Cyber threats have created a new level of demand on insurance companies. It’s not enough to just hand over cash as reimbursement for an attack with businesses needing advice, support and expertise to deal with the multitude of threats they could face at any moment. To meet these needs, insurers have to make big changes to the way they do business.
With that in mind, CFC has just appointed Anthony Hess to the position of head of incident response, a newly created job designed to better manage how the company responds to cyber security claims. Hess spoke with Insurance Business UK
about what the new role entails.
Hess earned his MBA at IE in Madrid, and what was initially intended as a couple of short years in Europe led him to a senior manager role at KPMG. There he worked on developing and leading an EMEA-wide security assessment and cyber incident response service. Hess said he is excited for the opportunity to hold a position at a leading cyber insurer.
In his new role Hess is responsible for managing CFC’s global incident response team, consisting of an internal team based in London, and a large panel of expert providers around the world. Hess said early cyber security policies didn’t have much of a ‘service’ element to them, instead only paying out in the case of a claim.
“As time has gone on, I think you’re seeing more of people are looking a lot more closely and asking ‘what kind of incident response service and risk management services do I get with my policy?’”
In his position, Hess will be managing the providers who respond to customers’ cyber security claims.
“Often, what you will see is some cyber insurance companies will just set up an agreement with a service provider and not really be involved,” said Hess. “They’ll just kind of hand it off. So we wanted more internal capabilities to manage that.”
A quick response is important, but so is getting the right provider to help.
“Because if you come in and you get providers who are really, really inexpensive and they make a mistake, it can make things much, much worse,” said Hess.
Hess said he can see the relationship between customers, brokers and insurers developing a lot more in terms of cyber claims, with more interaction between the three groups. Right now everyone’s attention is on large scale attacks, but now smaller-scale attacks are being claimed, such as a stolen laptop or lost USB stick housing critical information.
“Especially as the service element builds out, you’ll have a larger volume of smaller claims going on,” said Hess. “It won’t be just a once-per-year thing. There will be frequent back and forth engagement between everyone.”
With many business owners concerned about the level of coverage offered by cyber insurers, Hess said policies these days are worded broadly enough they don’t need to be re-written when a new threat arises.
“I think the insurers that are doing this a lot are going to have enough claims volume to quickly shift and understand what’s going on,” Hess said.
Experts warn increase in cyber regulations inevitable
Andrew Barratt of Coalfire says cyber cover needs to be better advised