Specialty Podcast: RISKWORLD Recap – The Evolving Cyber Threats

Intro (00:00):
You're listening to the Alliant Specialty Podcast, dedicated to insurance and risk management solutions and trends shaping the market today.

CJ Dietzman (00:08):
Welcome back, everyone, to another Alliant Specialty podcast. CJ Dietzman here from Alliant Cyber and I'm joined by a couple of colleagues, Meghan O'Malley, from a cyber brokerage leadership standpoint here at Alliant Cyber, and Jay Stampfl, our leader for the Alliant Cyber business unit, and our team is fresh from RIMS 2023 out in Atlanta. What an incredible week it was; cyber risk and cyber insurability were critical topics all week. I know I was involved with dozens of meetings and interactions with clients, with Alliant colleagues, talking about practical and pragmatic approaches to optimizing cyber insurability outcomes, what's on the horizon for cyber insurability and cyber risk management for Q3, Q4 and beyond. And of course, what tactics are working today on the spirit of better cyber insurability outcomes, working with carriers, working with insureds, and collaborating with your broker. Meghan and Jay, thanks for joining. We were in the thick of it out at Atlanta RIMS this year. Super busy, the week flew by; tremendous turnout. Meghan, what were some of the key takeaways you had in the discussions, informal and formal, out Atlanta RIMS this year?

Meghan O'Malley (01:28):
Hey CJ, thanks for having us. Great question. First and foremost, I think it's that cyber is not just topical. It's not just a hot topic of the moment, but it really is something that is of concern to board members, to risk managers and to C-suites right now. It has been for a while, but I think we've just seen that concern grow steadily, especially over the last couple of years during COVID and the conflict in Ukraine. And I think what a lot of folks iterated to us is it's still a struggle. The obtaining of cyber insurance is still a bit of a struggle, a bit of an arduous process and so, I think our clients in particular are really thrilled at learning about the processes and policies that we're implementing to make the obtaining of quality cyber insurance a proper risk management and risk transfer easier and more beneficial to them. I think our clients also realized how important proper communication within the organization is, really bringing together a risk manager and a CISO, or a CTO, or a CIO, and how those groups of people really need to be BFFs. That rings true for a lot of our clients that we heard going, gosh, there needs to be more continual, better communication throughout the year between these different groups to more properly manage their cyber exposure and risk.

CJ Dietzman (02:39):
Excellent points, and I couldn't agree with you more. Perhaps one of the most exciting things for Atlanta RIMS 2023, for me anyway, was the diversity of the client representation that was out there. I remember the first RIMS sessions and the first RIMS conferences that I went to several years ago, it was basically the risk manager show and it still is - tremendous representation from risk managers from all industry sectors, talking to brokers, talking to carriers. And having said that, listen, that's still a key area of focus and key representation. But I've got to tell you, Meghan, and I know you were with me in several of those sessions, we had CISOs in attendance, we had CIOs in attendance, we had technology leaders, counsel, just a very different population, dare I say, representing insureds out at RIMS and it's refreshing to see that evolution. Jay, what do you think? Any key observations coming out of RIMS and all of the incredible activity we had out there in Atlanta?

Jay Stampfl (03:42):
Yeah, obviously a lot going on out there in RIMS and one of the things that I heard a lot from some of the client meetings that I participated in was clients asking us and talked to us about the cyber market - is it softening? And in reality, yeah, it's more capacity out there, not the increases per se that we have seen over the last several years. But then, I also had a lot of carrier meetings while we're there. And the one thing that isn't going to be softening and the one thing that is still going be a requirement from the carriers is strong cyber posture and overall cyber controls from clients. That's one of the things that I heard a lot in many of the meetings and conversations that I participated in.

CJ Dietzman (04:29):
Great stuff, Jay. And to that point, in several of the discussions and just listening to the voice of the insured out at RIMS this year, I heard the question more than once, is ransomware over? Has the market softened and is this the greener pasture for cyber insurance? Meghan, I'd love to hear your thoughts on this. My message to clients was, absolutely, we need to remain vigilant. We don't know what's on the horizon from a cyber threat actor standpoint. It was difficult to predict the ransomware epidemic five years ago. We had no idea literally, hockey stick and skyrocket 2019, 2020, 2021. Should clients be a bit skeptical, confident, however remain vigilant? What's your reaction to that?

Meghan O'Malley (05:16):
Yeah, I think ransomware's not going away. That's what we have seen, and back to what Jay was saying, it's not that underwriting has become easier because again, that bar, that threshold, hasn't lowered at all because ransomware hasn't gone away. So, underwriters are still having to underwrite appropriately to the risk, which is very much still there. But I do think our insureds are getting better at understanding how to protect themselves from the threat. And so maybe we're not seeing as many insureds actually having their policies pay out in the ransomware because they're detecting it earlier and if it does get in, then they're resolving it more quickly and easily, but it's not going away. And I think we just have to continue to be very vigilant about it, and I think a lot of our insureds have heard that message over the last couple years and really improved their security posture.

Jay Stampfl (06:01):
Yeah, and CJ, if I may, we know from looking at data this year that all the data's telling us that ransomware's up this year. We know that there's new ransomware groups out there. We know that threat actors are always going to become more sophisticated. We know the evolution of ransomware, right? Where years ago, it was, they would lock up your systems, encrypt your systems and ultimately hold the ransom to get the decryption keys back, right? Then, it's evolved to extortion. I would say that ransomware is something that is here to stay and something that our clients are going to have to remain vigilant in dealing with.

CJ Dietzman (06:34):
Great stuff, Meghan and Jay. What is your perspective? One of the things we have observed in the market and was certainly evident out at RIMS, is that there are various new players from a carrier standpoint, new entrance in the cyber insurance realm. Now, how has that impacted the market? How has that impacted the client and experience? Quite candidly, how has that impacted the brokerage experience from an Alliant cyber standpoint?

Meghan O'Malley (07:02):
Yeah, very fair observation, CJ. There definitely has been some new entrance to the market. There's also just been new capacity and I think again, it goes back to the underwriters underwriting their books better. So, they're therefore able to go back to putting up higher line sizes like they did back in 2018, 2019. And what it's done ultimately is driven competition. We're finally having more options on the table for our insureds, which is what we want, right? We want to get them not just an option, we want to get them the best option. So, it's really driving competition, both from a coverage perspective and mainly at this point from a premium perspective.

CJ Dietzman (07:36):
Meghan and Jay, thank you so much for your commentary. I've got to say what a week we had; RIMS 2023 in Atlanta was just a fantastic event. It's refreshing and exciting to see a return to normalcy coming out of the pandemic, getting together with insureds, with carriers, with clients, with friends, with Alliant colleagues. It was really a wonderful week. I think your comments really captured some of the best and most intriguing points that we heard from an Alliant Cyber standpoint. And super excited to get into action now with clients, with carriers, continue to bring better results as we look ahead to Q3, Q4 2023, and beyond. So, thank you so much Meghan and Jay both. Thank you everyone for attending this Alliant Specialty podcast, we'll speak to you next time.