Global insurance brokerage and risk management services firm Gallagher has a new leader at the helm of its cyber practice group. Cyber insurance veteran John Farley (pictured) took the reins in March 2019, bringing 27-years of insurance industry experience, including a stint as vice president, cyber risk consulting practice leader at rival North American brokerage HUB International.
In his new role at Gallagher, Farley plans to develop and execute strategy for cyber insurance and related insurance coverage lines across the brokerage’s global footprint. He told Insurance Business his job is to get his arms around the emerging risks, regulations and insurance products in the fast-evolving cyber risk landscape and translate that information both internally and externally for brokers and clients.
“Cyber risk is a global problem for our clients,” he said. “It doesn’t matter where you reside, where your network is, or how you access the internet, the hackers will find you. No-one can hide from cyber risk - we’re all in this together. In that environment, it’s great that Gallagher has a global footprint and has local experts on the ground who can be physically close to our clients in different jurisdictions to discuss the latest ways hackers are getting in and to help them prevent and transfer that risk.
“As cyber practice leader at Gallagher, I’m going to spend a lot of time educating our staff, especially those who are client-facing, about the latest threats as they evolve, the latest insurance products as they come out, and the latest regulatory requirements around the world. I’m going to be providing lots of thought leadership early on – that’s going to be key. I also plan to facilitate the cyber insurance buying process and streamline it in a way that it will be quick and efficient, but at the same time educational for the buyer.”
One of the biggest challenges in cyber risk management is getting clients to understand cyber risk as it pertains to them, according to Farley. Most people are aware of cyber risk on a macro scale. They see the mass media coverage given to some of the larger cyberattacks like the Target breach in 2013, the Equifax breach in 2017, and the recently disclosed Marriot-Starwood breach – but they fail to see how a similar incident might impact them.
“All too often, our clients have the perception that a cyberattack is not going to happen to them. They’re a small company, they’re not a big bank or a big retailer, and they don’t think hackers are going to go after them,” Farley told Insurance Business. “Unfortunately, study after study shows that the small and medium-sized businesses are the ones that hackers are specifically targeting – and they’re doing this for a couple of reasons.
“First up, if you’re a mom and pop shop and you’ve got a credit card, that credit card will fetch the same amount on the black market as it would should it come from a Walmart, a Home Depot or a Target. Also, hackers know smaller businesses tend not to have the same protections in place as a large bank might have – so they’re easier targets. What I’m trying to do is translate cyber risk for small and medium-sized businesses who don’t believe a cyberattack could happen to them, and then transfer that risk because they’re the ones who can least afford an attack and the financial fall-out.”
Insurance brokers have an important role to play in penetrating the small and medium-sized business market and reducing the global cyber insurance gap. There’s a huge segment of the buying population around the world that hasn’t yet purchased cyber insurance, which is likely down to a lack of understanding about the insurance products available or a lack of appreciation of the threat. According to Farley, it’s “incumbent upon the brokerage community” to get out and speak to those clients and “communicate in a way there they can appreciate the threat and take affirmative action to transfer the risk.”
Cyber risk management will also be a key focus for Farley at Gallagher. First and foremost, he wants Gallagher’s clients to tackle cyber risk from a people perspective. Hackers are targeting people specifically, primarily with phishing emails, and there are easy tools and training programs that businesses can deploy to mitigate that risk.
“What we want to do is deploy training to clients in a way that’s facilitated via portals, and training that can be obtained on-demand by every single worker within an organisation because employees are a gateway for hackers. If they click on a link or an attachment that’s infected with malware, that gives hackers access to the company network,” Farley commented.
Technology also plays a big part in cyber risk management. Farley added: “We’re starting to see the markets involve the underwriting community in doing risk assessments remotely, where they can access outward facing IP addresses to determine whether or not there are any vulnerabilities in their systems. That underwriting process is now starting to involve technology, so it’s no longer just filling out questionnaires and taking somebody’s word for what their cyber risk management controls are; it’s actually going out and testing those outward facing networks.”
