Cyber insurance is no longer as alien as it had been just a few years ago, but the threat landscape is incredibly dynamic thus causing the cyber insurance industry to continually adjust and redefine its posture. Although we spoke with Max Pragnell, of Gallagher Insurance Brokers, just about a year ago, a lot has changed. In this conversation, he discusses, among other things: key changes that have occurred in the cybersecurity and cyber insurance space;  how cascading failures (across organisations, subsidiaries or business units, for example) from a single attack are being handled; and “data breach insurance” and what cyber insurance coverage may be available.

 

This episode is also available on SoundCloud, Apple Podcasts, Google Podcasts, Spotify, Amazon Music and Stitcher!

Without a doubt, cyber incidents have become increasingly prevalent across the Caribbean region. Moreover, they have become sufficiently severe that organisations are owning up when they do occur – though often and to some degree a bit too overconfidently, they seem to stress that the breach was minimal, very little data was compromised and the matter is under control. However, as downtime, liability and reputation damage costs become issues organisations must address, and take responsibility for, cyber insurance is becoming an attractive option.

Having said this, the growing awareness and receptiveness of organisations to cyber insurance do not necessarily mean that they satisfy the requirements to successfully purchase that coverage. The requirements are continuing to evolve, as security frameworks and imperatives continue to develop, thanks to threat actors who are also executing more sophisticated, sustained, and covert attacks.

 

Introducing our guest

Max Pragnell

Max Pragnell is a cyber insurance broker with IIBRe, a division of Gallagher Insurance Brokers, and is based in Kingston, Jamaica. He works with companies across the Caribbean region to help them procure cyber coverage. Prior to his time in the region as a cyber specialist, Max focused on public liability insurance for several years in Chicago and London. He is a Chartered Property Casualty Underwriter (CPCU) and earned a Bachelor’s degree in Psychology from Davidson College in North Carolina.

As the Caribbean region continues to undergo digital transformation, Max is particularly interested in improving companies’ cyber security controls. Cyber insurance nowadays is only available to those who take cyber security seriously, and the insurance component is a safety net for the catastrophic costs arising from a cyber event, predominantly from human error.

Max works with companies across all industries, ranging from small and medium enterprises (SMEs) to large corporate clients. He continues to predict that the cyber insurance market will grow significantly over the next few years, and will become as common as property insurance by 2030. He thus encourages companies to get their ‘skin in the game’ as early as possible to improve future negotiations with insurers, to take advantage of expansive cyber coverages that are available today, and to protect their balance sheets from crippling expenses.

 

Insights into our conversation

Essentially, this conversation with Max continues where we left off in June 2022. But a year later, we are able to discuss how the cyber insurance industry has evolved and the current state of the threat landscape, whilst also considering the posture of Caribbean organisations over the past 12 months.

Of particular note is that the industry is changing, and insurers are becoming more knowledgeable about the types and sophistication of the risks and threats that can be experienced. As a result, insurers have been tightening up on the coverage that they offer, and increasingly expect organisations to have implemented robust security regimes that should not only make it more difficult for them to be compromised, but also have them better prepared should an incident occur.

Below are key questions that were posed to Max during our conversation.

  1. Have there been any significant or interesting changes of note in the cybersecurity or cyber insurance space?
  2. Have more Caribbean companies been purchasing cyber insurance? Or have you seen an uptick in particular industries?
  3. Has the cost of cyber insurance changed?
  4. Has the general cyber security “hygiene” of companies improved? What are the biggest hurdles to becoming insured today?
  5. Have there been any changes to the product? Are insurance companies covering more or less?
  6. Noting the variable scale of cyberattacks and the possibility of cascading failures from a single attack, can regional businesses or organisations purchase cyber insurance covering their entire operations across the Caribbean region, for example, or would each subsidiary have to purchase its own cyber insurance policy?
  7. As data protection regimes become more established in the region, there may be a need for “data breach insurance”, noting the hefty fines that could be incurred if there is a breach. Is that considered separate from cyber insurance? Is there any overlap?
  8. What types of attacks have been affecting the insurers? In other words, what have insured companies been claiming for on their policies?
  9. Are you aware of any court cases between policyholders and insurers in the Caribbean region?

 

Do leave us a comment either here beneath this article, or on our Facebook or LinkedIn pages, or via Twitter, @ICTPulse.

Also, if you or a member of your network is interested in joining us for an episode, do get in touch.

Let’s make it happen!

 

Select links

Below are links to some of the organisations and resources that either were mentioned during the episode or otherwise, might be useful:

 

 

Images credit: IIBRe; rawpixel (freepik); freepik; rawpixel (freepik)

Music credit: The Last Word (Oui Ma Chérie), by Andy Narrell

Podcast editing support:  Mayra Bonilla Lopez