Recently I was reviewing a number of reports made available by Forbes, Advisen, Deloitte and a variety of others. In the course of this review, I stumbled on an interesting video where to insurance experts gave differing opinions of the sustainability of the cyber insurance marketplace.
Given the fact this video was from 2015, I thought it might be of interest to jot down some of the key points and then see how some of these topics and predictions fared over the last two years.
I had the privilege of speaking with one of the two panelists, Sarah Stephens with JLT Specialty Limited. Sarah has been in this space specializing in cyber coverage since 2006 and is highly respected in both insurance and cyber arenas. I asked her about her thoughts on the industry and what, if anything, has changed her opinion on her positions back in 2015. Her responses were very enlightening.
First off, it was great to speak with an industry practitioner that firmly believes you cannot properly assess an applicant’s cyber risk profile by merely looking at it through a “technical lens.” Ms. Stephens made it a point to discern that a client’s “culture” in how it addresses cyber risk is more telling than what type of security technologies it has in its arsenal. We touched upon technologies like BitSight, Security Scorecard and others. She said the problem that exists when you rely too heavily on these solutions is that you do not evaluate the intersection of process risk with technical risk.