Login

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

IT involvement in cyber renewals crucial: Panelists

Reprints
Cyber Risks Risk Management More + Less -
Michael Tush and Andrea DeField

SAN FRANCISCO — Risk managers should partner with their key information technology and security officers on their cyber renewals, panelists said during a session Monday at the Risk and Insurance Management Society Inc.’s Riskworld conference.

In the current difficult cyber market and with the rising magnitude and volume of ransomware attacks, risk managers should not be filling out coverage applications alone, said Andrea DeField, partner at Hunton Andrews Kurth LLP.

“Ransomware has changed underwriting. There is not anymore the rubberstamping of a renewal application that has three questions,” Ms. DeField said.

Risk managers should start applications several months in advance and work on them with their key information technology officer or their chief information security officer, who can answer highly technical questions, she said.

It’s also a good idea to involve an organization’s general counsel or outside counsel when completing supplemental ransomware questionnaires or applications, Ms. DeField said.

Partnering with them is particularly helpful in crafting responses “if you have had a claim and are subject to lawsuits or regulatory action,” she said.

Involving outside counsel in required underwriting meetings is also a good idea, she said. “You want to prepare for those meetings and make sure you have the right people on the phone to answer underwriter questions,” she said.

Michael Tush, director, enterprise risk management, at Blue Cross and Blue Shield of Kansas City, said it’s critical for organizations to understand the potential reputation fallout from a cyber event.

When Anthem Inc. was hacked in 2015 it impacted all associated 35 brands including Blue Cross and Blue Shield associations, Mr. Tush said.

As Anthem ratcheted up its cyber defenses, all associated brands had to do the same, he said. “Because of that one Anthem attack, all of the other 35 Blue Cross Blue Shield associate organizations had to implement stringent IT security protocols,” he said.

When a cyberattack occurs “many of us survive, a lot of us keep going, and oftentimes the biggest impact isn’t financially but the reputational impact,” he said.

 

 

 

 

 

 

Most Read in Risk Management

Sign up for Daily Briefing, the free email newsletter from Business Insurance.

About

Advertise

Reprints and Licensing

Resources

. Privacy PolicyTerms of Use

COPYRIGHT © 2024 BUSINESS INSURANCE HOLDINGS

Member, Beacon International Group, Ltd.