Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Risk managers recall first time buying cyber cover

Reprints
Risk managers recall first time buying cyber cover

The road to obtaining cyber insurance for the first time can be a long and arduous one, risk managers say.

“It was a daunting, overwhelming process,” said Donna Stone, Houston-based director of insurance risk management at GDF Suez Energy North America Inc.

“It took us a long time to get out of denial” and realize the need for a policy, she said.

The Paris-based energy firm initially was concerned about operational risk, but then came the realization that it also had personal employee data such as driving and health records.

In all, she said during the Risk & Insurance Management Society Inc.'s annual conference in San Diego, it was a two-year process to determine the need for cyber cover.

She said the attitude of the company's board of directors was, “We don't know what we're buying, but we're too afraid not to buy, so let's do that.”

The policy was renewed this year, which required the participation human resources, regulatory compliance and communications arms of GDF Suez Energy, she said.

“We're still learning as we go,” Ms. Stone said.

“It's a long process the first time” said Timothy J. Flaherty, manager of insurance risk management at Pittsburgh-based Alcoa Inc. One challenge, he said, is that insurers' offerings are different and “it's very time consuming” to compare them.

Risk managers must conduct a gap analysis and work with their brokers he said. When it comes to the first time of getting cyber coverage, “underwriters want to understand how you're protecting yourself,” which cannot be accomplished by sending an email or flash drive, he said.

This information is “kind of the crown jewels,” he said. In Alcoa's case, the company's chief security officer personally handed over the required information to its broker.

“Make sure you know exactly who's getting the information and track that. Keep the spreadsheet on who has it,” Mr. Flaherty recommended.

Obviously, senior management needs to be involved, which he said is “critical, especially when it comes to limits and retentions” decisions.

Read Next

  • Q&A: Barry Dillard of Walt Disney World Resort

    Barry Dillard serves on the Risk & Insurance Management Society Inc.'s board and is the director of claims management for the Walt Disney World Resort in Lake Buena Vista, Florida. There, Mr. Dillard, who is a member of RIMS' Central Florida chapter, leads a team of cast members who manage all aspects of the company's claims management program, including compliance operations, workers compensation and general disability claims. Mr. Dillard also teaches business management courses as an associate professor at the University of Phoenix. He received a bachelor of science in marketing from Hampton University and a master of business administration from Webster University. Mr. Dillard recently spoke with Business Insurance Senior Editor Mark A. Hofmann about his professional life and his service with RIMS. Edited excerpts follow.