The Cyber Insurance Academy recently selected Kelly Geary to lead some educational initiatives related to cyber risk for our Community. Kelly Geary is a seasoned cyber insurance expert and has substantial experience in running training sessions on coverages and claims handling in the cyber insurance sector. Our team interviewed Kelly Geary on the changes she has seen in the industry and the role of the broker during the course of her career, what needs to improve in our training and education of the workforce, and to get her tips on keeping up-to-date in such a fast-paced sector.
How has the cyber insurance landscape evolved over the course of your career, and what trends and key challenges do you see emerging in the space over the next 5 years?
The cyber insurance landscape – the market as well as the coverage – has evolved and changed significantly during the course of my career. I started getting involved with cyber insurance in or around 2005, when I was working in a claims and underwriting counsel role on the carrier side. At that time, the focus was on providing coverage for breach-response costs; primarily computer forensics costs and the costs to comply with the various breach-notification laws that were beginning to sweep the country. Coverages that are crucial today were hardly even considered in 2005. For example, cyber extortion coverage was being added as a “throw-in” for no additional premium at that time. Business interruption coverage was not even offered initially. The scope of coverage was very broad, terminology was wildly inconsistent, underwriting was cursory at best, and pricing was low.
Today, things are very different. Breach response coverage is still important but the focus has shifted to cyber extortion, cybercrime and business interruption coverages. Scope of coverage is more narrow today, underwriting is highly technical and pricing is a bit more thoughtful.
The key challenges in the next 5 years are similar to the key challenges that have existed with this product since its inception:
- The incredibly dynamic nature of the risk environment. The rate of change today has no historical precedent. The challenge for the insurance market is keeping up with the risk. Artificial Intelligence is the next big frontier; and
- Systemic risk. As society continues to increase reliance on technology, the potential for events that are systemic in nature increase – both from a frequency and severity standpoint.
The role of the cyber insurance broker has evolved considerably in recent years. How do you see the role of brokers taking shape over the next 12 months and what should they be doing to ensure their relevance in an increasingly competitive market?
The role of the cyber insurance broker changes as the market changes. The market changes based on the risk environment. A great cyber insurance broker needs to be immersed in the risk environment (network security as well as privacy regulatory) as well as the insurance market. The risks change more frequently than the policy wording does (or can). The broker also needs to have the technical resources to help clients respond to highly technical underwriting questions and advise clients when considering or implementing new technology.
What inspired you to get involved in cyber insurance education, and how does education on this particular risk need to improve?
I am intellectually curious by nature. The dynamic nature of cyber risk and insurance has always presented a challenge. You cannot become complacent in this area – it all changes too quickly. I enjoy taking complex topics and making them understandable. The insurance industry does not have enough cyber talent right now. The product is still relatively new, it evolves/changes rapidly, it is complex and, yet, all signs suggest this product will soon become a compulsory insurance product for businesses of all sizes, in all industry verticals, operating in any/all jurisdictions in the world. We need more talent!
In my opinion, education related to cyber risk needs to be more holistic. From a broad perspective, the risk transcends business size, industry vertical and geography. From a more narrow perspective, the risk transcends departments within an organization (HR, accounting, legal, administrative etc.), employee levels (C-Suite, Middle Management, Administrative Staff etc.) and business function (production vs. support personnel). Cyber education should mirror the manner in which the risk impacts an organization – entirely. The holistic and practical impact that cyber risk has on businesses is a key area that should not be overlooked from an educational standpoint.
What do you think are some of the most important skills or knowledge areas that insurance professionals need to have when it comes to cyber insurance?
Insurance professionals need to have:
- a base-line understanding of the key elements of network security and important security controls necessary to mitigate loss (note: this is always changing so this needs to stay current);
- a high-level understanding of the privacy regulatory environment;
- a technical knowledge of cyber insurance coverage and how cyber products can/should interact with traditional insurance products;
- solid knowledge of how cyber claims proceed and are handled;
- an understanding of the insurance market as a whole as well as an understanding of the cyber insurance market – and how they impact each other.
How do you stay up-to-date with the latest developments in cyber insurance and cyber risk? Please provide your top 3 resources.
- Social Media: Follow thought-leaders in the space/watch their posts.
- Cyber Conferences: Participate as an attendee or as a Speaker.
- Relationships with Cyber Insurers and Cybersecurity Professionals: Have regular conversations with cyber underwriters, claims professionals and cybersecurity experts about trends in the risk and claim environment.
Stay tuned for Continuing Education Learning Opportunities with Kelly Geary – coming up in the near future.