Insurance brokers know cyber risk is no longer a niche concern. Business email compromise (BEC), ransomware, and deepfake fraud have become everyday threats for organizations of every size. Yet when a cyber incident hits, many policyholders are still dangerously unprepared for the first and most critical moments after discovery.
That’s the challenge Kip Boyle (pictured) plans to confront head-on at InsuranceFest 2026 with his live session, “Cyber Crisis Live: What Would You Do?”
The 40-minute interactive workshop will place brokers, carriers, and insurance professionals directly into the chaos of a real-world cyber incident from the customer’s perspective. Participants will walk through a simulated BEC and deepfake fraud event and leave with a practical one-page incident response (IR) plan template they can hand to policyholders.
For Boyle, the session is about helping brokers understand what policyholders actually experience in the first hour of a cyber crisis. This pocket of time, he said, often determines the size and severity of the eventual claim.
“It’s where all your worst decisions can happen,” Boyle said in a recent interview ahead of the event. “As somebody who’s been working in cybersecurity for a long time… what I’ve noticed is that when people get into a real cyber incident, they often make the mistake of letting their adrenaline take over.”
The most common mistake organizations make during a cyber incident is allowing this surge in adrenaline drive their decision-making. Leaders rush to contain the problem and restore operations without following a tested process.
“It’s entirely understandable,” Boyle continued. “When people finally figure out they were manipulated emotionally, there’s a lot of disbelief and shame.”
However, the consequences of improvisation can be severe. Organizations may destroy evidence, delay notification requirements, fail to contact their insurer promptly, or make costly financial decisions before understanding what actually happened.
Boyle pointed to a 2025 analysis conducted by Marsh's Cyber Risk Intelligence Center (CRIC) showing that organizations with tested incident response plans consistently perform better during cyber events. Among the top predictors of lower claims severity is having an incident response plan that has been rehearsed.
Understanding those reactions matters for insurance brokers because clients frequently reveal preparedness gaps long before a breach occurs. Brokers can also uncover weaknesses simply by asking better questions.
“Do you have a plan? Have you tested it? How often have you tested it? What improvements came out of the testing?” Boyle said. “Really press into it and get them to talk about it.”
One of the biggest red flags Boyle sees is organizations claiming to have an incident response plan that exists only on paper. In many cases, the plan has never been practiced, reviewed, or integrated into broader risk management procedures.
Another major issue is that cyber response planning often remains siloed within IT departments, disconnected from insurance and risk management teams. This omission can create serious claims complications if prompt notification requirements are missed.
“Most plans don’t include ‘call the carrier’ as one of the early steps,” Boyle said. “It’s often IT staff who are responsible for the incident response plan, and they’re not talking to the risk managers who are actually purchasing the cyber insurance. Often, the risk manager finds out well after the fact.
“(Insureds) don’t have to be 100% right (about the details) before calling,” he added. “The carrier can help verify what happened. But you need enough information to know something concrete has happened and act quickly.”
Ideally, Boyle recommends organizations test their response plans two to four times per year. The exercises do not need to be overly technical or expensive. The goal is to create familiarity and “muscle memory” before a real incident occurs. “You want the plan to feel friendly and familiar,” he said, “not like a distraction in the middle of a crisis.”
The timing couldn’t be more relevant. InsuranceFest 2026 is returning to the Santa Monica Pier with expanded programming, 60-plus speakers, four themed zones, and more than 50 discussion tables designed around the real pressures facing today’s specialty insurance market, including cyber insurance.
Boyle’s session aligns closely with InsuranceFest’s broader 2026 focus on hands-on, business-driven conversations. This year’s event will feature four dedicated zones covering cyber, digital transformation, E&S market dynamics, construction risk, AI implementation, and client experience strategies.
The Shore Zone, where Boyle’s cyber simulation session will take place, will feature practical workshops and live scenarios designed to help brokers sharpen operational and placement strategies in real time.
As cyber threats continue evolving faster than many organizations can adapt, Boyle believes brokers have an increasingly important advisory role to play.
“(As a broker), I would educate my policyholders… even a basic plan is going to make a big difference in helping you make better decisions,” he said.
Register now to secure your place and gain the insights, strategies, and connections needed to lead in the next era of cyber risk.
