Join Sean Martin and Ryan Griffin from McGill Partners as they delve into the complexities of cyber insurance, discussing how reliable data from HITRUST is transforming risk management for large organizations. Discover the evolving role of cyber insurance in safeguarding businesses against high-impact cyber threats and the strategies for making the process less intimidating.
During the latest Brand Story episode recorded as part of the On Location series at HITRUST Collaborate 2024, host Sean Martin speaks with Ryan Griffin from McGill Partners about the intricacies of cyber insurance.
Ryan Griffin, who plays a key role at the cyber insurance brokerage firm McGill Partners, shares insights into the importance of cyber insurance for large and complex organizations. Griffin outlines how the company helps clients understand and quantify their cyber risks before negotiating with over 100 cyber insurers to secure coverage. This rigorous approach is crucial given the volatile nature of cyber risks.
One of the significant challenges in the field, Griffin notes, is the counterparty risk involved in contractual relationships between large organizations. He emphasizes the necessity for businesses to carry adequate insurance coverage, akin to traditional liability insurance. Griffin reflects on the market evolution where organizations now see the value in cyber insurance, which should ideally cover rare but high-impact events.
The episode also highlights the pivotal role of data in understanding and pricing cyber risks. Sean Martin brings attention to the collaboration between McGill Partners and HITRUST. HITRUST's extensive data on cybersecurity and privacy maturity provides Griffins' team with a strong foundation for tailored cyber insurance solutions. Griffin praises HITRUST’s reliable framework that has been in place since 2007-2008, saying it’s a key differentiator in the cyber insurance space.
Sean Martin also notes the ongoing evolution in how organizations approach cyber insurance. Historically, the market's response to cybersecurity certifications has been lukewarm, but there is a shift towards utilizing credible, respected frameworks in insurance solutions. HITRUST certifications, such as the R2 certification, now play a crucial role in demonstrating an organization's efforts to mitigate risk and are instrumental in securing favorable insurance terms.
Griffin further discusses the multifaceted stakeholders involved in procuring cyber insurance within organizations. He talks about the need for simplifying cyber risk management for different organizational roles, particularly the non-technical insurance buyers. Griffin emphasizes making the insurance process less intimidating by leveraging compliance and cybersecurity measures already in place.
Ryan Griffin underscores McGill Partners' mission to create a mature and sustainable risk pool, making cyber insurance predictable and reliable for their clients. The collaboration with HITRUST showcases a tangible effort towards improving trust and efficiency in the cyber insurance market. With accurate, trustworthy data, McGill Partners is dedicated to reducing insurance barriers and ensuring organizations are well-prepared to meet their cyber risk management needs.
Learn more about McGill and Partners: https://itspm.ag/mcgill-and-partners-o89w
Note: This story contains promotional content. Learn more.
Guest: Ryan Griffin, Partner, McGill and Partners
On LinkedIn | https://www.linkedin.com/in/ryanpgriffin/
Resources
Learn more and catch more stories from McGill and Partners: https://www.itspmagazine.com/directory/mcgill-and-partners
Video Podcast: Introduction to HITRUST’s Cyber Insurance Facility: https://itspm.ag/hitrusp5x6
Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust
Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Building a Sustainable, Predictable Cyber Insurance Market | 7 Minutes on ITSPmagazine From HITRUST Collaborate 2024 | A McGill and Partners Short Brand Innovation Story with Ryan Griffin
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] And here we are. We're ready for another seven minutes on ITSP Magazine with a new short brand story coming to you from HITRUST Collaborate 2024. And we're going to talk about cyber insurance today. I'm thrilled to have Ryan Griffin from McGill Partners on. How are you, Ryan?
Ryan Griffin: I'm doing great.
Sean Martin: Good to have you.
You just finished a fantastic panel. And, uh, this is a topic that's near and dear to my heart because I'm a nerd. It's driven by data and there's a lot of technology involved. A few words about your role in the Guild Partners and what the company does. Sure.
Ryan Griffin: Yeah, we're a boutique cyber insurance brokerage.
Uh, we help large and complex organizations, uh, sort of understand this risk. Ideally quantify it, which is a tough task and then ultimately off way a good amount of it into the cyber insurance market. So we're not a capital provider. We're not providing or writing the insurance. We're negotiating the insurance with the 100 plus cyber insurers that are out there, which is easy.
I'm sure. Oh, it's just easy to track down hundreds of millions of capacity for a volatile risk. [00:01:00] Yeah, really easy.
Sean Martin: Let's talk about, um, easy. What or the opposite of it? Actually, kind of some of the challenges that Your clients typically face, I don't know if they come to you first, or they end up with you last, or Yeah, trying to find coverage.
Ryan Griffin: Yeah, I think I think it's a difficult thing because I think this counterparty risk right this idea, especially if you're contracting with large and complex organizations, everybody wants to make sure that You're buying a reasonable amount of insurance, just like you would for, you know, liability insurance for slipping and falling.
I think in the B2B context, everybody wants to make sure everybody's carrying reasonable amounts of insurance. And over the last couple years, it got really difficult to get the insurance. Um, I joke that, like, we spent about a decade trying to sell this insurance to anybody, and everyone's like, There's no use case for this.
This is an indictment of my ability to secure the organization. I think, thankfully, those days are gone. Um, and now organizations want to use insurance because they understand they can't completely mitigate this risk. And insurance should [00:02:00] be, be there for, I'll use an insurance term, like the 1 in 100 year or 1 in 500 year storm.
And so you want this insurance product to be priced at a point that it's covering that tail risk for the things that, uh, cybersecurity and privacy professionals can't mitigate.
Sean Martin: So you, in the panel, you briefly touched on, not briefly, I think you spent quite a bit of time on the amount of, The amount of data needed to understand what the risk really is and how you price it and what the losses will look like.
Um, how does working with HITRUST kind of help give you some of that? Knowledge, maybe confidence in what you're actually.
Ryan Griffin: Yeah, I mean, high trust is sitting on the panacea of cyber security and privacy maturity data, right? We've been for lack of a better phrase. It's been the Wild West for cyber data for a long time and to work with an organization that sort of started this from the ground up, you know, 2007 2008 timeline and has a reliable framework that gets assessed and attested to by [00:03:00] third parties.
That's exceedingly rare in the cyber insurance space. Um, so that's a, a really key differentiator and the reason we're here in Dallas today.
Sean Martin: And so how does, how does, well, we'll say what it is, it's an R2, right? Yeah. R2 gives you the demonstrable proof that you've done. Put some controls in place to mitigate the risk and reduce exposure.
That gives you confidence in providing a policy and some coverage. How does that change the conversation? How does that change the process?
Ryan Griffin: Yeah, I, what we find is that so many organizations are going through and taking cybersecurity and privacy so seriously and investing hundreds of hours to achieve these certifications.
And then historically, the cyber insurance market said, Oh, that's nice. It did nothing with it, right? And so part of this was initially an efficiency play, right? There's only so many man hours in the day to get these assessments done and the [00:04:00] insurers were Creating their own assessments. And so I think it's been a really interesting development to start to tie really credible sources and respected cybersecurity frameworks and other technologies To insurance solutions, um, it's existed in other lines of coverage for years and years.
We use the example today about, I mean, I, I know I have to use my phone with the safe driving app and get a score, um, it's not that great, I break very hard, but, um, we're trying to get that sort of data sources, um, uh, to help underwriters, uh, have some more confidence in underwriting this risk.
Sean Martin: And talk to me about as much as you can, the, the, the role of.
different people within the organization that are involved in procuring insurance coverage. It's not just the CISO, right?
Ryan Griffin: It isn't. And again, I joke that I never thought I'd be in the insurance industry, but it is a necessary evil in a lot of ways, uh, in order to kind of be a [00:05:00] reasonable business person.
And so I think that the difficulty that we have in cyber is that You are effectively speaking a different language with the people who typically buy corporate insurance at organizations. We're talking about property, liability, other types of coverage that these people mostly came up in the business and know it.
And then we layer this cyber thing on them and they're like, I'm afraid of the IT people. I'm afraid of the cyber security people. So we're trying to make it easier for different stakeholders in the organization to tackle this risk holistically. Um, and then again, leverage some of the great things that are going on within compliance functions or cybersecurity functions to just make this less intimidating for the insurance buyer.
Sean Martin: And so, tell me about the engagement with McGill. Yeah. What were some of the outcomes or things you've heard from clients that worked with you?
Ryan Griffin: Yeah, so I think that the biggest thing is we wanted to make sure that. When clients are faced, we want clients to be able, especially in the vendor community, you think about the SAS [00:06:00] platforms that are helping major organizations run their business.
Um, in order to sign a contract on a new deal, you need to evidence certain cybersecurity provisions, like a high trust certification. And by the way, you have to carry a certain amount of insurance. And so we want to take down those barriers so they can confidently meet those insurance requirements year in year out with a predictable price.
And so it's really about matching. Uh, a really trustworthy framework, uh, and compliance regime like HITRUST with capital providers. And so it's, we effectively had a broke, we're brokers, broke HITRUST into an insurance market and say, will you trust this data, um, on their client's behalf? And so far there's been a really good uptake.
Sean Martin: I love it. So having the confidence in data, it's reliable, trustworthy. You can actually get insurance for the work you've already done. And hopefully get a better pricing as well.
Ryan Griffin: Yeah, create a, create a mature risk pool. I mean, that's what we're all about. Um, and make it [00:07:00] sustainable. So it's predictable.
Sean Martin: Love it. Thank you very much. Yeah, I appreciate it. And that's seven minutes here on ITSV Magazine. Thank
you.