Rising Star Kaitlin Upchurch Has an Eagle’s Eye for Cyber Risk — Here’s Why You Should Too

Cyber risk is Marsh's Kaitlin Upchurch's specialty. She shares the top cyber trends every risk professional wants to have on their radar now.
By: | September 17, 2021



Come see the Stars! As part of our ongoing coverage of the best brokers in the commercial insurance space, Risk & Insurance®, with the sponsorship of Philadelphia Insurance, is expanding its coverage of the Rising Stars, those brokers who represent the next wave of insurance brokering talent.

Look for these expanded profiles on the Risk & Insurance website and in your social media feeds now and continuing into 2022.

Here we chat with Kaitlin Upchurch, senior vice president, South Central zone cyber leader at Marsh, and a 2021 Cyber Power Broker and Rising Star.

Risk & Insurance: How did you find your way into the insurance business, and what led you ultimately to the cyber space?

Kaitlin Upchurch: In college, I was a double major in business and French.

It was difficult to know what industry would best suit this major as most of my peers were looking into roles in banking, consulting, marketing or sales. I interviewed for jobs in all of these fields and ultimately had a few job offers from a diverse group of companies and industries.

One of those companies was Chubb, which was recruiting at Wake Forest — my alma matter. I did not know anything about the insurance industry, but I really liked the description of the role at Chubb — an underwriting training program for “Executive Protection.”

The HR director described the role as learning how to protect top corporate executives from key risk issues with the financial protection of insurance. I would use my business skills analyzing financial statements and premium figures, and also marketing skills to build relationships.

This seemed intriguing.

Ultimately my career advisor in college encouraged me to take the job at the best company with the best training program — Chubb had (and still does) have an excellent reputation. I moved to Dallas for the training role, not knowing anyone or anything about the field.

In my first year at Chubb, I worked with all executive lines products, including cyber insurance. The process for underwriting was still new and developing, which was interesting to me.

Ultimately, when I moved to become a broker a few years later, my interest in the development of the product and risk issue continued to be a key pursuit of mine within the industry.

R&I: There’s a lot going on in the cyber world today. What would you say are the top three trends risk professionals should keep on their radars and why?

KU: Whether you are an insurance broker, risk manager or insurance company professional, I believe it is important to focus on the following three trends: 1) the interrelation of cyber security risk across all areas of insurance; 2) the change in the procurement process for insuring cyber risk; and 3) the need for various stakeholders to come together to tackle the issue of cyber risk.

“Risk professionals can be an instrumental conduit to bringing stakeholders within their own organization together to discuss technology risk issues.” — Kaitlin Upchurch, senior vice president, South Central zone cyber leader, Marsh

First, the interrelation of cyber risk across all areas of insurance is important, because for many years, cyber insurance and risk has been viewed as siloed. Now we see the risk issue crossing all boundaries of insurance products, which is natural because companies are so dependent upon technology to conduct operations that it is nearly impossible to separate technology/cyber risk from business risk.

As a result, risk professionals need to think about their insurance and risk transfer programs from the lens of technology disruption.

Second, the change in the procurement process for cyber insurance is critical. Insurers are not differentiating risk by industry and size of company — the underwriting process is truly about risk selection.

Being able to tell the cyber security story of an organization is fundamental to finding insurance solutions, and it is important to dig into the details of where the company started with this story, where they are headed, and what support they have internally to ramp up investments to continually protect their operations.

The process is extremely technical, but it is no different from the fundamentals of making sure a building or a car is safe. We just have a different language that we have to get used to as risk professionals dig into the fundamentals of cyber security programs — fundamentals, which make technology most secure for a business to operate.

Finally, and I believe most importantly, is the need for stakeholders to come together to tackle the issue of cyber security.

This is not just an IT problem or a cyber insurance broker or underwriter’s problem — it is a business problem.

Risk professionals can be an instrumental conduit to bringing stakeholders within their own organization together to discuss technology risk issues. Within the insurance broker and underwriting community, we can come together as insurance product experts and learn how our risk issues interrelate due to the deep integration of technology in the way we work.

R&I: Can you share with us a brokering moment in your career that you are most proud of?

KU: In the current market, completing every renewal and having a happy client as a result is always a proud moment.

Most recently, I was successful in placing a renewal policy for a client with an extremely notable security breach and worked with a number of stakeholders to come to a resolution for this client in the heat of a rapidly firming cyber insurance market.

There is a specific moment I am most proud of though — early in my career, I had an opportunity to moderate a panel of cyber risk professional experts. It was my first opportunity to speak to a large group of risk managers, CFOs, GCs, CIOs and CISOs about the issue of cyber risk and cyber security.

I was nervous that I would not know how to stir up a conversation with a group of people who had not historically come together in this sort of venue to discuss this issue.

With a lot of preparation and support, the event went very well and was engaging. The clients I spoke to saw me as a developing expert in the field and a “go to” person for their cyber security risk and insurance questions.

This event was the first of a long line of opportunities to help clients understand their own cyber risk issues within their organization and begin to learn how to tackle the issues.

R&I: What is your brokering philosophy?

KU: As a broker, you are dealing with three key parties: your client, the underwriter and your internal colleagues. Everyone is coming from a different place with different motivations, objectives, stressors and pressures.

My philosophy is always to be empathetic to the other party’s situation. Is the client under pressure internally — why? Are they low on internal resources, which is why they may be asking for additional help? Are they lacking education about the topic, which is why they may need to come back and repeat the process or education several times before it sticks?

Knowing where the other party is coming from helps me find meaningful purpose in the solution and process that I am providing to help my client.

As I deal with the underwriters, it is particularly important to be empathetic. If you can find ways to work with the other party despite a challenge they may be facing — especially now within a very challenged cyber market and global pandemic — it is easier to gain respect and trust from your underwriter.

As a result, it is much easier to land on an agreement for a negotiation and maybe even have a little fun in the process.

Finally, it is important to be empathetic with your own colleagues within your organization. We must work together as a team and play to each other’s strengths to get the best outcome for our clients, yet also know when we need to support each other and offer help and assistance to get a colleague out of a difficult situation with a client.

R&I: What advice would you give to up-and-coming students who are interested in a career in insurance and risk management?

KU: I would give the same advice that was given to me when I was selecting a job. Consider a career opportunity at a strong company with good training — that will provide you an excellent foundation to further your career.

In your first role, seek out people from different groups within the organization and network with them. Find advocates for your career and spend time learning from them.

Also, I of course think the cyber risk and insurance industry is a great place to start, because you will learn a lot about all facets of a business, interact with many stakeholders within your organization, and have a dynamic and fast-paced learning curve along the way! &

Autumn Demberger is a freelance writer and can be reached at [email protected].

More from Risk & Insurance