Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Do the homework when selecting cyber insurance

Reprints
Do the homework when selecting cyber insurance

SAN FRANCISCO — Do your due diligence first before seeking cyber insurance coverage, advises the corporate insurance manager for Southwest Airlines Co.

“Before you go out and purchase a policy, do internal risk assessments” and put in place an incident response plan, said Kristy M. Harris, manager of corporate insurance for Dallas-based Southwest, who placed her company's first cyber insurance policy in 2014. She spoke at Business Insurance's 2015 Cyber Risk Summit in San Francisco on Monday.

It is important to find a trustworthy partner, Ms. Harris said, noting Southwest's then-current broker was not experienced in cyber. “You want to look for somebody who has a history of working on the claims side,” as well as somebody with good underwriting relationships with cyber insurers, she said.

“Have a direction and understand what you're looking to achieve,” said Southwest's broker on the cyber policy, Lauri L. Floresca, senior vice president and partner at Woodruff Sawyer & Co. in San Francisco. Policies with $2 million or $200 million in limits will be different from each other, Ms. Floresca said.

An important and active participant in the process was Craig Maccubbin, Southwest's vice president and chief technology officer, who was involved from the beginning.

“I felt that the insurance for cyber coverage was so important that I wanted to be involved personally. I wanted to make sure the risk team had all the support it needed and accurately conveyed what was going on,” said Mr. Maccubbin.

Having the right level of people available to communicate is important, said Ms. Floresca. While some underwriters ask “deep technological questions” about the systems you are using, “others are much more focused on people and processes,” so “having people who can speak to both audiences is very useful.”

That was the case with Mr. Maccubbin. Some network security people do not have a “business presence,” she said. But Mr. Maccubbin presents to Southwest's board on a regular basis. He “understands business objectives, but can also get in-depth with underwriters” who think in terms of technical expertise as well, said Ms. Floresca.

Read Next

  • Ex-hacker: Act on assumption nothing is safe

    SAN FRANCISCO — During the Industrial Age, there was a simplicity to the repetition of small tasks, but in today's Information Age, complexity drives progress, an ex-hacker told attendees at Business Insurance's 2015 Cyber Risk Summit in San Francisco.