With the upsurge in cyber incidents and breaches, increasingly, organisations are considering whether they need cyber insurance. Max Pragnell, of IIBre, a division of Gallagher Insurance Brokers, discusses the good, the bad and everything in between on cyber insurance including when is cyber insurance a good idea? What kind of coverage is usually offered? What are the typical requirements to secure coverage? Which incidents are covered and which ones are usually excluded from coverage?

 

This episode is also available on SoundCloudApple iTunes, Google Play Music, Spotify, Amazon Music and on Stitcher!

Depending on whom you speak to, insurance is considered a necessary evil. You pay a lot of money on a regular basis for recourse or support in the event an unfortunate situation occurs. The process to get that support can be tedious and long-winded at times, but in some instances, having insurance is a legal requirement, so there is no getting around it.

Over the past few years, and in light of the uptick in online threats and incidents, plus the sense that no one is immune from a network or system breach, the subject of cyber insurance has been coming up more often. Some of the questions that we are all grappling with include, is cyber insurance a good idea? What kind of coverage is offered? Would my organisation benefit from getting that type of insurance? What are the requirements to secure coverage?

These are just a few of the questions that are answered in this episode.

 

Introducing our guest

Max Pragnell

Max Pragnell is a cyber insurance broker with IIBRe, a division of Gallagher Insurance Brokers, and is based in Kingston, Jamaica. He works with companies across the Caribbean region to help them procure cyber coverage. Prior to his time in the region as a cyber specialist, Max focused on public liability insurance for several years in Chicago and London. He is a Chartered Property Casualty Underwriter (CPCU) and earned a Bachelor’s degree in Psychology from Davidson College in North Carolina.

As the Caribbean region continues to undergo digital transformation, Max is particularly interested in improving companies’ cyber security controls. Cyber insurance nowadays is only available to those who take cyber security seriously, and the insurance component is a safety net for the catastrophic costs arising from a cyber event, predominantly from human error.

Max works with companies across all industries, ranging from small and medium enterprises (SMEs) to large corporate clients. He predicts that the cyber insurance market will grow significantly over the next few years, and will become as common as property insurance by 2030. He encourages companies to get their ‘skin in the game’ as early as possible to improve future negotiations with insurers, to take advantage of expansive cyber coverages that are available today, and to protect companies’ balance sheets from crippling expenses.

 

Insights into our conversation

Based on recent conversations in our Expert insights series on cyber threats and security, we cannot get away from how prevalent incidents and breaches have become, and consequently how vulnerable we, both individuals and organisations, are to these threats. Luckily, support via cyber insurance is becoming more available in the Caribbean region, and it may be a godsend to many organisations, depending on the severity of the incident and the damage and fallout that occurs.

As a still nascent branch of insurance, cyber insurance is still evolving, but it is an area that more Caribbean organisations will need to explore in the foreseeable future. Nevertheless, it was fascinating to learn about the security controls insurers expect organisations to have in place in order to be considered, versus the types of coverage offered, as well as the types of incidents that usually are excluded from coverage.

Below are key questions posed to Max during our conversation.

  1. How long has Gallagher Insurance Brokers been offering cyber insurance?
  2. How has the take-up been? What industries so far are more prevalent in terms of cyber insurance take-up?
  3. What should clients have in place before they secure cyber insurance?
  4. For what reasons or under what circumstances would you not recommend an organisation secure cyber insurance?
  5. Typically, what does the application process for cyber insurance entail?
  6. Are there any specific standards that clients and prospective clients are expected to adhere to, in order maintain their coverage?
  7. What types of incidents are covered?
  8. What does the insurance cover?
  9. Are there any types of incidents that are specifically excluded from coverage?
  10. How long after a breach occurs or is identified, does the client have to report the breach without jeopardising its coverage?
  11. What is the response time once a breach is reported?
  12. Why or under what circumstances would an insurance provider not provide the agreed coverage to a client?

 

We would love to hear from you!

Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.

Also, if you or a member of your network is interested in joining us for an episode, do get in touch.

Let’s make it happen!

 

Below are links to some of the organisations and resources that either were mentioned during the episode or otherwise, might be useful:

 

 

Images credit: CGI Gallagher; Marco Verch Professional Photographer (flickr); Pictures of Money (flickr); Blue Coat Photos (flickr)

Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell