Newsletters
Risk Central
Digital EditionWSIA Preview: Liberty Mutual’s Erin Strub Halchak
In early September, ahead of her appearance at the WSIA Marketplace in San Diego, Dan Reynolds, editor in chief of Risk & Insurance, caught up with Erin Strub Halchak, RPLU, Head of Cyber – U.S. for Liberty Mutual. What follows is a transcript of that discussion, edited for length and clarity.
Risk & Insurance: Thanks for meeting with us Erin. What actions are insurers taking to help organizations strengthen their cybersecurity defenses against evolving threats?
Erin Strub Halchak: Insurers like Liberty Mutual are responding by developing dedicated risk cyber engineers to address modern cybersecurity challenges. Previously, these risk engineers focused internally, helping our underwriters select appropriate risks and identify correct pricing. Now these teams add value directly to our current and prospective customers and brokers.
We deliver this value through cyber risk mitigation best practices, updates on the latest threat factors and trends, and assisting with tabletop exercises to ensure their readiness for potential incidents. The insurance industry now plays a more significant role in helping companies understand risk mitigation, management best practices, and the complexity of today’s cyber attacks.
This evolution represents a shift toward a service approach that complements the traditional insurance policy offering.
R&I: How do you structure access to your internal cyber risk engineers – are these services available to prospective clients or exclusively to policyholders?
ESH: These services are offered during the underwriting process to prospective insureds. Clients access those services after purchasing a cyber policy from us.
Our approach differs from some other insurance companies in that our cyber risk engineering services are exclusively dedicated to Liberty insureds. This ensures our policyholders receive dedicated support from our internal team.
R&I: How does the ongoing risk engineering support function after a policy is purchased?
ESH: It really varies across different organizations. Our approach is to introduce ourselves to our insureds, including our risk engineers and claims team, to get a full analysis of their risk. We may call it a scorecard of where they stand from a risk management perspective and then identify how they can improve their scorecard.
The frequency varies risk by risk. Larger risks may need more touch points, while smaller risks may only need an annual touch point or even less. It really comes down to their specific exposures.
In the past, Chief Information Security Officers (CISOs)were the ones taking the lead on securing company infrastructure. Today, it needs to be a combination of CSOs, risk managers, insurers and brokers partnering together to identify cyber exposures within the organization and determine their specific risks and mitigation strategies. Developing an incident response plan with partners, including insurers and vendors, is a critical component to organizational resiliency.
R&I: Can you talk about the importance of communicating a resilience plan company-wide, and hopefully avoiding litigation that alleges your processes were negligent?
ESH: Absolutely. We talk so much about preparedness – what you’re going to do, who you call, and how to access your policy if your entire network is down.
Going through all of that in advance of a breach is really going to support the organization when an event happens. The company will have established relationships with their vendors and already selected which ones they want to use from a panel list.
Being prepared and having the support of your risk manager, CISO and insurance carrier is crucial to help you through that difficult day when a breach occurs.
R&I: In today’s soft market conditions, how does the binding process typically work regarding policy term length?
ESH: In general, we’re looking at an annual policy. In the soft market conditions, I’m starting to see eighteen-month terms more frequently than I have in the past. But multiyear policies remain rare in practice given how fast the market can change.
The annual policy has been a benefit to both buyers and insurers. Buyers are benefiting from a continuing soft market where they can potentially get better rates and more coverage.
For insurers, annual terms provide the opportunity to reassess risk, adjust premiums, and update coverage as appropriate every year.
R&I: What makes the cybersecurity environment so dynamic?
ESH: The industry is characterized by fast-moving products. The regulatory environment, legal landscapes, and threat landscapes are all evolving as we speak.
R&I: How are insurers collaborating with regulators and lawmakers to address the overwhelming volume and sophistication of cyber threats?
ESH: The age of the artisan cyber thief is over. An entire industry has emerged where numerous bad actors each offer niche services as part of a coordinated discipline and relentless attack.
As a result, insurers are actively working with industry and technical associations to understand the latest threats and how best to combat them. This includes collaborating on appropriate regulatory developments at both the federal and state levels.
R&I: What are the top two considerations for cybersecurity insurance buyers in today’s rapidly evolving risk landscape?
ESH: Number one is the market expansion beyond coverage into services. This is a benefit to both the insurer and the insured. Buyers are increasingly interested in cyber risk mitigation services and how their insurer can help them prevent attacks and improve resilience.
The top question for many risk managers is how to ensure their infrastructure is strong enough to prevent and respond quickly to attacks. Liberty and other insurers are developing dedicated risk engineering teams to provide that support. We’re building out our panel of vendors and technical experts from breach coaches to defense counsel to provide a holistic solution and partnership for our insurance.
Second is the need to look around the corner. Savvy buyers and brokers want insurers who can leverage global resources and scale to help them understand emerging risks and prepare for incidents like the recent CrowdStrike outage. They can partner with insurers who help with continued mitigation and management success, which benefits them when the market inevitably hardens.
Improving the security of technical infrastructure today results in access to more capacity at more favorable rates in tighter markets. This proactive approach ensures companies are better positioned for future challenges in the cyber insurance landscape.
R&I: What final advice would you offer readers about cyber insurance coverage?
ESH: The most important point to stress is thoroughly understanding your insurance policy and how it responds. Many times, we purchase policies without being entirely confident about what they provide and how they respond to claims. I recommend leaning into your broker and technical experts to help you understand your coverage, identify any gaps, and determine how to address those gaps to ensure comprehensive protection for all your exposures. &
