The shift in how organizations think about cyber risk in recent years has been tremendous. In the past, cybersecurity was handled through a company’s IT team and risk was handled through finance or insurance teams. The two areas were kept separate and cyber controls often only raised eyebrows when they were accompanied by better insurance coverage or premiums, or an unfortunate claim.
Now, because of increasingly common ransomware attacks, cyber risk management is entering the forefront of many of our clients’ minds. We’re seeing information security, IT, and risk work together and they are no longer driven solely by improved insurance terms and conditions. Businesses are identifying a need to protect their organizations from widespread cyber-attacks and improve their overall security to ensure uninterrupted operations. To meet this need, insurance companies are evolving their cyber risk management offerings to ensure they mutually benefit both clients and carrier’s loss ratios.
A new offering that Lockton is proud to be a co-founding broker on is Google Cloud Protection+. In collaboration with Allianz and Munich Re, it is the first offering of its kind that bypasses insurance underwriting applications and outside scans. Instead, it looks at a Google Cloud customer’s security posture from the inside and provides broader terms and condition and insights into how their security posture affects pricing. We expect to see more innovative offerings of this caliber entering the cybersecurity space going forward.
At Lockton, we’re helping our clients to understand what services are available to them and identify weaker controls in their applications. Where are they prioritizing security investments? What minimal investment will result in the maximum reduction of risk? And before they spend, what cyber risk management solutions can they really benefit from in their cyber insurance policy while saving money? We want clients to fully understand what is available, not just from their insurance company, but from Lockton as well.
Our multi-model approach to cyber analytics has been one of our biggest and most successful focal points in how we support clients. We look at analytics through three lenses: what a bad day looks like for our client through risk quantification, their most efficient use of capital through Dynamic Capital Modeling, and peer benchmarking their average premiums and limits based on internal and external data.
In addition to analytics, we’re continually increasing our focus on required security controls, incident response plans, new training and awareness programs, and answering technical questions for our clients and Associates.
Many clients are global in nature, and how they operate business and understand trends and approaches across the cyber insurance marketplace, from a global standpoint, has allowed us to provide a more expansive education and approach to navigating our clients’ needs.
We’re working with close to 200 insurance companies across the globe so we can ensure that whether it’s cryptocurrency risk, intellectual property, or a new type of cyber coverage, we’re on top of it and sharing notes. We’ve found that over the past couple years, insurance companies have moved away from siloing their deployment of cyber capacity and are looking at global capacity aggregation management.
This means having the U.S. work closely with the U.K, Bermuda and our other international counterparts to ensure we’re looking at client capacity across their programs in a global view, since that’s the way our insurance companies are looking at it. Our global reach has been critical in understanding what clients want and what we’re able to deliver.
The collaboration between our Cyber & Technology Associates across the globe to share best practices and work together on prospects and renewals has been valuable not just to our growth, but for our Associate’s experience as well. It allows us to stay close to the global cybersecurity community, cloud providers, and governmental agencies to understand real time threats and how we can continue to improve cyber risk and remain at the forefront of cyber risk protection and innovation.
For more information on Lockton Cyber offerings, please reach out to cyber@lockton.com (opens a new window).