Brokering Behind the Firewall: Joe Erle, C3
Toby: How did you first get started in cyber insurance, and can you share a bit about your journey up to now?
Joe: I started in insurance in my twenties, initially as a generalist. I was the youngest person in the office, which led me to often handle IT issues. This sparked my interest in tech, and I later pursued an MBA with a concentration in tech project management. Over time, as cyber threats became more prominent, I saw an opportunity to specialize in cyber insurance. I’ve focused on it ever since, helping clients across various industries manage their cyber risks. I've worked with businesses from construction to manufacturing, adapting my approach as cyber threats evolved, especially with the rise of ransomware.
Toby: What advice would you give to generalist brokers looking to break into cyber insurance?
Joe: Start talking to your clients about cyber risks, even if they seem uninterested at first. Use a structured process that includes interviewing the client, conducting internal and external scans, and analyzing application information. This helps identify vulnerabilities and enables necessary security features. Often, simple fixes can make a client more insurable and result in better pricing. It's about educating clients and helping them improve their security posture to reduce risk and insurance costs.
Toby: What can clients expect when they come to you as their cyber risk advisor?
Joe: Our process begins with a discovery call to understand the client’s current cyber security posture, any previous claims, and their budget for cyber security. We perform scans and benchmark their risk against other companies in their industry. We then go to insurance carriers, present the client’s story, and negotiate the best terms possible. Once a policy is in place, we offer continuous support with regular scanning and updates to ensure ongoing protection. We tailor our approach to each client’s unique needs, ensuring they have the best coverage and risk management strategy.
Toby: How do you approach working with traditional industries like manufacturing and construction that might be less mature when it comes to managing cyber risk?
Joe: Education is key. We explain the main exposures and potential claim scenarios relevant to their industry, such as funds transfer fraud and invoice manipulation in construction. These industries often rely on integrated software and have valuable trade secrets, so we emphasize the importance of securing their systems. Even if they believe they have no valuable data, downtime from a cyber attack can be devastating. We help them understand the risks and implement controls to protect their operations.
Toby: What are some common misconceptions about cyber insurance that you’d like to debunk?
Joe: There are a few major misconceptions. First, many small businesses think they are too small to be targeted, but 81% of claims involve businesses with under 100 employees. Small businesses are actually less able to absorb the impact of a cyber attack. Second, companies often believe they’re safe if they’re not in the tech sector, but all businesses use technology and can be disrupted by cyber attacks. Finally, there's a misconception that data in the cloud is fully secure and the provider is responsible. In reality, businesses must ensure their cloud providers have robust security measures and that their contracts include breach notification clauses.
Toby: What’s your take on the current state of the cyber insurance market?
Joe: The market is seeing a lot of positive developments. There's increased adoption of cyber insurance, and prices have come down significantly from their peak in 2022. We’re also seeing more InsureTech and traditional companies entering the market, which drives competition and innovation. Additionally, insurers are offering value-added services like scanning, AI-driven tools, and educational programs to help businesses improve their security posture. Whether it's a traditional carrier or a wholesale partner like 1Fort, they’re offering robust systems that you might otherwise buy on the open market for $10,000 to $15,000. For instance, 1Fort has a GRC-like platform where you can use connectors to track your cybersecurity efforts in one dashboard, which is very valuable, especially for smaller companies that don’t have a full-time CISO.
Toby: What excites you about the future of cyber insurance and cybersecurity?
Joe: The future of cybersecurity will be driven by AI and automation. Next-generation cybersecurity tools will use AI to detect and respond to threats in real-time, providing a level of protection that current tools can't match. As cyber criminals also adopt AI, it’s crucial for defense mechanisms to evolve. The integration of AI will help prevent attacks more effectively and ensure that businesses can stay ahead of emerging threats. This evolution is necessary to combat the increasingly sophisticated tactics used by cyber criminals.
If you're interested in partnering with C3 for your cyber insurance program and accessing 1Fort's risk services, contact Joe on LinkedIn and follow his weekly posts on cyber risk.