Typically the “Buyer’s Perspective” panel during the Cyber Risk Insights Conference provides some valuable feedback to our audience of insurers and brokers.
Not to mention, buyers at the New York conference this year on Oct. 28 could get some hints and/or commiserate. Or be reprimanded.
Panelist David Conca, director of risk management for Univision Communications, said it was “unfathomable that any company of any size doesn’t get the value” of cyber insurance, especially since there is at least one catastrophic, $100 million-plus event every year.
“It’s an education process on the buyer’s side,” he said. “There are still a lot who don’t want to get religion on these products. It makes you shake your head.”
Here are a few more sound bites from the panel.
On buying
Conca said he looks for a lower limit dedicated to pay for credit-monitoring services. Third-party liability exposure can’t be controlled. “You have no idea how high that can go,” he added. He said looks to bifurcate–managing limits and deductibles.
During the underwriting process Roc Starks, senior vice president of corporate insurance for Citizens Bank, said his insurer held a conference call with the information security team.
“They had answers and were ready for the underwriters,” who had 12-15 questions, said Starks. “If I was on the call, it would’ve been short.
He said IT was pulled into the meeting but once they were there, “they understood why.”
On data security laws
They are “scrambled eggs–terrible,” said Conca, adding that the European Union has made more progress on this matter. “There is a common thread [in the EU]. In the US we don’t have that. We haven’t gotten there.”
Separate industries may have regulations that govern them (PCI or HIPAA, for example) but the US “does not have something to tie it all together to use.”
“It’s a moving target. There is no answer,” he said.
On vetting vendors
Ranking vendors’ security is “critical to our operations,” said Starks. He said Citizens Bank has a team that systemically vets vendors. “It’s a rigorous process. We have an army of people who do that for us.”
On property exposure
One audience member asked about property loss risk and the CL380 exclusion. “How can it be brought back in?”
“That’s an excellent point,” said Conca, but he didn’t really have an answer other to say that “someday that’ll happen.”
On limits
Conca said he now has one-on-one conversations with his CEO and asks for more money to buy more limits. How much more?
“My budget has expanded,” he said. “I’m not going to tell you. It’s a big number.”