The digital economy has undergone tremendous transformations over the last few years. As a result, organizations large and small can no longer ignore digital risks that can quickly transform into adverse cyber incidents. Over the next decade and beyond, the most successful brokers will need to be prepared to help their clients navigate these complex risks. We created the "Cyber Savvy Broker" series to highlight forward-thinking brokers with the knowledge and skills to help their clients navigate this digital transformation.
Megan Griffanti has worked in risk management for more than a decade. She graduated from the University of Mississippi with a bachelor’s degree in Risk Management & Insurance and then joined AHT Insurance — a Baldwin Risk Partner — almost nine years ago. In the following Q&A, Megan shares the skills she believes are essential for being a tech-savvy broker in today’s market, how to provide the right guidance to clients, and what she looks for from insurance carriers in a partnership for her insureds.
Q: What are some skills that are essential for brokers when quoting cyber insurance at a time when cyber threats are seemingly unending?
First, it's being proactive with clients, knowing their exposures or vulnerabilities, making them aware of these, then finally providing a resolution for them. Specifically for cyber — about five years ago, we were automatically including cyber liability quotes with all insurance renewals as a recommendation because we realized this was a gap in coverage for our clients. Now, we’re constantly reminding all insureds it’s not a matter of if but when an incident occurs since the frequency and severity of claims are only continuing to increase.
Being an insurance broker is essentially two-sided: you’re the agent focused on policy language and renewals, but also you’re a risk manager and advocate for your insureds.
Q: What cyber skills do you believe are essential for brokers to navigate the hard market, and what new cyber skills have you acquired since collaborating with cyber insurance providers like Coalition?
With Coalition, we realize the true value of the Cyber Risk Assessment. With every quotation we provide to our clients, we’re including the results of the assessment, so they learn about this report as a resource. We’re notifying insureds of their vulnerabilities and providing various recommendations on how to address these risks through the assessment.
Another skill is being fully transparent with insureds. The cyber insurance market is crazy right now; we should stay ahead and prepare insureds for what their true cost will be so they can budget accordingly. We're also notifying clients that some insurance carriers are restricting their underwriting capacities. As brokers, we should be proactive with our communication and deliver this message to our insureds ahead of time so they can prepare. Additionally, we're forewarning insureds on contingencies, such as having multi-factor authentication (MFA) in place even to receive a Cyber Liability quotation or closing Remote Desktop Protocol (RDP).
We should advocate for our clients so they can better expect what their quote or renewal will cost, as well as try to help them mitigate their risks.
Q: As a broker what are your policyholders and prospective clients saying are their biggest concerns regarding cyber risk?
Specifically for the manufacturing industry, their main concern is having their operations shut down for a period of time due to a disruption or cyber incident. We know after incidents like Colonial Pipeline, cyber risk isn't just a digital risk. Threat actors have shifted their intentions from stealing data to disrupting critical infrastructure, and many do so through easily exploitable pathways.
Computers control all communications and processes nowadays, so this makes anyone at risk of being attacked, especially now for the manufacturing and industrial industries since the lines between information technology (IT) and operational technology (OT) are continuing to blur. Having manufacturers' operations shut down for several days due to their systems being locked by ransomware would be a huge loss of revenue for our clients and can have major supply chain implications down the line.
Q: What do you look for when recommending insurance partnerships to your clients?
First and foremost, we look at the policy — what insurance truly comes down to — making sure the policy language ties back to the organization's needs. With our manufacturing clients, we look to broaden terms such as computer systems to include Industrial Control Systems (ICS) and SCADA, so there's no gray area of what is covered, demonstrating to insureds that the policy is tailored to their operations.
We also pay attention to who the panel providers are — insureds should know who is going to be assisting or defending their organization. When a cyber incident occurs, it should be clear who to call. With Coalition, we make sure our clients understand and know to call Coalition's “911” number to reach the Incident Response team.
Other insureds will call their agent, then call their carrier, then call their counsel — that's just too many parties to remediate what's happening. You want the experts at hand, and speed is critical during a cyber incident. Unfortunately, too many organizations still don't have their preparedness plan in place, so we are reminding clients that Coalition is readily available with a team in-house.
Q: What do you think the insurance industry has done well to evolve? Where do you see areas of improvement?
The insurance industry has evolved to many carriers taking on the insurtech persona like Coalition, offering more than just a reactive insurance policy. Compared to other insurers, Coalition has a robust team of security engineers, analysts, and an in-house response team in addition to their underwriters.
Another way the insurance industry has evolved is by recognizing the partnerships many carriers offer. For instance, Coalition has various programs and resources that are included for their policyholders, such as Curricula offering free employee security awareness training. As a broker, we want our clients to leverage these security tools or resources and really take advantage of them.
Q: What do you see as the most significant challenges preventing the digitization of the insurance industry, i.e., lack of talent/skills, funds to invest in digital tools, change management?
At AHT, we want to be the best advocate for our insureds. Recognizing there was a gap in clients' insurance programs, Coalition helped give us a game plan to get in front of cyber risk.
"Our insureds are now asking directly about Coalition."
For instance, every year we would recommend one of our long-time clients purchase cyber liability insurance. Unfortunately, they were attacked prior to binding insurance, and their systems were shut down for months following a cyber incident. Coalition provided a quote (even after the organization had suffered through this incident) and assisted with implementing security measures to ensure incidents like these would not happen again for our client.
Cyber insurance is a key factor in addressing and mitigating cyber risk and can save your business time and money in the event of a cyber incident. If you’re looking to grow your cyber portfolio and would like to help your clients get ahead of their digital risks, get appointed with Coalition.