Brokerage Ops the July/August 2017 issue

Office Exposé

Every organization has valuable data to lose.
By Ken Crerar Posted on July 18, 2017

We’re all aware of cyber risks in this day and age—both after hours and during the work day—and everyone has malware in place to deal with the obvious, but that doesn’t necessarily mean you’re bulletproof—or that your employees are adhering to the rules.

Organizations of all sizes are becoming more aware of the prevalence of cyber risks. In fact, cyber insurance is expected to grow from $2 billion today to more than $20 billion over the next decade. While the market is one of the fastest growing, it’s also a long way from stabilizing. This means a few things: hackers will continue to attack; clients will remain confused; and brokers will need to better understand threats and policies. 

It’s a great opportunity…if you know what you’re advising.

One of your biggest threats is your employees. Those unattended devices left to fend for themselves at closing time hold confidential information, and whether or not your employees are the culprits, others—like contractors, business partners or the cleaning crew—can get their hands on sensitive data. Some will use it, some will sell it. According to Carnegie Mellon University’s 2016 Annual State of Cybercrime survey, nearly half of respondents reported an insider breach, and 30% of respondents said cyber breaches caused by insiders were more costly than external attacks. Daytime infractions happen all too often through innocent (but preventable) missteps involving use of cell phones, spam, thumb drives and unsecure networks. A recent Verizon study noted that 66% of malware is installed through email clicks alone.

How hard are you actually looking at your known (and unknown) vulnerabilities? Are you prepared to deal with them? Do you even know what they are?

According to The Council’s May 2017 Cyber Insurance Market Watch Survey, organizations are still not doing enough from a cybersecurity standpoint. Only 31% of respondents’ clients have a proactive information security program in place with capabilities in four key areas: prevention, detection, containment and response/eradication.

Therein lies the hook. Brokers are integral in educating clients about cyber risk and individual exposures. And most brokers claim (72%, according to our Market Watch survey) that they have a strategic approach to marketing and educating clients about cyber risks. But white papers, PowerPoints and webinars only go so far in arming your clients and your employees with the tools and training they need to make a difference. When’s the last time you considered a cyber audit of your own?

It’s hard to advise clients if you don’t have your own house in order.

Cyber security has reached new levels across state and government lines. The National Association of Insurance Commissioners (NAIC) is knee deep in efforts to implement a data security model act. Though some in the insurance industry are skeptical about its prospects, if adopted, the model act could provide a path toward uniform state cybersecurity standards for the industry.

And in New York, regulators have implemented a robust financial services cybersecurity rule that applies to every individual and entity operating in New York under the banking, insurance or financial services laws. By the end of August, all individuals, agencies and brokerages licensed in New York have to operate with a lengthy list of technical requirements designed to maximize a firm’s cyber security (with some limited exceptions).

Expect these hefty regulatory requirements to pop up in other states, too. Love ‘em or hate ‘em, these rules and regulations aren’t going away anytime soon. And it’s not just the rules and regulations that provide legal accountability. Past, present and future cyber risks are omnipresent and pose potentially substantial risks to the bottom line by lawsuits, D&O liability, even to M&A transactions. The sooner you get a handle on it, the better.

Get your house in order from the top down and the bottom up. No one has the resources to eliminate cyber risks altogether, but investments in training, education and onboarding for your entire staff can help employees understand what can happen when they aren’t vigilant. Open their eyes to all of the potential exposures and insider threats (and sign up for our Cyber Watch newsletter at while you’re at it). The better you understand the dangers and vulnerabilities lurking around the corner, the better you can advise your clients with their own cyber risk management strategies.

Ken Crerar President & CEO, The Council Read More

More in Brokerage Ops

The Remote Work Rulebook
Brokerage Ops The Remote Work Rulebook
Discover new rules for training, onboarding and team-building.
Brokerage Ops Curiosity Killed the Cat. Or Did It?
Organizations that encourage continuous learning will reap the benefits.
The Risk of Being the Bearer of Bad News
Brokerage Ops The Risk of Being the Bearer of Bad News
“Shooting the messenger” is more than a metaphor; it’s a psychological phe...
Pandemic Sparks Service Model Creativity
Brokerage Ops Pandemic Sparks Service Model Creativity
COVID-19 pushed the work-from-home model forward at breakneck speed, but Patra k...
Sponsored By Patra
A Virtual Fireside Chat on Diversity, Inclusion & Innovation
Brokerage Ops A Virtual Fireside Chat on Diversity, Inclusion & Innovation
Q&A with Shelly Bell, Founder & CEO, Black Girl Ventures
Innovation & Inclusion
Brokerage Ops Innovation & Inclusion
A virtual Q&A with BTV's task force on innovation and inclus...