Expertise counts as cyber-risks increase
XL Catlin brought out some of its best cyberexperts for a seminar focused on the present and future impacts of cyberliability on all lines of insurance.
Key members of its Bermuda and New York cyberteams, including a “certified ethical hacker,” showcased how the company is moving forward in the rapidly evolving cyber-risk space, and how others can better protect their organisations.
A few years ago the technology book, which includes cyberliability, made up a very small portion of XL Catlin’s business, but that has changed.
“We have grown the book tremendously. From four years ago it is now probably 20 times larger. The growth has been exponential. The main drivers of that have been high profile instances within the cyberexposure world and the demand to buy larger limits,” said Matthew Irvine, XL Catlin’s Bermuda Professional Lines chief underwriting officer.
Against that background, the company hosted a cyberliability seminar, believed to be the first solely presented by an insurer in Bermuda, to showcase its abilities and “thought leadership” in the realm of cyber.
The seminar was held at O’Hara House, and was attended by brokers and individuals from member companies of the Bermuda Insurance Institute.
One of the speakers was Bermudian Noel Pearman, who is a driving force behind XL Catlin’s professional cyber initiatives in Bermuda.
He has a keen interest in the sector and his background includes a secondment three years ago at XL Catlin’s New York office, where he learnt from and worked alongside colleagues focused on understanding cyber-risk and developing cyberliability resources.
Mr Pearman said: “The market has matured significantly since we started writing the business. Insurers have a better grasp of what the risks are. They are better able to marshal the appropriate individuals inside the organisation; they built up their infrastructure. Senior management has been driving it.”
It is clear to see why. High profile cyberattacks in the past few years have had devastating consequences for the reputation of corporations and organisations. An example is US retailer Target, where a cyberbreach in December 2013 compromised personal details of an estimated 110 million customers. A few months later Target’s chief executive Gregg Steinhafel resigned.
Such events have brought cyberexposure into greater focus. That in turn has accelerated the learning process for companies, and insurers, as to how best handle the emerging and evolving cyber-risks.
“Underwriters have been gaining experience looking at more and more risk, but also equipping themselves on the technical side,” said Mr Pearman.
That was demonstrated at the seminar by Sean Donahue, an assistant vice-president with XL Catlin in New York, specialising in cyber and technology. He was the event’s “certified ethical hacker”, and he gave a live hacking demonstration to show how quickly a company could be compromised through a basic cyberbreach.
Using resources to be found on the deep web, which is part of the internet essentially hidden from public search engines, Mr Donahue revealed how easily he could locate programs to exploit deficiencies in webhosts running older versions of software.
He also highlighted the dangers of social engineering, where background details about individuals are harvested from the internet then used in phishing attack e-mails carrying links to websites booby-trapped with malware.
Mr Pearman said hiring people with technical skills to work alongside underwriters was one way to improve understanding cyber-risks and being able to communicate that to clients.
“It makes for a more mature marketplace. We are growing in our ability to tell a good risk from a bad risk,” he said.
Mr Irvine said XL Catlin was accessing and discussing cyber-risk with high level executives, such as chief information offices, within companies and organisations.
“They are extremely busy people, but they recognise the importance of their risk and the importance of getting the information to us, their underwriters,” he said.
“Having access to that level of individual and information within an organisation is key to us understanding the risks.”
He said the seminar was an opportunity for the company to share its insights with others.
“What XLCatlin articulates to the market in all the lines, but especially cyber, is the thought leadership role we provide to the underwriting community,” said Mr Irvine.
“We have the best underwriters, the best experience and talent base. It is very important to make sure the market and our clients understand that, and there is no better way to showcase that than with our guys at this kind of a conference, with brokers and others in the community with an interest.
“The goal was to show the talent we have here, the capabilities, and highlight that XLCatlin Professional, under Noel’s stewardship, really are the thought leaders. We also want to educate; we want our market to be better, our brokers to be better.”
Mr Pearman believes cyberliability will not remain in a “silo” to be stewarded by experts.
He said: “Eventually we are all going to have to be much more conversant in these risks. We want the conversation to start happening across our organisation and all of our trading partners.”
Also at last week’s seminar, representing XL Catlin’s New York team, was Maura Weise, vice-president underwriting manager, and Jeremy Gittler, practice leader - head of cyber Americas claims.
Another of the speakers was Jennifer Minors, a vice-president and underwriter with XL Catlin in Bermuda.