Why the Future of Cyber Insurance Depends on the Cyber Talent Behind It

2025 saw a 32% increase in ransomware attacks worldwide, compared to the year before. Manufacturing, health care, education, and supply chain industries felt the brunt of these attacks. Approximately 30% of data breaches involved a third-party partner or vendor.  

One report even projected a $10.5 trillion cybercrime price tag for the year. 

“We’re living in a very technology-driven world, and therefore, every company has some type of cyber exposure. No matter whether you’re one of the largest billion-dollar companies or you’re a small mom-and-pop, you have a cyber exposure,” said Siobhan O’Brien, global head of cyber (COE), MSIG USA.

“As companies have grown to understand what that exposure is and their need for cyber insurance, the industry has ballooned,” she said.

Cyber insurance has become a necessity for businesses across the board. Additional technological advances, like the explosion of AI adoption, place institutions and organizations on the precipice of today’s biggest risks.  

Still, “when you look at it from a macroeconomic perspective, the demand for cybersecurity expertise certainly outweighs the supply,” said Patrick Thielen, global head of cyber insurance, Liberty Mutual.

Insurance can offer solutions to today’s biggest threats, setting up clients for cyber success. But that’s only made possible with the right cyber team behind the policy. 

Cyber Risks Need Cyber Experts 

To build a robust cyber offering — one where the product fits the changing market, makes sense and addresses a dynamic risk landscape — obviously requires the talent to back it. 

Siobhan O’Brien, global head of cyber (COE), MSIG USA

“As far as cybersecurity goes, there is a ton of talent out there, and it’s really more about how do we get those individuals into the insurance industry? How do we identify them, and how do we help them develop the skillsets to enter to the insurance industry and make it attractive to them?” added Jamie Schibuk, EVP, professional liability and cyber, Arch Insurance.

After all, cyber insurance is more than signing a contract and waiting for the next renewal; cyber requires a hands-on and available team that can react to policyholders’ needs as they arise. And good cyber insurance and risk management professionals want to be a part of creating good cyber health. 

“We want to be able to partner and be able to provide risk management solutions to the policyholder,” said John Butler, cyber product leader, E-Risk, a Nationwide Company.

“In the cyber space … we want to present to the insured more than just the risk transfer proposition [of a policy], but also there’s these services that come along with that purchase, that they can access certain expertise when it comes to cybersecurity, whether it’s helping them develop incident response plans or strengthen cyber resilience within that organization.”

That means, in a lot of instances, bringing in cyber experts beyond the “traditional” insurance background. 

“We need security engineers, people who are ultra familiar and have a depth of understanding of software, various hardware components and things our insureds might be using,” said Dan Law, head of cyber practice at HSB, a Munich Re company.

“We have to pull from dozens of different disciplines in the world to build out these services and a response mechanism” that fits today’s cyber risk landscape, he said.

Recruitment Efforts that Work 

Experts agreed: Looking for potential hires outside an insurance background strengthens the talent pool. While a risk management or insurance degree is still a boon, because of the dynamic world of cyber, finding talent that’s able to adapt to its changes is vital. 

Sometimes that starts with looking at those already in the cyber space.  

“We definitely want to bring in people with more of that traditional security background,” said Schibuk. This opens the door for cross training for everyone on the cyber team.

“Within our company, we conduct weekly trainings for all levels within the group, from people who are just starting out to people who have been doing it for 20-plus years,” Schibuk explained. “That’s bringing together underwriters as well as risk engineers, claims, product development, and really getting everyone exposure to the different types of roles and aspects of the job that they may or may not have direct exposure to day to day.”

Recruitment should also be starting early, so that those who have interest in cyber and technology can be trained from the very beginning.

“In the UK, we have apprenticeships which allow young adults who may not have the financial resources to go to university, or perhaps they don’t thrive in those sorts of learning environments, to come directly into the workplace as apprentices with a learning and career development plan. This helps them to join the industry at an entry level, by gaining valuable hands-on experience while they also gain a qualification,” said MSIG USA’s O’Brien.

Similarly, for those who can attend higher education, O’Brien’s team offers internship opportunities in its U.S.- based operations: “We bring in second and third year university students into the company during summer break, and introduce them to, what is insurance? What is cyber insurance? What could it look like as a potential career for them?” she said.

Keeping People Engaged 

Once hired, keeping employees invested in their career becomes the focal point.

On-the-job training holds a significant role in retaining talent, whether that be in the cyber space or across the insurance industry, because it shows an investment in employees and their learning opportunities. 

“It’s about always having the sense that you’re learning, because we all want to continue to round out our capabilities and to learn and making sure that we’re continuously educating ourselves,” said O’Brien.

There’s also providing opportunities for these professionals to focus their skills through continued learning and designations, (like The Institutes’ Associate in Cyber Risk Management or the Certified Cyber Insurance Specialist, to name a few). 

Above all, giving talent the opportunity to stretch and explore the profession and its many facets will inevitably lead to more satisfaction. 

“Anytime you have a rapidly growing industry, there’s going to be a huge demand for talent, and there’s going to be new pockets of opportunity continuously opening,” said Thielen.

“[Cyber] is a rapidly innovating space. If we’re not doing the innovations ourselves, then we’re insuring those innovations. … The insurance industry, in general, is also pretty economically resilient. Whether it’s an economic boom or an economic downturn, there’s always demand and a need for insurance. What a combination to have for cyber professionals: an incredible amount of career stability, career maneuverability, with continuous opportunity and challenge.” &