A joint effort needed for cyber, Cyber Risk and Insurance Innovation USA conference hears
We’re all in it together when it comes to cyber risks, according to Ricardo Lafosse. The CISO at Kraft Heinz told delegates at the Cyber Risk and Insurance Innovation USA conference that effective collaboration strategies across the cyber ecosystem can make both insurers and clients stronger.
A collaborative approach would lead to fewer claims and more inclusive cyber insurance product offerings, he told the conference, held today and tomorrow (May 29-30, 2024) in Chicago and hosted by Intelligent Insurer.
Presenting the opening keynote, Lafosse outlined a vision of cyber insurance that moved beyond a rigid form-led underwriting process to an approach based on collaborative risk assessments, shared threat intelligence and a mutual understanding of cybersecurity measures. This approach also involved transparent communication about emerging threats and trends.
Dealing with underwriters was too often a “painful process” for both parties, he told the conference. “We both hate each others’ really absurd questions,” he said. “There’s a love-hate relationship.”
He acknowledged that many organisations didn’t have sufficiently robust cybersecurity programmes but urged underwriters to concentrate on the issues that really mattered to them, eliminating endless questionnaires. “Only question things that you and your underwriter have identified as actually important to you,” he advised.
Questionnaires should also be the start, not the extent, of the relationship and attempts to understand the client’s security and risks. “We see underwriting processes as just tonnes and tonnes of questionnaires, which is a good foundation but shouldn't be the basis of underwriting,” he said.
“It’s a very cut-and-dry approach.”
Instead, underwriters and clients needed to enter into “constant open dialogue” that would enable a greater understanding of each party’s needs and of progress in threats and responses.
“We all know the threats are dynamic in nature, so the programme should also be dynamic,” he said. Where questionnaires still play a role, these should also be dynamic.
As Lafosse put it: “Conversations are much better than questionnaires.”
This would give insureds the space to be able to explain their approach to security, enabling underwriters to know whether or not they should be comfortable with the risks. “Telling the story is much more important than a questionnaire, but if they can’t tell the story, that should be your red flag,” he concluded.
Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.
