Novae Links - Q4 2017
Welcome to Novae Links, a quarterly newsletter from Novae’s Cyber team providing brokers with updates from the team along with special features on emerging vulnerabilities, regulations, news and events.
- What have we been up to?
- Where we’ve been mentioned
- Upcoming events
- Where we’re travelling to next
- About the Cyber team
Welcome to the latest edition of Novae Links, our quarterly newsletter which aims to provide you with team updates plus special features on the latest developments, news and events in the world of cyber insurance.
This past quarter has been a busy and exciting time for us. We have attended, presented at, and participated in panels at more than a dozen conferences across the globe. Highlights include the Young Professionals Council, where Sharif delivered a webinar to a room of aspiring security professionals, and the packed InsurTech Conference in London where Stuart participated in the ‘Cyber: How InsurTech can help brokers and underwriters’ panel.
Following the success of the course in London, we were very pleased to be asked to partner with Lloyd’s Illinois and present the course to a group of brokers at their Chicago office in September. We’ve received extremely positive feedback from the brokers who attended the course and, moving forward, we will be offering this course in the UK and US. The course provides six hours of CPD credits in the UK and will provide US CE credits in certain states.
Conference season is already in full swing and we have a packed agenda ahead, filled with a number of exciting industry events taking place all over the globe. Dan and Jacqui have travelled to Santa Monica for the NetDiligence Conference while Sharif is looking forward to his trip to Lagos, Nigeria to deliver a two-day Cybersecurity Training Seminar and Mike will be in Gran Canaria, Spain for the ICHCA International 65th Anniversary.
We have loads more planned for this next quarter, so keep reading to hear more about what we’ll be up to, as well as Q&As with our Cyber Unit Head and Chief Innovation Officer, Dan Trueman, and newest member of the cyber team, Sam Russell-Vick.
We are pleased to welcome a new cyber star to our growing team. Sam Russell-Vick worked with our team last summer as an intern and we are thrilled to now have him working with us full time as an assistant underwriter. Keep reading to find out more about Sam as well as industry insights from Dan Trueman.
Where have you come from?
I recently graduated from Loughborough University where I studied BSc Computing & Management. Previously, I worked as an IT consultant in Perth, Australia where I assisted with daily operations. In the summer of 2016 I completed internships with Novae & Endurance Underwriting where I worked with the cyber and operations teams respectively.
What is your focus within the team?
As an underwriting assistant, I will focus on improving our Cyber division, offering a view of the Cyber industry from a technical perspective and developing a better understanding of security risks in the Cyber world. I look forward to working with such a talented team and learning new skills along the way.
My education predominantly revolved around computing and technology. Cyber Insurance is an exciting new industry and an area I am keen to learn and further my skills and knowledge.
Tell us an interesting fact about yourself?
My Harry Potter’s Patronus is a mole…
What inspired you to pursue a career in the cyber insurance market?
When I entered the insurance market, cyber products were in their infancy. Policies were, for the most part, limited and only provided third-party cover. I come from a political risk and supply chain background and saw cyber insurance as a product that clients needed on a first-party basis. Computers, software and the internet had quickly become staples in the business world. The way that companies were run, and business transacted, was changing. But through developing and utilising these new computer and operational systems, businesses were creating a risk that had never existed before and which traditional insurance wouldn’t cover. The need for insurers to develop a robust and effective cyber product, which could protect businesses from losses created by this new risk, was clear.
You’ve been working in the Lloyd’s market for almost two decades. How has cyber insurance evolved during this time?
When I entered the market in 2000, the focus was on the dot.com boom and the exposure these businesses had in their supply chains, systems and processes. Regulatory changes in the early 2000s, which largely included legislation in the US requiring businesses to inform customers if personal information was accessed by an unauthorised person, led to a shift in the market as clients became focused on data breaches and privacy exposure. Insurers then began to develop more comprehensive products that covered the cost of notifying individuals, credit monitoring, IT forensics and access to expert response services and crisis management. Overtime policies have expanded to cover first and third-party liability, cybercrime, cyber extortion and business interruption. We are now seeing another shift in the market as insurers begin to address the intangible assets impacted by a cyber-attack, such as issues arising from reputational harm and intellectual property theft.
What do you see for the future?
I think we will keep moving through a wave of development, gradually unpacking, accessing and transferring the risk that our clients are seeing. Key to that will be more cover for first party, business interruption type exposures, intellectual property, reputational risk and new and emerging technology. Recent large-scale attacks such as NotPetya, WannaCry and the Equifax hack are evidence that data breaches and privacy exposure, not just systemic and supply chain exposure, will continue to be key concerns for businesses. Insurers need to develop products which cover losses from these types of attacks more comprehensively and effectively.
As we move forward in this rapidly evolving and volatile world, we are going to see new risks emerge all the time. Cyber is pervasive and I believe it will eventually impact all lines of business. We will see an increased demand from sectors such as automotive and marine, from the property and physical damage side and from the personal lines side. To address this, firms are creating what we call ‘cyber centres of excellence’. The expertise of those centres would, at first, be shared with the traditional silos that exist within insurance. However, in time, these silos will be broken down as the insurer’s entire book of businesses is penetrated by cyber risk. This is part of a larger theme that we are seeing emerge in the industry as many question whether the traditional method of structuring underwriting classes by asset, rather than peril, is effective.
What advice do you have for risk managers in assessing their cyber exposure?
Accept that it’s going to be a hard journey. The pervasive and evolving nature of cyber makes accessing, managing and transferring the risk extremely difficult. It’s worth seeking out the advice of cyber experts when formulating a risk management strategy, as there is a decent playbook being created by those who have experience in this arena. I would stress that hygiene matters; do the simple things, do them well, do them quickly and do them effectively. Know where your data is, know how secure it is, know how much there is. Know where your signal points of failure are in your supply chain and know the time sensitivity of those signal points of failure. Once you know this you can begin the process of improving, but do those things first.
What is the biggest challenge currently facing cyber (re)insurers?
The two biggest challenges I see are the developing market environment and changing buying behaviour. Whilst the cyber standalone market has developed the skills to price policies effectively, the onus is now on developing more effective systemic measures, realistic disaster scenarios and informing and educating the broader insurance industry about the risks that exist and ways of transferring them.
What advice do you have for those beginning their careers in cyber insurance?
Don’t be afraid to ask questions. Sometimes you see underwriters new to the market who are nervous to ask for help and, in the long-term, this hurts their growth and development. If you don’t understand something, ask, and keep asking questions until you have the information you need. That advice isn’t limited to those beginning their careers. I’ve been working in this market for almost two decades and I still ask my team questions. Creating a mutual learning environment in the workplace is essential for the growth of the least and most experienced underwriters.
What is the best thing about your job?
I’m extremely lucky to work with an amazing team of talented and dedicated underwriters. They are not only the best at what they do, but incredibly fun and caring people and this has been key to our success. Everyone brings something different to the table, everyone does their best and everyone has a great time doing it and that just fills me with joy.
Tell us an interesting fact about yourself?
I was born in Brunei.
What have we been up to?
- 5 July - Strategic Defence Cyber Seminar: Sharif travelled to Portsmouth to present at a seminar for senior military leaders at the Royal Navy headquarters. Sharif’s presentation outlined cyber threats facing the commercial shipping industry and its supply chains.
- 11 July - ‘Be Cyber Aware at Sea’: the Cyber team attended the launch of the ‘Be Cyber Aware at Sea’ video, which is part of a global maritime and offshore industry initiative to raise awareness of the increasing cyber threats to international shipping, ports and offshore facilities. The video now has over 11,000 views on YouTube. Novae are supporters of the campaign and write a monthly column in its industry magazine ‘Phish and Ships’.
- 31 August - ASIS Young Professionals Council: Sharif delivered a webinar on cyber security at the ASIS Young Professionals Council. The webinar aims to educate and assist with the development of those beginning careers in the security industry. Due to positive feedback, ASIS has requested Novae present the webinar at future events. ASIS International is the leading organisation for security professionals worldwide with 243 chapters globally. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests.
- 12 September - BCS Insurance Company Annual Blue Cross Blue Shield Risk Managers Conference: Sharif travelled to the organisation’s annual conference in Chicago to present on cyber insurance.
- 13 September - Lloyd’s Illinois: Sharif delivered Novae’s ‘Understanding Cybersecurity and Insurance’ (UCS-I) course to brokers in Chicago.
- 19 September - The Cabinet Office Emergency Planning College: Sharif presented Frontier Risks’ SRMC course to a group of professionals at The Cabinet Office Emergency Planning College, located in York.
- 22 September - The InsurTech Conference London: Stuart served as a speaker on the ‘Cyber: How InsurTech can help brokers and underwriters’ panel.
- 29 September - Andrew Beazley Academy: Jacqui spoke at the Andrew Beazley Academy for 50 US brokers on cyber risk and Lloyd’s.
- 4 October - ICHCA International 65th Anniversary: Mike participated in a maritime panel session titled ‘Modelling of cyber risks and evaluating the effectiveness of critical cyber controls’ at the conference in Gran Canaria, Spain.
- 4 October - Sharif travelled to St Louis, Missouri to deliver an interactive session “Responsive Guidance: Cyber Insurance and safeguarding your digital assets” with Thompson Coburn LLP.
- 10-11 October - NetDiligence Conference: This year we sponsored the October conference, which took place at the Santa Monica Beach Hotel in California. Jacqui moderated a table top “Cyber Simulation Experience the Breach”. Dan, who is was of the conference chairs, moderated a panel on “Innovation in the Cyber Insurance Market”.
Where we’ve been mentioned
- Insurance Day: Cyber centre ‘to form core of insurance company of the future’: This article offers an analysis of KPMG’s report, “Seizing the cyber insurance opportunity”, authored by KPMG’s Paul Merrey alongside Novae’s head of innovation, Dan Trueman. The report can be downloaded here.
- Insurance Day: Novae: cyber market must evolve as product ‘no longer a competitive advantage’: This article offers further analysis of KPMG’s report, “Seizing the cyber insurance opportunity”. The article also includes quotes from an interview between Dan and Insurance Day’s Scott Vincent on how the cyber market is evolving.
- Phish & Ships: Talking Cyber Sense: Assessing Shipping Risk: Phish & Ships July newsletter contains a column from Sharif emphasising the importance of assessing cyber risks in shipping.
- Phish & Ships: Malware: The Deliberate and Indiscriminate Threat: Phish & Ships August newsletter contains a column from Sharif outlining how businesses can tackle malware threats.
- Reactions: Sept thèmes pour Monte Carlo: This feature includes analysis from senior executives on the themes that dominated Monte Carlo, including; disintermediation, pricing, ILS, broker facilities, M&A, disruption and cyber risks. A short article, authored by Dan, is included in the section on cyber risks.
- Reactions: Shipping Market Takes Cyber Plunge: Dan and Sharif speak with Michael Heusner of Reactions about cyber insurance and the marine cargo market. This article was published in the September edition of Reactions.
- Global Reinsurance: Cyber Security to the Rescue: Published in the Global Reinsurance Daily at Monte Carlo, the article reports on the importance of cyber insurance following a number of high-profile cyber-attacks. The article states that Bermudian firms have demonstrated their commitment to the cyber insurance market by recruiting talent either directly or through acquisitions. The article references AXIS’s acquisition of Novae as an example of the latter, and includes a quote from Dan Trueman as well as mention of Novae’s cyber research project with Oxford University.
- Commercial Risk Europe: Improve Your Cyber Resilience – Beyond the Patch: This article reports on Novae’s announcement that its Cyber team delivered its Understanding Cybersecurity and Insurance (UCS-I) course to brokers at Lloyd’s Illinois on 13 September, and that dates for future courses in the US will be announced shortly.
- Phish & Ships: Improve Your Cyber Resilience – Beyond the Patch: Phish & Ships September newsletter contains a column from Sharif, outlining the importance of patching and other steps businesses can take to protect their data.
- Phish & Ships: The Cost of Cyber Failure: Phish & Ships September newsletter contains a column from Stuart outlining how companies should properly prepare for a cyber-attack.
In September, we were invited to present our hugely popular ‘Understanding Cybersecurity & Insurance UCS-I’ course at Lloyd’s Illinois in Chicago, which has been accredited with 6 CE credits. Sharing our knowledge with brokers in the US was an exciting opportunity for us and we are very pleased to have received extremely positive feedback from Lloyd’s and the brokers who attended.
At the end of November, we will be hosting an alumni event for everyone who has completed the course, with two very special guest key note speakers.
Upcoming Lunch & Learns
Conference season has already begun and we have a packed agenda ahead, filled with a number of industry events taking place all over the globe.
- 19 October: Sharif will present our UCS-I course, with one of our broking partners, in Manchester.
- 26-27 October: Sharif will travel to Lagos, Nigeria to deliver a two-day Cybersecurity Training Seminar in collaboration with Afro- Asian Insurance & Reinsurance Brokers & Continental Re.
- 1-3 November: Plus Conference - Mike and James will attend the Professional Liability Underwriting Society’s annual conference in Atlanta.
- 3 November: Sharif will present our UCS-I course, alongside one of our broking partners, in Newcastle.
- 7 November: The Insurance Innovators General Insurance Conference - Mike will present two sessions at the conference, ‘Envisioning a driverless future’ and ‘Cybersecurity challenges of the connected car’.
- November: We will host our inaugural UCS-I alumni event for all our course attendees throughout the year; invites to be sent shortly.
Where we’re travelling to next
- 4-13 October: Jacqui is travelling to Minneapolis, Wisconsin, Irvine, Santa Monica and San Francisco
- 4-13 October: Dan is travelling to Dallas, Santa Monica and New York
- 9-18 October: Mike is travelling to Beijing, Shanghai and Hong Kong
- 26-27 October: Sharif is travelling to Lagos, Nigeria
- 30 October - 3 November: Mike and James are travelling to Atlanta
- 4 December: Dan and Karlea are travelling to San Francisco
About the Cyber team
You can find out more about Novae’s Cyber team here. If you have a specific request in mind, or a topic you’d like us to discuss in the next edition, please contact us in one of the following ways:
Telephone: 0207 050 9000