Neil Gurnhill: Secondly, we bring in managed service providers to join us in the conversation. Depending on how that conversation goes, the insured would contract directly with the service provider. They would become better insured for us that leads to less losses. The insured is more cyber resilient in that approach.
A lot of other insurers treat this insurance like it’s property or a more generalist insurance.
We’re all about the consultative approach. We love sector vendors. We try to find somebody who is very active in the cyber health security space, for instance. We’re approaching a group of physicians or hospitals. We’re doing a large US program at the minute with the US government.
We brought a suite of vendors to join us. We engage with these people to explain where insurance fits in but also if they’re uninsurable, then there’s a consultation between our money service providers.
That would be a great opportunity for anybody listening to this or engaging with you in that space to reach out to us and engage with us.
Sramana Mitra: Whom are you selling these consultative services to? The Board, the CEO, or the CFO? What is the entry point for you?
Neil Gurnhill: We’re blessed with the fact that we don’t dictate who we work with. We never go out with a preconception. We work with our brokers, and our brokers have a diverse book of business. Some of our brokers work with very small companies. We scale it based on who we’re speaking to.
Often there can be small businesses where you’re talking directly to the CEO. When it comes to institutions, you can be speaking to a Board of Trust Members. If it’s a large company, then it normally is a Board room discussion. We’re very mindful of that. We try to bring our security partners to the table based on industry as well as the size of the organization.
Sramana Mitra: You mentioned something about some situations being uninsurable. Can you elaborate?
Neil Gurnhill: It’s our job as underwriters to assess the good and the bad. That affects the premiums that we charge. It’s a very simple calculation of risk. The riskier, the more the premium will be. If the risk is too high, then you’re uninsurable.
We often meet with organizations that have had bad cyber security to date. They’ve had a lot of claim activity or they’ve had multiple issues. That leads us to say, “As it currently stands, you’re uninsurable. However if you engage with a security team, we get documentation to say that these wrongs have now been resolved.” That makes them insurable.
That makes us happy that they’ve gone from a bad risk to a good risk. That’s something that we like to see. We love bringing premium down if we can see that companies have taken steps. Most other companies in the cyber insurance space treat it like any other type of insurance. You put it in a filing cabinet and only get out when there’s a fire.
For us, there’s a lot we can do in the digital cyber security world that can have a positive impact on our insured. Often, it’s just conversations of bringing other people into the table. No business ever wants to be compromised. As insurers, we have a vested interest. We don’t want them to be compromised either. It hits us on the claims.
We would rather do everything we can and incur our own costs to make them a better risk. It’s all about a community and trying to do the right thing versus them signing an application and putting it in a filing cabinet.