From the Front Lines: Cyber Liability
by AnneMarie McPherson
Jeffrey Miller, LL.M.
Oklahoma Commercial, Professional and Cyber Insurance Agency
Tulsa, Oklahoma
How did you get started in your agency?
Over my 44-year career, I have been the CEO of multiple businesses and business startups, as well as the CEO of a non-profit organization, in multiple cities across the country. I also love learning and I went to law school later in life. I was never interested in practicing law per se but was fascinated by how technology and the law would interrelate in the future. Those two things are never going to keep up with each other. There’s always going to be a disparity between the law’s ability to keep up with what’s happening in technology.
That’s what led me into the insurance business. I started my agency to help businesses understand the fast-evolving risks and threats surrounding technology and cyber events to further help them alleviate damage to their business through the right insurance coverage.
Why cyber liability insurance?
Cyber events are quickly rising to the top of the list for all risks and threats to every business today: small, medium and big. I believe that in the not-too-distant future cyber coverage will be larger than general liability in the overall market share.
I also believe that small and medium-sized businesses today are extremely vulnerable and, in many cases, can be hurt beyond repair. There’s a “that won’t happen to me—they’re after Target and Home Depot, not me” feeling, and that’s so wrong. Those small businesses are much more vulnerable because those big ones have dedicated staff, the latest virus protection and security software installed. Small and medium-sized businesses may not even know if they have a firewall. Most of them don’t update their systems.
Biggest cyber liability industry changes?
Cyber events and risks will continue to change and evolve, and businesses of all sizes are going to face larger, more sophisticated and even more costly events. We tend to think of data breaches as the primary threat, where personal data is stolen, but we’re seeing an increase of ransomware and other phishing and spoofing events taking place.
Biggest challenges?
A great deal of the challenges surrounds human error, poor staff training, slow system updating and an overall lack of understanding of the significant costs involved with these evolving risks and threats. The biggest challenge is an extreme lack of real understanding about the potentially devastating damage that can come for either human error, like clicking on an unknown attachment, or a more complex malicious breach or ransomware attack.
Future trends?
An increase in the amount of new technology involved in our business and personal lives means we will become more and more dependent on technology. Also, I see an increase in overall vulnerabilities, both external and internal—external due to the increasing number of things tied to the internet, often referred to as the Internet of Things, which includes phone systems, virtual private networks, and cloud-based storage; and internal being management systems, applications, and browsers.
If these things aren’t actively managed and updated, we are going to see more legislation surrounding cyber events, which is likely to involve more and increased fines.
Advice for a fellow agent?
First and foremost, if your agency does not have cyber liability coverage, get it now. Additionally, this is not a one-size-fits-all market. Each client has unique risks, threats, staff training and system and operation protocol. You have to drill down and figure out specifically what risk each client has to be able to appropriately mitigate damage. I say “mitigate” because it’s not if you have a cyber event, it’s when. Cyber liability insurance is also a growing and evolving product, so keep up to speed on not only the evolving risks and threats but also the evolving market itself.
Favorite success story?
I’ve had several of my clients say, “Okay, I need cyber insurance to protect me,” and so I have to sit down and say “Actually, it doesn’t protect you at all. The only thing it does it help you weather the storm when it happens.”
Every time I am able to get a client to understand their threats and risks, I consider that to be a success, even if they don’t buy cyber coverage. If they at least have a conversation with me, they’re going to have a better understanding of how to protect themselves, what they need to look at and what they need to start training for. That’s the major success story, getting people to that level.
AnneMarie McPherson is IA news editor