Rising Star Adam Lantrip Looks at Cyber Insurance’s Evolving Landscape, from Silent Cyber to Rate Changes

We spoke with Adam Lantrip, professional and cyber solutions practice leader at CAC Specialty, about our evolving approach to cybersecurity and the value of being hands-on.
By: | December 11, 2022

 


Come see the Stars! As part of our ongoing coverage of the best brokers in the commercial insurance space, Risk & Insurance®, with the sponsorship of Philadelphia Insurance, is expanding its coverage of the Rising Stars — those brokers who represent the next wave of insurance brokering talent.

Look for these expanded profiles on the Risk & Insurance website and in your social media feeds now and continuing into 2023.

We spoke with Adam Lantrip, SVP, professional & cyber solutions practice leader, CAC Specialty, and a 2022 Cyber Power Broker winner.

Risk & Insurance: How did you get into the insurance industry, and into the cyber side specifically?

Adam Lantrip: I had two job offers when I graduated college: going to work a claims desk at a major carrier or selling mutual funds.

I was fortunate to have a great mentor who steered me on the path to insurance initially and then ultimately to brokerage.

Early in my career when I was looking for a path out of property and casualty and into financial lines, I had the opportunity to join a growing cyber team as it was being built. I was again fortunate to have great mentors around me, and even though only a few clients had cyber insurance and a lot of people were skeptical that cyber insurance would ever take off, the decision to take on cyber insurance was one of the best I’ve ever made.

R&I: What changes have you seen in the cyber insurance space recently? What changes do you foresee in the near future?

AL: The headline changes of the past two years has undoubtedly been rate change, but one of the more important changes has been how many organizations have dramatically raised the bar on their baseline levels of cybersecurity.

While rate changes have been dramatic and painful for many, the security posture improvement and more resilient cyber hygiene is resulting in better, more secured organizations, and we expect to see that focus continue for cyber insurers, whereby the best rates will be available to organizations that can best demonstrate a high level of cybersecurity. 

Over time, we hope to drive the market toward efficiently insuring truly catastrophic limits and finding ways to inject additional capital into the market.

Today, organizations willing to self-insure a large amount of risk in exchange for significantly higher limits are constrained by market dynamics that don’t optimize the availability of capacity above a maximum of a few hundred million dollars.

As “silent cyber” becomes excluded in more traditional insurance policies or organizations seek clarity on how much cyber insurance is available to pay a covered loss, we expect the market will need to continue to adapt with inflows of additional capital.

R&I: What are some of the growing cyber risks your clients face?

AL: The risk of what could be a relatively minor event turning into a larger event.

One of the themes we point out to clients is “how large is the blast radius” — meaning, if someone can defeat your security, how much damage can they do, and how long could they be in the system before you catch them and shut down their access?

This shift in mindset from “no one can get into our network” to “no one can do more harm than X, Y, or Z if they get into our network” has been one the cyber insurance market has been pushing since the early days of the hard market.

It’s difficult to argue the logic and claims evidence that supports this shift, and it’s why those companies that can demonstrate a small “blast radius” typically see better results on their cyber insurance renewals.

R&I: You work with a portfolio of companies representing several different industries spread across a dozen countries in North America and Europe. What are some of the challenges you face in handling such a diverse group of clients?

AL: Private equity portfolios are challenging from a cyber perspective in any situation; various industries, variously sized companies and various levels of cybersecurity controls all present specific challenges from a cyber broker’s perspective.

Adding the additional wrinkle of internationally domiciled entities creates even more complexity, and the sponsor’s goals when it comes to a master-level cyber insurance program with a global portfolio brings other considerations into focus like:

  • A single shared policy or individual policies for each company?
  • Do we need locally admitted coverage in certain countries?
  • Are the individual companies in separate networks or a shared network?
  • Are there minimum security controls in place across the entire portfolio?
  • Are the sponsor and/or the portfolio companies aligned to prioritize and achieve the same goals, or are there competing interests (price versus limits, for example)?

R&I: Why is it important to you to continue actively brokering on behalf of your clients, as opposed to taking on a merely supervisory role?

AL: There’s no substitute for day-to-day broking when it comes to keeping up with the pulse of the market.

Staying involved and actively brokering deals helps me stay on top of shifting priorities for both clients and carriers in real time, and allows us as a team to be proactive versus reactive.

We have an amazing team of professionals that do nothing but cyber and tech all day every day, and each of us are better brokers because we all have direct client and market interaction on a daily basis. &

David Agnew is an associate editor at Risk & Insurance®. He can be reached at [email protected].