SAN FRANCISCO – Risk managers should work with their key information technology and security officials in their cyber renewal, panelists said during a session on Monday at the Risk and Insurance Management Society Inc.’s Riskworld conference.
In the current difficult cyber market and with the increasing scale and volume of ransomware attacks, risk managers should not fill out coverage applications alone, says Andrea DeField, partner at Hunton Andrews Kurth LLP.
“Ransomware has changed the issue guarantee. There is no longer the rubber stamp in a renewal application that has three issues,” says DeField.
Risk managers should start applications several months in advance and work with them with their key information technician or information security manager, who can answer very technical questions, she said.
It̵7;s also a good idea to involve an organization’s general counsel or external advisor when filling out supplementary questionnaires or ransomware applications, DeField said.
Collaborating with them is especially helpful in creating responses “if you have had a claim and are subject to lawsuits or regulatory action,” she said.
Involving external advisers in mandatory insurance meetings is also a good idea, she said. “You want to prepare for these meetings and make sure you have the right people on the phone to answer questions about insurers,” she said.
Michael Tush, director, corporate risk management, at Blue Cross and Blue Shield in Kansas City, said it is crucial for organizations to understand the potential reputation that a cyber event can have.
When Anthem Inc. was hacked in 2015, it affected all 35 associated brands including Blue Cross and Blue Shield associations, said Mr. Tush.
When Anthem increased its cyber defense, all associated brands had to do the same, he said. “Because of one Anthem attack, all the other 35 Blue Cross Blue Shield affiliates had to implement strict IT security protocols,” he said.
When a cyberattack occurs, “many of us survive, many of us go on, and often the biggest impact is not financial but reputation,” he said.