategic on a renewal. Discussing cybersecurity with them and hearing them brainstorm on new plans and protocols to put in place based on all the new things they learned from our team is the best feeling. That’s when I know we accomplished educating a client to realize the importance of their Cyber policy and security and truly helped them feel secure in an unpredictable market.

Improve your cyber knowledge with Coalition

Cyber insurance is one of the fastest-growing insurance products and a massive opportunity for brokers to grow their book of business. Coalition's Cyber Savvy program equips you with the tools and knowledge to deepen your cyber risk expertise and advise (and protect!) your clients. 

You can access more free Cyber Savvy Broker resources to continue your learning journey.