January 27, 2022 • 8 mins
Guest, Rick Creel, of the Ohio State Bar Association Insurance Agency, provides listeners with the single most important thing they should do BEFORE applying for Cyber Insurance Coverage.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Hello and welcome to our fourth episode of cyber snacks where we serve up cybersecurity tips that are short,
simple.
Actionable and reasonable today?
I'm delighted to have rick creole with the Ohio State Bar Insurance Agency on as my guest.
I've known and worked with rick for years and he's always been a great source of information when it comes to cyber liability insurance Rick.
(00:27):
I briefed you on the goal of the show and how we try to keep it to around five minutes so I'm not going to talk much more.
I'm gonna jump straight into the question.
We all know that the cyber liability insurance market is really tight right now premiums are on the rise and the requirements to even get insurance are getting more and more strict from what you see right now in the insurance market,
(00:56):
if you could offer one actionable tip to our listeners before they even apply for cyber liability insurance,
what would that be?
Oh my.
Yeah,
that's that's a good question.
The thing that I would find firms is what are they doing to protect their data?
(01:17):
Okay.
So when you say that,
are you talking about the technical controls,
the actual protection steps that they're taking before they even apply.
Yes that um and the second component to is what insurers really look at is if they had any claims,
have they had any claims dealing with like ransomware,
(01:40):
email frauds,
You know um there are certain components out there that insurers are looking at two and seeing have they had claims already.
So and if they have had claims,
what are they doing now to protect the data that they have and how are they moving forward in the right direction because the insurance is there,
(02:03):
but you need to make sure to your internally doing the things that you're doing to protect your data.
So what you're saying then is you basically have to make sure your house is in order before you go to look for the insurance?
Yes.
Yes.
What are the common things that you're seeing when you mentioned these components?
That should be in place.
(02:24):
What are the big ones?
Well,
the big ones are as far as um you know,
I will just say that there are several components that the insurers where you look at is is their records,
how many records do they have,
do they hold?
Okay.
So and I guess the idea there is they're trying to determine,
(02:47):
you know,
how much liability there would be in the event of a breach.
Okay.
Got it.
What about the yeah.
What about the technical controls that they're wanting to see everybody have before they apply?
That's another very important component to is what are they doing internally um to protect the data that they've got?
(03:13):
Um are they using multi factor authentications?
Are they,
you know,
you know,
as far as protecting their emails and things like that as far as from frauds and that component.
So we will fall that under what we call ransomware control.
Okay.
(03:33):
And so I know I've seen a lot of these applications there specifically asking for details on what kind of controls people have in place.
And do you mean my assumption is this is only going to get more and more onerous as things go.
Would you say that?
That's likely.
(03:54):
Absolutely true.
Yes,
it is.
So what happens if somebody doesn't have all the controls,
do they just have no option for insurance?
You're right.
That's probably a lot of times that the,
the insurers will not ensure them or for that matter if they do that,
(04:16):
what type of limits will be offered?
It may be low limits or in the premiums are really super high but I would say mostly insurers now probably won't even offer.
Is there any kind of list anywhere of,
you know,
if before you apply for cyber insurance you should make sure that you have x,
(04:41):
y and z.
How do people go out and and and find out ahead of time what their insurance company is going to want to see?
Well that's good because we sometimes what I do is provide an application form with them in advance so they can review that and if they've got questions,
(05:03):
they should connect with an individual like you and along with me to help answer questions or if there are certain components where they're looking at an application not really understanding.
Um they need to be in front of all this when they're ready to cement to get a quote or to try to get coverage sitting there.
(05:23):
Um,
and that's what I said,
even with having an individual like you is very important because you can walk through a lot of the components and explain a lot of this to them as well and show them what they should be doing.
So would it be fair then to say that the biggest tip that someone would,
(05:44):
could take when it comes to their cyber liability insurance is to look at and find out what they're going to be expected to have before they start the application process instead of finding out once they're in their renewal cycle,
correct?
Okay,
great,
great.
I think that that's really useful.
Um,
(06:05):
now what about people that currently have active cyber insurance?
Does that tip change anything for them?
Those are times what we're also seeing.
Um,
especially when,
um,
they go through a renewal process.
There might be more questions now on that application that they need to be completing correctly so they'll come back or I'll be up in front of them as well and saying here's the renewal application a lot of times,
(06:38):
renewal application might be a little bit more broader,
but the other component to is what I'm seeing is if entities have higher revenues coming in and technically two that I've seen times where premiums do come up a little bit as well because of their internal,
um,
(06:58):
you know revenues that come in.
So it means that they're doing more and more work out there.
So they're bringing in more more,
you know,
incomes and things like that.
So that's what the carriers kind of look at and that's usually why they also bring up the premium costs to the insurance tried it well rick,
I think that this is really helpful.
(07:20):
You know,
just to kind of wrap up what we talked about.
You know,
the key thing here is the requirements are getting more and more strict and they can have,
uh,
significant impacts on your premiums and your ability even to obtain coverage.
And so what rick is recommending is get out ahead of this.
(07:40):
Don't wait until it's time to either get cyber insurance or renew cyber insurance,
but instead find out what's going to be expected beforehand.
In other words have good practices before you even go for the insurance piece.
So I think that's really helpful Rick,
(08:01):
thank you very much for being on the show this week and I hope you have an awesome rest of the day and a great rest of your week.
Well,
thank you.
I appreciate you even bringing me on board to go over a lot of this and you know,
I do enjoy being able to help firms entities.
Um,
you know,
get their,
(08:21):
that cyber coverage there in place.
Um,
it's good to be able in front of this and I appreciate you putting me on the call today.
Thank you so much Rick,
and everyone tune in again next week for our next episode.
Thank you.
Hello and welcome to our fourth episode of cyber snacks where we serve up cybersecurity tips that are short,
simple.
Actionable and reasonable today?
I'm delighted to have rick creole with the Ohio State Bar Insurance Agency on as my guest.
I've known and worked with rick for years and he's always been a great source of information when it comes to cyber liability insurance Rick.
(00:27):
I briefed you on the goal of the show and how we try to keep it to around five minutes so I'm not going to talk much more.
I'm gonna jump straight into the question.
We all know that the cyber liability insurance market is really tight right now premiums are on the rise and the requirements to even get insurance are getting more and more strict from what you see right now in the insurance market,
(00:56):
if you could offer one actionable tip to our listeners before they even apply for cyber liability insurance,
what would that be?
Oh my.
Yeah,
that's that's a good question.
The thing that I would find firms is what are they doing to protect their data?
(01:17):
Okay.
So when you say that,
are you talking about the technical controls,
the actual protection steps that they're taking before they even apply.
Yes that um and the second component to is what insurers really look at is if they had any claims,
have they had any claims dealing with like ransomware,
(01:40):
email frauds,
You know um there are certain components out there that insurers are looking at two and seeing have they had claims already.
So and if they have had claims,
what are they doing now to protect the data that they have and how are they moving forward in the right direction because the insurance is there,
(02:03):
but you need to make sure to your internally doing the things that you're doing to protect your data.
So what you're saying then is you basically have to make sure your house is in order before you go to look for the insurance?
Yes.
Yes.
What are the common things that you're seeing when you mentioned these components?
That should be in place.
(02:24):
What are the big ones?
Well,
the big ones are as far as um you know,
I will just say that there are several components that the insurers where you look at is is their records,
how many records do they have,
do they hold?
Okay.
So and I guess the idea there is they're trying to determine,
(02:47):
you know,
how much liability there would be in the event of a breach.
Okay.
Got it.
What about the yeah.
What about the technical controls that they're wanting to see everybody have before they apply?
That's another very important component to is what are they doing internally um to protect the data that they've got?
(03:13):
Um are they using multi factor authentications?
Are they,
you know,
you know,
as far as protecting their emails and things like that as far as from frauds and that component.
So we will fall that under what we call ransomware control.
Okay.
(03:33):
And so I know I've seen a lot of these applications there specifically asking for details on what kind of controls people have in place.
And do you mean my assumption is this is only going to get more and more onerous as things go.
Would you say that?
That's likely.
(03:54):
Absolutely true.
Yes,
it is.
So what happens if somebody doesn't have all the controls,
do they just have no option for insurance?
You're right.
That's probably a lot of times that the,
the insurers will not ensure them or for that matter if they do that,
(04:16):
what type of limits will be offered?
It may be low limits or in the premiums are really super high but I would say mostly insurers now probably won't even offer.
Is there any kind of list anywhere of,
you know,
if before you apply for cyber insurance you should make sure that you have x,
(04:41):
y and z.
How do people go out and and and find out ahead of time what their insurance company is going to want to see?
Well that's good because we sometimes what I do is provide an application form with them in advance so they can review that and if they've got questions,
(05:03):
they should connect with an individual like you and along with me to help answer questions or if there are certain components where they're looking at an application not really understanding.
Um they need to be in front of all this when they're ready to cement to get a quote or to try to get coverage sitting there.
(05:23):
Um,
and that's what I said,
even with having an individual like you is very important because you can walk through a lot of the components and explain a lot of this to them as well and show them what they should be doing.
So would it be fair then to say that the biggest tip that someone would,
(05:44):
could take when it comes to their cyber liability insurance is to look at and find out what they're going to be expected to have before they start the application process instead of finding out once they're in their renewal cycle,
correct?
Okay,
great,
great.
I think that that's really useful.
Um,
(06:05):
now what about people that currently have active cyber insurance?
Does that tip change anything for them?
Those are times what we're also seeing.
Um,
especially when,
um,
they go through a renewal process.
There might be more questions now on that application that they need to be completing correctly so they'll come back or I'll be up in front of them as well and saying here's the renewal application a lot of times,
(06:38):
renewal application might be a little bit more broader,
but the other component to is what I'm seeing is if entities have higher revenues coming in and technically two that I've seen times where premiums do come up a little bit as well because of their internal,
um,
(06:58):
you know revenues that come in.
So it means that they're doing more and more work out there.
So they're bringing in more more,
you know,
incomes and things like that.
So that's what the carriers kind of look at and that's usually why they also bring up the premium costs to the insurance tried it well rick,
I think that this is really helpful.
(07:20):
You know,
just to kind of wrap up what we talked about.
You know,
the key thing here is the requirements are getting more and more strict and they can have,
uh,
significant impacts on your premiums and your ability even to obtain coverage.
And so what rick is recommending is get out ahead of this.
(07:40):
Don't wait until it's time to either get cyber insurance or renew cyber insurance,
but instead find out what's going to be expected beforehand.
In other words have good practices before you even go for the insurance piece.
So I think that's really helpful Rick,
(08:01):
thank you very much for being on the show this week and I hope you have an awesome rest of the day and a great rest of your week.
Well,
thank you.
I appreciate you even bringing me on board to go over a lot of this and you know,
I do enjoy being able to help firms entities.
Um,
you know,
get their,
(08:21):
that cyber coverage there in place.
Um,
it's good to be able in front of this and I appreciate you putting me on the call today.
Thank you so much Rick,
and everyone tune in again next week for our next episode.
Thank you.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.