Chief Security Officer Brandon Pinzon of Argo Group Details Cybersecurity’s Biggest Opportunities and How to Get More Tech Employees at the Helm
Brandon Pinzon, senior vice president and chief security officer at Argo Group is keeping a keen eye on the cyber insurance landscape. It’s a large industry to oversee, with large threats like ransomware looming, but also one ripe with opportunity.
Below, he delves into the cybersecurity world, looking at recruitment of new cyber insurance experts, where to find the best talent, his role as CSO, the cybersecurity threats and opportunities he forecasts for the insurance industry and more.
Risk & Insurance: What are your primary responsibilities at Argo?
Brandon Pinzon: I’m the chief security officer and senior vice president of security at Argo.
I spend a lot of time developing strategies for Argo around data protection and privacy, cyber and physical security, business continuity planning, disaster recovery and regulatory compliance.
R&I: Tell us about some of the topics and issues that are top of mind for you in your capacity as Argo’s CSO.
BP: As I’m sure anyone working in cybersecurity knows, there are more open positions than candidates to fill those roles.
The significant shortage of cybersecurity talent in our industry comes from the standard approach of many companies that hire top talent in tech like they would hire outside counsel, for example, which is to say the gatekeepers first look at your educational background.
Requiring a four-year degree for employment is standard practice across many job openings for good reason, but in tech especially, talented individuals aren’t necessarily getting four-year degrees.
While this runs contrary to much of the common thinking around higher education in the United States, businesses needn’t rely only on the traditional college path to employment to meet their cybersecurity needs.
These difficulties around hiring the best talent are compounded, because as technology continues to develop, we will have new cybersecurity specializations, which make fully plugging the tech gap a moving target.
I’ve recently been interacting with diverse groups of educational institutions and companies seeking to narrow the gap between the demand for cyber-specific security talent and how that talent is being sourced.
There are creative and more accessible ways through certificates, apprenticeships or vocational programs to help fill those roles.
R&I: What can companies like yours do to address the gap?
BP: We’re managing it by looking past the challenges and toward the solutions, finding actionable ways to get more quality cybersecurity professionals into the global workforce by building an ecosystem that supports a wide array of candidate solutions.
That involves consulting academia, continuously developing and updating curriculum, thinking about mentorship at the organizational level, and so much more.
Ideally, we can pull in people who don’t yet work in the tech industry and those who are already fully immersed in it and looking to diversify their job histories.
For example, I recently taught a class at a Japanese-based educational organization that sits at the convergence of privacy protection and cybersecurity. These students were MBA candidates who might not have ever thought about a future working for an insurance company. But from my perspective, that’s a wonderful place to talk to students with bright futures about careers in insurance cybersecurity.
R&I: Beyond hiring, what cybersecurity threats and opportunities are you seeing in the insurance industry?
BP: Cybersecurity is a $20 billion addressable market for the insurance industry. That includes data breaches, ransomware and any other malicious intrusion.
There’s an opportunity to take some of that market share, which doesn’t necessarily require getting capacity, and looking for revenue streams to ensure a cyber deal. The question the industry is really wrestling with is how to price the risk where there is so little data on the actual cost of potential claims.
Cyber liability insurance typically covers expenditures related to losses, probes, lawsuits, extortion, privacy and various notifications. It is becoming cost prohibitive to renew; some companies are seeing increases in their premium of up to 500%, with limits being halved; some are not able to renew their policy; while others are responding by taking their money outside of the policy and self-funding.
This means that products are losing their value in the marketplace where insurance was once proven to be a valuable component in larger risk management strategy, companies are relying on other solutions to address their risk. In response to this pressure, claims information available to insurance companies can be leveraged to help inform how to prevent those loss scenarios.
Top of mind for many companies right now are ransomware attacks, which are increasingly expensive to manage. The average cost is approximately $4.5 million, which does not include paying the ransom. Not only that, it’s a significant impact on reputational liability and continuity of business. &