Rising Star Thompson Mackey on the Cyber Insurance Market and Other Risk Management Considerations
Come see the Stars! As part of our ongoing coverage of the best brokers in the commercial insurance space, Risk & Insurance®, with the sponsorship of Philadelphia Insurance, is expanding its coverage of the Rising Stars — those brokers who represent the next wave of insurance brokering talent.
Look for these expanded profiles on the Risk & Insurance website and in your social media feeds now and continuing into 2023.
Here’s our conversation with 2023 Cyber Power Broker finalist Thompson Mackey, risk management consultant with EPIC Insurance Brokers.
Risk & Insurance: Tell us how your career trajectory led you to focus on the tech sector.
Thompson Mackey: I started my career at Cambridge & Associates in Washington, D.C., as an investment analyst. I gained a deep understanding of the mechanics of risk management from a portfolio management standpoint, and that sparked an interest for me in commercial risk management and the commercial insurance market. Ultimately, that led to a change to the commercial brokerage space about 10 years ago.
I’ve always been a technology enthusiast; I spend a lot of my free time learning about it. It was the combined interests of risk management and technology that led me to focus specifically on cyber insurance brokerage and that evolving space. I developed an expertise in the tech sector and learned about my clients’ businesses.
R&I: How do you think the pandemic has influenced client service positively and negatively?
TM: There’s both positive and negative impacts for client service that the pandemic has created. On the positive side, obviously, the accelerated adoption of virtual meeting tools that we use — these companies that were previously obscure became critical infrastructure overnight. That enabled seamless remote collaboration and allowed for faster response times and increased accessibility for everyone, which of course led to pandemic work fatigue.
In the cyber world, it also put an emphasis on productive risk management. This is when all the ransomware events are happening, everyone is scrambling to implement MFA throughout their network infrastructure, and it highlighted the importance of preparedness and business continuity planning, which a lot of companies hadn’t done before. It made our clients more open to reassessing and updating their risk management strategies, of which insurance is one small part.
On the negative side, our business is a people business, and the pandemic has ultimately reduced the amount of in-person interactions that we have, and that affects our ability to build strong personal relationships with clients and hinders our ability to gain deep insights into a client’s operations and culture.
R&I: Given recent layoffs in the tech sector, with more possible, what are your predictions for the health of the market?
TM: One thing that people may be overlooking is the potential for an increased demand for cyber insurance caused by two things: One is an increase in cyber risk due to disgruntled former employees. Also, companies could recognize the need for additional protection against cyber threats through that process.
I think we’re going to see heightened underwriting scrutiny from insurers around tech companies’ workforce changes and the effect on their cybersecurity posture. That will lead to more rigorous underwriting for the potential risk. We’ll see continued coverage and pricing evolution.
We’re past the days of crazy rate inflation in the cyber market. We’re actually seeing rate decreases for the first time in years, which is excellent news. New capacity is coming in and potentially the layoffs in the tech sector could affect what we’re seeing today, but so far we haven’t seen any relief on the rate deflation.
R&I: What is your brokerage philosophy writ large?
TM: First and foremost, it’s client-centric. It’s prioritizing the understanding of the client, their risk profile, their business objectives, their risk tolerance, their unique needs.
It’s taking a tailored solution for risk management to each client. Cyber is not a one-size-fits-all risk management product, and underwriters are getting good at that.
Secondly, it’s comprehensive risk management. I always tell clients, insurance is the most expensive way to finance risk, so we want to do everything we can to minimize and mitigate and transfer risk before we ever approach the insurance market to buy risk.
Ultimately, that is combining the insurance coverage with comprehensive risk management strategies to never have the claim, but if we do have the claim, then know that we have the protection and did the work on the front end to make that protection the least expensive possible.
Education and awareness are important. A lot of our clients, even our larger and more sophisticated clients, are not cyber insurance experts; they defer to us for that. I want to bring them up to speed on cyber insurance and the nuance of available coverages, even going as far as promoting a culture of cybersecurity at the company level.
Transparency and trust: We have to have extremely high standards in all client interactions to build that long-term relationship on trust and mutual understanding.
R&I: What changes do you expect to see in the market in the next year? Will the remote-work change continue to affect the cyber market?
TM: We’re going to see continued growth in demand. This is a new market relative to the rest of the insurance market. Increased reliance on technology will continue to drive businesses to seek out cyber insurance coverage. We’ll see the market continue to evolve as well.
Things like Chat GPT and language models are a great example of a paradigm shift in what is normal and natural around the world, and it’s rapidly advancing. That, combined with the remote-work revolution, will introduce new cyber threats and vulnerabilities, and ultimately we need to figure out how to control for those through proactive risk management and cyber insurance.
We’ll see a greater focus on remote-work related risks. I can see insurers developing specific coverages and endorsements to address the risks associated with remote-work environments, such as home-network security or personal device use or personal privacy concerns.
Potentially, we could see some limits or carve-outs and more scrutiny as losses continue to accumulate from those risk verticals. Regulatory changes are also likely. As each state develops its own regulations, we could see significant changes in compliance coming down, which could have an effect on underwriting criteria. &