In this episode, Martin Hinton speaks with Ryan Mimmo, Head of Underwriting at Converge Insurance, about the evolving landscape of cyber insurance. They discuss the challenges of underwriting in a rapidly changing environment, the importance of cybersecurity education for businesses, and the need for comprehensive coverage. The conversation also touches on the role of government in regulating cyber insurance and the significance of continuous training to mitigate risks. A case study on the CDK breach highlights the far-reaching impacts of cyber attacks on industries.
Find the Cyber Insurance News and Information Podcast at all the usual spots:
Cyber Insurance News Podcast Episode #3 Transcript
NOTE: This transcript, or log, of the episode has been checked for accuracy but you should verify any items against the video to be sure. Trust, but verify.
Martin Hinton (01:25)
Hi, welcome to the next episode of the cyber insurance news and information podcast I’m your host and the executive editor of cyber insurance news Martin Hinton Joining me today to discuss all things cyber insurance is Ryan Mimmo. He’s the head of underwriting at Converge insurance
Ryan Mimmo (01:38)
I can, yes.
Martin Hinton (02:04)
And I’m going to let him tell us a little bit about how he got to that role and a little bit about Converge. So Ryan, go ahead.
Ryan Mimmo (02:11)
Martin, thanks for having me today. Appreciate it. Yes, and some background about myself. I’ve been in the insurance industry almost on 20 years now. I started my career back in the claims side at a large traditional carrier. From there, I moved on to the broker side and eventually fell into underwriting. Cyber wise, about 10 years ago, I’ve worked at a traditional carrier and also smaller startups working with wholesale and retail brokers.
And I’ve now found myself here as the head of underwriting at Converge. And Converge, I’ve been around for two years and we blend traditional underwriting with tech-driven insights.
Martin Hinton (02:52)
So tell me a little more about that. Is that AI? We hear a lot about AI both in the cyber crime and the cybersecurity side of things. Is that what you’re talking about?
Ryan Mimmo (03:03)
Yes, AI has something to do with it. In terms of traditional underwriting, we still want our underwriters to go through submissions that brokers submit and really see what core controls are in place for the potential insurers that we would offer policies to. AI is also a feature that we have here at Converge. It helps underwriters. Life’s a little bit easier in terms of submission comes in, artificial intelligence can scan the app and help the clearance process.
to get the account cleared so we can review the account more quickly and efficiently within our platform. Also, AI can be used to do scans of the insured to see what potential other underlying issues may lie that the application doesn’t tell us. And those scans are used to really help the insured. It’s always about learning and how they can better increase their cybersecurity posture.
Martin Hinton (03:57)
One of the things that we discussed in the sort of conversation we had earlier was the sort of broader state of the cyber insurance industry. It’s the 30,000 foot view. It’s an incredibly relative to the rest of the insurance business, new product. Where do you think the market stands with regard to its size now and what’s coming in the future? And there’s no shortage of reports about the threats that companies face.
Give me a big picture view of the industry as you see it.
Cyber Insurance News Podcast Continued.
Ryan Mimmo (04:28)
I mean, cybersecurity landscape is constantly evolving. There has been increase in sophisticated threats like ransomware and phishing, which then demands to really safeguard individuals and organizations. And those sophisticated threats are finding now more AI related. And artificial intelligence to me is a double-edged sword, meaning on one hand, if organizations can harness AI properly,
they can usually detect, prevent, and predict cyber attacks in the future, and ultimately increasing their cybersecurity posture. On the other hand, you have AI being used by cyber criminals more and more now, and they are more effective, leading to higher payouts. So, and then what type of AI they’re using is, we see AI-driven phishing attacks and deep fakes.
And actually funny enough today, I was watching Squawk Box and they had an individual on today talking about AI and how they’re using more and more deep fakes. And growing up, I was always told not to share my social security number, right? Identity theft. But now what we’re really starting to see is we’re a culture of sharing, meaning that we are constantly posting on social media, either pictures of ourselves or family or videos. So they have our voice or mannerisms and they’ve taken that information.
and creating defects of that, it’s much harder to really realize what’s legit or not.
Martin Hinton (06:03)
Yeah, mean, you touch on the risk that this creates. And one of the things that I’d like to hear about is the difficulty given the pace of evolution, relative to other forms of insurance like homeowner, the limited data about the threat and the fact that the threat’s changing, that changes the underwriting process for you and other companies writing cyber insurance policies. How is it different from other forms of insurance in that respect?
Ryan Mimmo (06:32)
Well, cyber, like I said, is constantly evolving. We’re still in our infancy stage compared to other lines of business. So we don’t have a lot of historical data. So that means cyber threats are unpredictable. So in the last 15, 20 years, the cyber policy has changed. It is broader now. It takes on other risks that potentially they wouldn’t have thought to put into a policy 15, 20 years ago.
crime is now thrown in there as well as just one example. So as the space continues to evolve and we see more losses come in, underwriters have to change their approach on underwriting. And that can be terms of what type of questions are on the application, what scans provide to follow up brokers to ask questions to their insurers, and also constantly educating underwriters. That means
Here Converge, we talk to our claims team on a regular basis to see what trends are out there in terms of claims that are reporting. We talk to our product team, who then in turn talks to our claims team because we want to make sure that what we see coming in the door, is that the type of coverage we want to provide or do we need to start to provide certain coverages? And then we take that information to educate our brokers, let them know what we’re currently seeing in the marketplace, and then they can pass that along to potential insurance as well.
Cyber Insurance News Podcast Continued.
Martin Hinton (07:51)
So putting on my small business owner or medium sized business owner hat, this isn’t like getting into policy for fire or theft or things that would be a normal part of your business insurance. If I’m coming to you or I’m coming to your brokers more specifically, what are the sorts of things that I should expect that are gonna be unlike my prior experiences in insurance? And then also, what are some questions to ask? What are the things that you should be looking for in a policy that
you know, decide whether or not it actually covers you from the risks that you think exist now. And then how often, I mean, I know you typically renew a policy for certain things every year, but if you suddenly see a new threat evolve and it’s specific to say your industry, is there a sort of way to, you know, check in with the brokers and that kind of thing? how would you, you know, what guidance would you give a small or medium sized business owner in that respect?
Ryan Mimmo (08:47)
Great question. Frankly, cyber is a business exposure and not just a security exposure. So the conversations should start at the board level or the equivalent of depending on the size of the organization. And if you happen to have a chief information security officer, they should also be involved in the conversations with the board at that level. They would truly understand the business best and what potential exposures they have.
That is their job. And we see this more and more now that organizations are hiring CISOs and bringing them into the board levels to have that conversation because they do understand the true risk and the true exposure that the company has. And that’s a good starting point from there. Then the CISO or the equivalent of can reach out to a broker and start to explain what type of cyber coverage they’re looking for or the exposure of their business to make sure they get proper placement.
Because an insurance policy really is just financial protection, not just against ransomware either. There’s also other elements to it that we’ve seen the evolution of this IRA policy as well in terms of covering expenses, which can be forensic expenses. It could be notification costs, legal fees, regulatory fines, and penalties.
I know you touched on if other threats come up during the course of a policy period and they want to get better training on it or what is their threat tolerance at this point. Cyber policies also have, they offer specialty services to incident response team, cyber consulting is one. They can do table tops or phishing exercises.
Cyber Insurance News Podcast Continued
That’s kind of talking about the evolution of the cyber policy in the last five, 10, 15 years, that there are more add-ons to the form that insurers can use, but really starting that conversation at the board level and then bringing it to the broker and finding the right type of coverage for them.
Martin Hinton (10:50)
So you touch on something there that sort of gets into the next topic I want to touch on. One of the things that I had a conversation last week with a man who runs a cybersecurity firm. And we talked about how there’s this teenage mentality among particularly a lot of smaller and medium sized businesses that, it won’t happen to me. And the truth of the matter is it’s an inevitability, This crime is too easy to commit. And the criminals aren’t hackers with sophisticated computer knowledge. They’re just people who want to pursue, you know,
to gain by stealing, to put it very, very simply. When you look at that integration, the need to sort of educate and communicate those realities to customers, to make the insurable, to make sure that you protect yourself from them being, the victim would say a ransomware attack or some other to protect. That integration of security and the insurance is the training you touched on.
How important is that? Because again, I think one of the things in the human nature element of this, we’ve got a new cost. You’re a small business. Maybe your margins aren’t great. But the cost of, say, a two or three week business interruption because of an email compromise or an invoice issue or whatever it might be could be catastrophic. And I think that there’s this human psychology part of it where you’re adding a whole new responsibility, a whole new cost that people need to.
Cyber Insurance News Podcast Continued.
They need it, right? I mean, that’s the situation. When you look at some of the crime stats, mean, I think in 2023, were 800,000 cybercrimes reported at the FBI. Globally, it’s trillions and trillions of dollars lost to cybercrime. They’re large, they’re small. And a lot of the small businesses I’ve talked to think, well, why would anyone want my data? Well, they don’t care about your data. And then to your point about AI, I was chatting with someone the other day about how…
you know, they can learn what your coverage might be by, you know, maybe hacking your insurance company and seeing, they’ve got a million dollars worth of coverage. We’ll, we’ll, ask for a million dollars when we ransomware their data. So that, that relationship that exists that is maybe unlike other forms of insurance, it’s something that for the small business owner creates leverage, right? They can ask, listen, I need this insurance, but I also need help becoming the safe, safe from the sort of dangers. Is that, is that sort of the landscape that exists now for a lot of, you know, potential customers or customers out there?
Ryan Mimmo (13:10)
That does exist, yes. I mean, because no one’s immune to a cyber attack, right? It’s not a matter of if, it’s a matter of when. And obviously, they are doing risk transfer by purchasing cyber insurance. And they know that when they have that, they can feel secure if a threat were to occur. And yes, there could be incidents where
a threat actor gains access and knows your policy limits. All these things are possible when you get to the bottom of it. But ultimately, the organization should rely on a cyber policy because it’s there really because without a cyber policy and if the cyber threat occurs, that organization may not exist anymore.
part of the cyber policy, amongst other things that I’ve talked about prior is it helps the insurer get back on their feet. And then all these other specialty services that they offer, because at the end of the day, it’s how can we make the insured cybersecurity posture better? And really, what can the carrier do for the insured? We constantly want to make them better. And that’s why these services are offered. We’re constantly evolving. Because the cyber threats are not going anywhere, and they’re only getting more advanced.
Cyber Insurance News Podcast Continued.
Martin Hinton (14:29)
Do you, one of the things that we touched on when we spoke earlier before the podcast was the sort of emerging element of the, I don’t know, it a bespoke part of cyber insurance generally, which is sort of personal cyber insurance. I just did a piece for the website on a Deloitte study about family business cybersecurity. I did want an accompany out of, I think it’s in Georgia that is involved in sort of high net worth people to touch on your point about how much we share.
celebrities and people who live in the public eye, whether they’re athletes or actors or even just business people, that public persona and need to be branded via social media creates a real vulnerability. Do you see that as something that will be something? Because I was surprised by the family business report. A huge number of them didn’t have cyber insurance at all. And I think, again, there’s this idea that it’s a new problem. It won’t happen to me. I’m just curious what you think about that particular line of the
the cyber policy for individuals or a family, that sort of thing.
Ryan Mimmo (15:33)
That type of insurance does exist. It’s more of a niche space at this point and potentially could see growth in the future. Frankly, anyone that has a laptop, phone, tablet, and stores sensitive information on there is vulnerable, right? You can be attacked by an individual or a group for a different array of reasons.
I know that me personally, I keep getting easy pass text messages that I’m pass due on my bill. And if I don’t pay soon, they’re going to charge me an absorbent fee. I know that that’s a bogus email or text message and I shouldn’t respond or click on it. But once you do, they can gain access to your phone or laptop and potentially other pertinent information that you have stored there.
And for that, I do think there could be a growing trend in this type of insurance, but it really comes down to educating one another on really what is something you should be clicking on or not. And that can, I know I talked about this prior about starting at the board level, having a CISO involved in a lot of that gets passed down, meaning that there is fishing exercises that go on throughout the year. And if an individual at that organization clicks on it, they’ll have more training to help prevent that in the future.
I’m surprised that there is not more training at this point to individuals, maybe even say at the school level, which may be far fetched at this point, because growing up, I didn’t have a computer in school or cell phone, right? I have a daughter now who’s one years old. When she goes to school, she’s probably going have a laptop or a cell phone really early in life compared to what I did. But if you’re able to use those things, you should also be trained on those things and really how to properly store information.
new changing passwords and you know, if it looks suspicious, don’t click on it. I think there’s still a lot of education that has to go on with that as well, besides just having individual cyber insurance.
Cyber Insurance News Podcast Continued
Martin Hinton (17:31)
You make a really, really good point. it’s something that I’ve been writing something about that I haven’t published yet, but the idea that we have, you know, the learning curve through school that helps us. mean, it’s everything from silly stuff, like look both ways when you cross the street or, you know, the health classes that might exist involving things like stranger danger. So much of the online world and the conversation for children now is around, you know, old fashioned dangers, which is not to say they’re not dangerous, but.
things like predators and those sorts of things. But the wisdom to recognize and critically think about, again, is my easy pass actually overdue? Why are you texting me? There is this conversation that exists that we need to make that more organic, given the nature of technology in our lives, and that we need to be more aware of it. When you get to moving back part of the idea to companies,
When a company comes to say your brokers and that sort of thing, are there, you know, several things they specifically should be asking for and make sure that they’re covered for, whether it be, you know, ransomware or, you know, what are the issues with a company that has, you know, say 10,000 credit cards on file for customers and that sort of thing, or companies that send a thousand invoices via email every month for lawn care.
You know, what are the things that they want to make sure that they know about so that when they’re discussing their policy and making sure they’re covered, they A, have coverage for it, but then also can on the flip side, start to analyze their own cybersecurity posture and you know, what the payment processes are and people logging on from personal devices, that sort of thing. What should I be asking? You know, I know we touched on this a little earlier, but I’d like to dive down a little more on the various specific things that come up.
Ryan Mimmo (19:24)
Right. In terms of those examples that you just listed, a lot of those will be covered under standard cyber policy these days. I mean, because there’s some of the things I touched about earlier were the extra covered expenses that didn’t exist maybe 15, 20 years in the cyber policy, like notification costs. So if your personal information is taken during a breach, mean, a cyber policy will be triggered to pay on behalf of notification costs.
That kind of goes for the same way for PCI information as credit card information as well. So those things do exist. But further that to continuous training is all of the specialty services I talked about that cyber insurance policies have today that possibly didn’t exist 15, 20 years ago, because there are more vendors in the market now and carriers are utilizing these vendors more more often where they’re either included in the policy or the insurer can get them at a deep discount to constantly, we want the insurer to constantly be learning and training.
other employees. like I said before, cyber consultants example, incident response teams, an example, phishing training, which I’ve mentioned before, all these things. It’s, it’s really a lot of losses or threats are effective because it’s human error. Like we’re clicking on things we shouldn’t be, or, or not putting the proper like protocols in place for multifactor authentication and passwords and whatnot. A lot of this could be avoided if training is really put in place and know, kind of use common sense.
Cyber Insurance News Podcast Continued
Martin Hinton (20:53)
For the first time the other day I was chatting with someone and they said that they work with a company and they provide cybersecurity training and other products in that space. And this company’s policy is sort of a three strikes and you’re out. If you make a mistake, you will be then subjected to more training. And if you make a third mistake, it starts to affect you financially. So they do things like reduce your bonus.
which I had never heard before, the idea of trying to find a way to make it clear that you can’t use the same password and the same user for everything and public Wi-Fi and all these things you hear about. One of the things that we chatted about earlier is the disconnect that exists that maybe because it’s sort of invisible to us, unlike a bank robbery or a crime scene, that people don’t quite appreciate how widespread and significant the
The financial side of this crime is in the global scale. I, know, I, in preparation for this, went online and I looked up some stats and a lot of them are from 23. So the numbers will have gone up, but it’s, you know, 10 and a half trillion globally in 2025 is the projection of how much cyber crime costs. That’s up from three trillion a few years ago. So it’s to your point about the evolving threat and the evolving danger, um, 20.
globally a cybercrime every 39 seconds. Here’s the one back to data. 60 to 70 % of cybercrime is unreported. And there was a piece out of Britain the other day about banks, British banks under reporting cyber attacks, which obviously makes the underwriting process hard. So when it comes to sort of the, I know there are a lot of new regulations coming on in the EU and we have a sort of hodgepodge state to state in America. Do you think there’s a need for some sort of more collective sort of data?
set that allows underwriting to be more efficient so that the risk can be better analyzed. And do you think that that’s the kind of thing that is on the horizon with, know, again, like, you know, maybe it’s a federal cyber crime reporting that’s not just HIPAA and the SEC, that sort of thing. Do you think that’d be useful to the industry to help it grow and be more financially secure so that the risks were more secure?
Ryan Mimmo (23:10)
Good question. So government has stepped in before in other lines of insurance, which comes to mind is flood insurance off the top of my head. And there could be a potential for the government to step in regarding cyber. And the reason I say that, it’s evolving. There’s been an increase in sophisticated ransomware or just cyber threats in general, which could then have the government step in, be proactive.
to really safeguard national security, infrastructure, and just individual data as a whole. And if the government does step in, there could be a couple of positives. One is cyber insurance can be readily available to the masses. There could be regulations put in place that the government would make companies adhere to.
Cyber Insurance News Podcast Continued
So they have to follow proper protocols and securing information depending on industry classes and what they’re doing. And the government can roll out education and training to the masses as well. So again, maybe that becomes something we talked about earlier words in your school system, you’re learning about it earlier on in life. But there’s also potentially some drawbacks to that, right? Moral hazard comes to mind.
The reason I say that is if the government is going to back cyber losses or offer cyber insurance, do individuals or organizations get complacent and take on more risk knowing that the government’s there backs up? And if that happens, I would imagine that cyber criminals will be aware of this as well. And you’ll see even more of an increase in cyber threats in the marketplace.
and we have been seeing that the cost has significantly gone up every year, just your stats alone have, that you mentioned, shown that, that’s proof. Is the government really going to take on that type of cost? And if not, does it get passed down to the taxpayers?
So I think there’s some good and bad potentially there’s how this would work out. I think there’s a lot to really flush out if that were to be the case, but there are some positives and right now I think some negatives as well if that did happen depending how it plays out.
Martin Hinton (25:27)
So one of the things that we chat on the phone and I was trying to find a way to sort of make this a simple analogy because a lot of what we try to do is sort of, you know, make this kind of new thing accessible, particularly to small and medium sized businesses. And I just want to sort of step aside now, explain to me what an underwriter does.
Cyber Insurance News Podcast Continued
Ryan Mimmo (25:48)
The easiest way to, I guess, explain it is an underwriter will assess the security posture of an insured. And how they do that, I know I mentioned this earlier, the easiest way to do that is by reviewing an application that a broker submits. And on that application, there’s a list of questions that are asked. And from that, the underwriter can get a good idea what core controls are in place or what core controls are missing.
And if they want to move forward with offering terms prior to that the underwriter can have a conversation with the broker say hey, you know, we’re missing these questions or court controls Can you follow the insured or we can go forward and offer terms and what we call subjectivities Ask those questions as subjectivities prior to bind That is what?
Underwriters do at a very high level review applications offer terms. I also mentioned before underwriting is constantly evolving. So we’re talking to our claims team. We’re talking to our product team. We’re talking to risk engineers that are also internal to learn what’s going on in the marketplace. Some things that we may be missing and other questions we need to ask based on industry. So it’s constantly evolving and that’s really what underwriter does at a very high level. It’s just
reviewing, assessing risk, and then offering potentially a policy to the insured.
Martin Hinton (27:11)
The, you touched on something there that I know we’ve kind of skimmed over and talked about a tiny bit, but the level of communication that is needed in this because of the dynamic nature of cyber insurance and the cyber risks that people face. That’s something that I feel like I want to pause and make sure anyone who’s listened to this, who’s shopping for cyber insurance keeps in mind the idea that they might hear back and say, well, you you don’t have this. So your risk is a little higher. The idea that there is a.
if you will, a negotiation. The simplest example I can think of is that I get a discount on my homeowner’s insurance because I have a home alarm. it’s that idea that there is a way to sort of A, make yourself safer, which is the idea. mean, one of the weird things about insurance is we don’t ever want to actually need it, but you sure want to have it if you do. And I think that that’s where in cyber there is this sort of reminder, I think, for
for companies that are maybe needing to enhance their policy or they’ve had a breach and they’re like, man, we weren’t protected properly. That’s maybe not like other insurances. Is that a fair way to put it? is that sort of, would you encourage someone who’s shopping for it to, I don’t wanna use the word interrogate because it sounds a little aggressive, but the idea that they can really sort of ask a lot of questions and sort of expect some explanation about why this matters and why that matters and how.
those things could lower the cost of their policy and also make them less likely to need to actually file a claim should something happen. Is that a piece of advice you think is worth passing on to people?
Ryan Mimmo (28:46)
I mean, how we underwrite and what I teach the underwriters at Converge is even if there may be controls missing within the application, I think it’s best that we always bring that to the forefront, let the broker know, and also offer suggestions to put in place. Because at the end of the day, we want to make the insurer as strong as possible with their cybersecurity posture.
And there’s multiple ways to do that, right? We can point out some deficiencies and what they can do to remediate that. We can point them in the direction of vendors that can help them as well. We also have scans that we can give the insured and where they can start to work on that as well. So the goal is obviously to get cyber insurance. Even if you sign up for it and you get the policy, it doesn’t stop there.
Cyber Insurance News Podcast Continued
It continues to grow even if there is lacking controls. The goal is to work with the insured to get them at the top level as possible. So they feel secure in their controls as an organization and that you build that rapport with the insured as well because you’re here to help.
Martin Hinton (29:51)
One of the things we, you touched on education. When we spoke, we talked about the zero day Netflix series. We talked about sort of a public backstop and the government private sector sort of backstop that might exist in sort of some sort of catastrophic cyber event that’s on the scale of what we might associate with the damage done to our society by say a terrorist attack like 9-11. Do you think that given how common these crimes are and the risk that exists for, you know,
small, medium, large businesses, which we hear about. you know, but the big story from last year, seems to me is the crowd strike outage, which was a tech glitch. It wasn’t actually a cyber crime. There needs to be sort of a greater level, like a PSA about this sort of thing to, know, we talked about educating kids that to raise the awareness that there is a real threat to, you know, the operational side of your business.
and your life as a result that exists. Do you think that sort of education, sort of building off the part we touched on just now about communication, do think that’s the sort of thing that would be useful to the industry to help it grow at the rate it still is?
Ryan Mimmo (31:03)
I do. I do think the communication has come a long way in the past five, 10 plus years. You know, we could look at universities, they offer more cyber tech degrees or cyber insurance degrees. That’s an uptick as well. But I do still I still think there’s room to grow. There earlier on, like I said, educating kids, the school system early will help the communication go forward with the next generation. We’ve had
Hollywood step in, like you mentioned, zero day. I see categories on Jeopardy for cybersecurity. I think awareness is growing. It has seen a huge increase in awareness over the last five years. I think we’re going in the right direction, but I still think there’s a lot to be learned and to discuss. I think that more education, more training for organizations should be more readily available to really help reduce the overall cyber threats.
Cyber Insurance News Podcast Continued
Martin Hinton (31:59)
Well, I’m looking over my notes. I don’t see a ton that we haven’t touched on, but one of the things I’d to do at the end of everything or toward the end of everything is, there anything that you, you don’t think we’ve touched on that you want to talk about or anything you want us to know about Converge or about the underwriting process or anything you want to have a think about and restate as they say. So is there anything else? You know, I mean, one of things I’ve done on a few of these now is, you know, what’s the
What’s the most crazy story you’ve heard in the cybersecurity, cyber insurance world? So is there anything that we haven’t touched on or anything you’d like to add at this point before we wrap up?
Ryan Mimmo (32:36)
One thing I guess we could touch on is CDK. I know you briefly mentioned that and I don’t know, know Listeners have a full understanding of what happened or how far spread it is So I can briefly discuss that because you know, that was more than the most recent large events to occur in last year and For those that don’t know CDK is mostly a software company that deals in the auto industry world and they had a breach but
What’s crazy about it is it just didn’t affect CDK. It affect 15,000 auto dealers. And these auto dealers rely heavily on their software, which means they couldn’t lease cars. They couldn’t buy cars. The service station was down. They couldn’t register cars. And they couldn’t talk to manufacturers to ship more cars if needed. A lot of them had to revert back to pad and pen to write down leases or any cars that were sold.
It just goes to show you that cyber when an attack does happen and it depends what the organization is, it just doesn’t stop at that organization. There is a downhill effect that can put a stop to an industry and that was auto dealers for a couple of weeks. It just goes to show you the importance of education, training, having cyber insurance. Cause some of those auto dealers may not exist if they didn’t have cyber coverage because even though CDK was affected, they were also affected as well.
Martin Hinton (34:03)
you you make a great we the the you know we’re both of of the age where the promise of the internet was this amazing interconnectivity and and steve jobs talks about the frictionless environment of the itunes store in the the beauty of that is that there’s a lot of business done that that wasn’t done the same way and that you can buy cars online and do things electronically without filling out paper and forms that’s a big and i touched on the cdk event in the and opinion piece i wrote about
how that’s an example of one attack shutting down an entire industry. And if you scale that, because that’s what the internet is capable of doing, right? You scale that to maybe something like healthcare. You’re talking about a situation where in order to recover from that, to be resilient to that sort of attack, you need to have both the security in place and then the ability to fund the recovery, which is where the insurance comes in. Is that a fair way to put it?
Ryan Mimmo (35:00)
Yes, yes it is. Cyber insurance there is obviously there to help you when an attack happens and to build you back up as well, but also at the same time where you were deficient to put in the controls possible so that you’re resilient the next time around. I think you said it perfectly, honestly.
Cyber Insurance News Podcast Continued
Martin Hinton (35:19)
Well, put a nick in the bed post. Ryan, is there anything else we need to talk about? Anything else we think that people should know or is going on in this world that matters?
Ryan Mimmo (35:32)
I mean, if you don’t have cyber insurance, I suggest reach out to a broker to see what is out there for you. And if you do, see if there’s any deficiencies in your form to make sure you’re properly covered.
Martin Hinton (35:43)
Yeah, that’s that one. One of the things I’ve encountered recently is a couple of anecdotes where companies had policies and they saw the blanket coverage for their cyber insurance policy was, three million dollars. But their ransomware coverage was only one hundred grand with a ten grand deductible. And that’s, you know, that’ll go quickly if you’re recovering from any kind of breach that requires you to.
do credit monitoring for customers and even the act of notification. And then, you know, the public facing part of this, you’re a public facing company that you need to do sort of, you know, crisis management and crisis communications and remediation of the of the publicity issue with it. And that all gets very expensive very, very quickly. So that idea that you want to make sort of, you do your insurance policy every year, but maybe cyber is something you should keep your pulse up with a little more regularity is something that
Cyber Insurance News Podcast Continued
a number of people who said to me it is that the the idea that we want to you know it’s a burden but the it’s it’s a it’s less of a burden than not doing it and getting getting done by some sort of cyber breach you could have avoided or had greater protection against
Ryan Mimmo (36:48)
I just follow the news. They talk about the most recent threats or breaches that happen. If it’s in your industry class, then it’s something you should be bringing up with your broker representative to see, am I covered in this? This event is cursed to me. Do I have enough coverage in place or limit? So I think these are questions they should always be asking your brokers there to help you. And then they can reach out to the insurance carrier and make sure that the proper coverage is in place.
Martin Hinton (37:15)
Well said, well said. Well, I think we’ll wrap it up there. Ryan Mimo with Converge Insurance, head of underwriting. Thank you so much for the time. To everyone who watched, leave a comment, have a share. We’d love to know what you think. And if you’ve got any questions, please drop them in the comments, and we’ll do our best to answer them. And that’s it for now. I’m Martin Hinton, editor of Cyber Insurance News and Information. Thank you very much for watching.
End Cyber Insurance News Podcast
Other News: Cyber Insurance News and Information Podcast(Opens in a new browser tab)