2222222222

Cyber Risk

Academy Advises Brokers on Cyber Risk

The Travelers Cyber Academy offers free training for brokers that work with small and mid-sized clients, where risk is on the rise.
By: | October 7, 2016 • 4 min read

Travelers has launched a project to help agents and brokers to provide more thorough cyber advice for small and medium enterprises, where the risk of attack is on the rise.

Advertisement




The Travelers Cyber Academy offers free training for brokers and agents, while opening the possibility for buyers to participate as well, under invitation from their insurance partners.

The project is composed of eight webinars where both in-house experts and cyber security aces from outside the insurance industry strive to explain, in an accessible way, the pitfalls of the cyber world and how SMEs should deal with them.

“Customers are asking questions, and many agents have some degree of understanding and expertise, but they would like to have some more,” said Tim Francis, enterprise cyber lead at Travelers.

Tens of thousands of invitations were sent for the first lesson in September, and the response by the targeted public has been more enthusiastic than to previous educational initiatives, the company said.

Drawing from data by Symantec, Travelers points out that small companies account for 43 percent of all cyber attacks against business, and for 22 percent of attacks against mid-sized enterprises.

Cyber risks rank in the top five risks feared by American SMEs, according to a survey by Zurich Insurance Group.

Tim Francis, enterprise cyber lead, Travelers

Tim Francis, enterprise cyber lead, Travelers

Francis said that, although the understanding of cyber risks by large brokers and corporations has progressed considerably in recent years, expertise about the subject among smaller brokers and their clients remains a work in progress.

“As the cyber industry has grown, many of the agents that service clients with cyber coverages are sometimes a little behind in terms of understanding exposures and translating them to their customers,” he said.

Contacts with agents and customers alike revealed that the appetite for knowledge in this particular area is increasing. However, the educational material currently available often falls short of the needs of this particular public.

Francis mentions the example of ransomware, the subject of the second webinar offered by the Travelers Cyber Academy. It’s an emerging threat where hackers paralyze a business by locking its IT systems until a ransom is paid, but while the wealth of literature on the subject thrills the IT community, it more often than not sounds like Greek to everyone else.

“There is no shortage of whitepapers on the topic of ransomware. But they are either very technical or so high level that they do not deliver much information for customers,” Francis said.

“We feel that we can help to provide deeper understanding about such a topic, without the need for being a cyber security expert in order to understand what is talked about.”

The series of webinars runs from September to May, and Travelers expects to offer it again in subsequent years, first in the U.S. alone, but maybe in other countries as well in the future. If a participant misses a section, it can be watched later as the webinars will be kept available online for registered users.

Agents will also be able to introduce the training sessions to customers with particular interests in the area.

“All businesses are today in the line of fire.” — Vinny Troia, certified ethical hacker

The initiative was launched with a session on the so-called dark web, an obscure side of the internet where hackers and criminals enjoy high levels of anonymity to pursue their bad deeds. With succinct explanations and infographics, the session tackles complex materials such as the workings of TOR, the browser developed by the U.S. military that is used to keep dark web activities out of the reach of the authorities.

Vinny Troia, a certified ethical hacker, described ransomware in the video as “a business to ruin your business.”

He provides tips such as how to train employees to avoid spear phishing attacks.

“All businesses are today in the line of fire,” Troia said in the video.

In forthcoming webinars, other invited speakers will elaborate on subjects like the forensics of cyber risks, the legal cyber environment, data breaches and so on.

Advertisement




“We are also adding our own expert input, not only from our underwriting team, but also from a member of the teams that support and service claims and underwriting,” Francis said. Travelers’ cyber team includes professionals with different backgrounds such as law enforcement, FBI forensic investigations and cyber security.

He pointed out that a challenge for the project will be to keep up with developments in a field where the risk is evolving at a thunderous pace.

“We can modify the curriculum to accommodate events or issues that we have not anticipated,” Francis said.  “In the world of cyber security, things change so fast that a presentation made today could become obsolete very soon, or a new issue could be on top of everybody’s minds a month from now.”

Rodrigo Amaral is a freelance writer specializing in Latin American and European risk management and insurance markets. He can be reached at [email protected]

Risk Management

The Profession: Curt Gross

This director of risk management sees cyber, IP and reputation risks as evolving threats, but more formal education may make emerging risk professionals better prepared.
By: | June 1, 2018 • 4 min read

R&I: What was your first job?

My first non-professional job was working at Burger King in high school. I learned some valuable life lessons there.

R&I: How did you come to work in risk management?

After taking some accounting classes in high school, I originally thought I wanted to be an accountant. After working on a few Widgets Inc. projects in college, I figured out that wasn’t what I really wanted to do. Risk management found me. The rest is history. Looking back, I am pleased with how things worked out.

R&I: What is the risk management community doing right?

Advertisement




I think we do a nice job on post graduate education. I think the ARM and CPCU designations give credibility to the profession. Plus, formal college risk management degrees are becoming more popular these days. I know The University of Akron just launched a new risk management bachelor’s program in the fall of 2017 within the business school.

R&I: What could the risk management community be doing a better job of?

I think we could do a better job with streamlining certificates of insurance or, better yet, evaluating if they are even necessary. It just seems to me that there is a significant amount of time and expense around generating certificates. There has to be a more efficient way.

R&I: What was the best location and year for the RIMS conference and why?

Selfishly, I prefer a destination with a direct flight when possible. RIMS does a nice job of selecting various locations throughout the country. It is a big job to successfully pull off a conference of that size.

Curt Gross, Director of Risk Management, Parker Hannifin Corp.

R&I: What’s been the biggest change in the risk management and insurance industry since you’ve been in it?

Definitely the change in nontraditional property & casualty exposures such as intellectual property and reputational risk. Those exposures existed way back when but in different ways. As computer networks become more and more connected and news travels at a more rapid pace, it just amplifies these types of exposures. Sometimes we have to think like the perpetrator, which can be difficult to do.

R&I: What emerging commercial risk most concerns you?

I hate to sound cliché — it’s quite the buzz these days — but I would have to say cyber. It’s such a complex risk involving nontraditional players and motives. Definitely a challenging exposure to get your arms around. Unfortunately, I don’t think we’ll really know the true exposure until there is more claim development.

R&I: What insurance carrier do you have the highest opinion of?

Advertisement




Our captive insurance company. I’ve been fortunate to work for several companies with a captive, each one with a different operating objective. I view a captive as an essential tool for a successful risk management program.

R&I: Who is your mentor and why?

I can’t point to just one. I have and continue to be lucky to work for really good managers throughout my career. Each one has taken the time and interest to develop me as a professional. I certainly haven’t arrived yet and welcome feedback to continue to try to be the best I can be every day.

R&I: What have you accomplished that you are proudest of?

I would like to think I have and continue to bring meaningful value to my company. However, I would have to say my family is my proudest accomplishment.

R&I: What is your favorite book or movie?

Favorite movie is definitely “Good Will Hunting.”

R&I: What’s the best restaurant you’ve ever eaten at?

Tough question to narrow down. If my wife ran a restaurant, it would be hers. We try to have dinner as a family as much as possible. If I had to pick one restaurant though, I would say Fire Food & Drink in Cleveland, Ohio. Chef Katz is a culinary genius.

R&I: What is the most unusual/interesting place you have ever visited?

The Grand Canyon. It is just so vast. A close second is Stonehenge.

R&I: What is the riskiest activity you ever engaged in?

Advertisement




A few, actually. Up until a few years ago, I owned a sport bike (motorcycle). Of course, I wore the proper gear, took a safety course and read a motorcycle safety book. Also, I have taken a few laps in a NASCAR [race car] around Daytona International Speedway at 180 mph. Most recently, trying to ride my daughter’s skateboard.

R&I: If the world has a modern hero, who is it and why?

The Dalai Lama. A world full of compassion, tolerance and patience and free of discrimination, racism and violence, while perhaps idealistic, sounds like a wonderful place to me.

R&I: What about this work do you find the most fulfilling or rewarding?

I really enjoy the company I work for and my role, because I get the opportunity to work with various functions. For example, while mostly finance, I get to interact with legal, human resources, employee health and safety, to name a few.

R&I: What do your friends and family think you do?

I asked my son. He said, “Risk management and insurance.” (He’s had the benefit of bring-your-kid-to-work day.)

Katie Dwyer is an associate editor at Risk & Insurance®. She can be reached at [email protected]