How to Talk About The Most Important Parts of Cyber

It starts with making sure you always walk in with a price.

Believe it or not, it's easy to talk about why the coverage is so important.

The tricky part is remembering to always give them an accurate indication of what it will cost.

Based on how much you care about the policy they might think it costs a lot more than it actually does.

Adam Connor, RPS Broker and cyber expert, breaks down all the secrets he knows to win more accounts.

Joey Giangola: Mr. Adam Connor, how're you doing today, sir?

Adam Connor: I'm doing well. How about yourself, Joey?

Joey Giangola: Adam, I'm doing all right. I feel like this conversation is a little bit overdue and before we really go anywhere, I kind of want to know this. What's one thing that you care about more than you probably should?

Adam Connor: Good question. I guess... Let's say, bourbon. Right? So, I like to go out. It's like one of those hobbies that you get. You go out and you try to find a good deal. It's not like you're always drinking it, but you're trying to always find something. You kind of share with your friends when they come over, and then you're always kind of chatting with them when you find a good one. In fact, I got [crosstalk] painting back there, right behind me.

Joey Giangola: That's definitely something that's way out of my league. I wouldn't know where the first place to start. I mean, what's a good deal? What are you looking for? What is something that is worth paying attention to?

Adam Connor: I guess if it's like, "Hey, what is super sought after and what would you can't imagine?" Everybody's going after Pappy's and stuff. Those are always super popular. I think, like a Holy Grail of what bourbon would be, for me, would be maybe a Michter's 25, something like that, or a Michter's Celebration or an Old Forester Birthday, stuff like that. They're pretty hard to come by, hard to find. And if you do find them, they're so expensive.

Joey Giangola: Is there such thing as a high-end bourbon, like a dispensary place? Is that something that you would find yourself being, an entrepreneur and after insurance?

Adam Connor: Wow, that doesn't make it fun when you just pay a lot of money. You've got to find these things. It's the hunt that makes it fun, right?

Joey Giangola: All right. Well, fine. I won't to crush your dreams today, Adam.

Adam Connor: Thank you.

Joey Giangola: I won't crush your dreams today. But something I did want to know a little bit more in depth, and speaking of things that people tend to care about more than they maybe should, that we're seeing that kind of a lot, in terms of the agent space, where they care about coverage, probably a little bit more than what their clients actually want them to. But what's something that you're seeing, in terms of how they can sort of level that communication playing field?

Adam Connor: I don't know if it's a specific coverage portion of the policy that really is over dramatized or anything like that. But I think the biggest part is, is that folks are going in and telling prospects or telling their clients, "Hey, this is the most important part of what you need to be buying." Right? You need to have your property, you need to have [inaudible], but you need to be buying cyber nowadays. Right? Contracts are requiring cyber. Everybody's talking about it, everybody's seeing this, so they go in and say, "Buy cyber, buy cyber." And then they hand them an application.

]When you just hear that type of response, clients immediately are thinking big dollars. It's expensive, it's important. I could have a cyber breach. First thing you think of, big money, if it's that important. The reality is of it, it's not super expensive yet. Is it going up in price? Sure. Yeah. We're seeing some increases across the board, due to all sorts of reasons. But I'd say focusing on how important it is and not explaining the price parameters, is really key.

]One nice way to get around that is, going to rpscyber.com, is a great way to at least benchmark where your premium might be, because there's only a few questions on there, name, address, industry, revenue, which, all of that before your prospect meeting, potentially. You should have an estimate probably. And then after that, you can kind of hopefully draw some conclusions, at least to get the ball rolling is, do they back up their data once a week off site? Do you have an antivirus and firewall you update quarterly? Are you in the middle of a claim? Have you had a claim over 25 grand in the last five years? So you can be walking into prospects. You can be walking into renewal meetings with firm indications. Obviously, they still have to sign the app and they have to approve everything, but you can really get the ball rolling, when you're walking in with real numbers.

Joey Giangola: You brought up a good point. I thought what you said around price is like, it's not expensive yet. Right? In terms of like, we're seeing more occurrences, we're seeing more people kind of discovered the need. But it's still, I guess, somewhat early days, even though that sounds weird to say that, it's still kind of maybe early days. In terms of pricing, in terms of coverage, where do you think we're heading. Right? In terms of, what can people expect, in terms of these policies that they're still a little hesitant on. And again, like you said, it might be worthwhile getting in sooner than later.

Adam Connor: Five, six, seven years ago, folks... or before that even, folks were filling out, if they bought cyber, which, a lot of folks didn't, it really wasn't tailored to that SME business. Right? It was fortune 500 companies, fill out the 16 page app, and maybe you can get some coverage for cyber. It was really the biggest of the big. Right? And then, folks moved into that SME business. That's one reason that BCS has done so well. They created an application form that was low question set, and was designed for that SME, quick turnaround time, good product.

So starting there, that kind of helped change the way SME bought. Right? What happened is, is that a lot more folks were buying insurance, and so that means a lot more claims are coming in. We're seeing ransomware coming in. That's really been big over the last 18 months. So in... To give some stats out there, to get an example is, 2019, we had ransomware settlements, on average, about $28,000. Right? In 2020, that number grew to about $320,000. Okay?

So, the carriers weren't ready. I mean, nobody could have expected it, carriers weren't ready, and they've really started playing hardball too. The bad actors out there, right? Once they get into your network, they encrypt your network. They say, "Hey, pay us all this Bitcoin" or, "All this cryptocurrency, and then we'll give you a key to unlock your network." Well, maybe the extortion price is too high. You say, "You know what? I can rebuild my entire network off of what we already have for much less." Well, what we're also seeing them do then, is a blackmail you as well, saying, "Hey, listen, we're going to release all of your confidential information into the public sector, if you don't pay us our amounts that we requested."

So we're seeing a lot of different ways that ransomwares are getting paid, that that folks are getting in. Obviously, COVID didn't help. Everybody's working from home. You don't sit by your next door neighbor here, your neighbor at the office. And you get a weird email, it says, "Hey, COVID update for the office." You think, "Okay, well, Hey, maybe we're going back to the office." or, "Maybe, they're releasing, instead of 25% capacity, they're upping it to 50." You're going to click on that link, and that's where folks are getting dinged too, and letting these malicious codes into their network.

Joey Giangola: From that coverage standpoint, there's a lot of, obviously, you said there's a lot of stuff that's going on there. But from a coverage standpoint, to prevent against a lot of that stuff, what's something that agents need to make sure that they're always bringing up, in terms of conversations, in terms of where they need to be limits and things like that?

Adam Connor: I get these questions from folks pretty often of saying, "Hey, what kind of security levels do I need in my system, in my network to make sure that this cyber policy responds, if I do, when I do have a breach or an event?" And that's a tough question so... but pretty basic. Right? Because if you go to your policy form, they're looking and looking and digging through every word of the policy, and you're never going to see minimum requirements typically. Right? Unless there's some outlier endorsement or something, you're never going to say, "Hey, this needs to be happening. Then you have to do this, you have to do that." All these questions are going to be based in your application. So basically, what that says is, when you fill out your application, that's what you're going to be required to maintain, those limits of security.

So if your application says, "To get coverage, you need to have multi-factor authentication. You need to do a callback provision before you wire any type of funds. You need to have a certain level of security. You encrypt all your portable devices." These are questions, within the application, that's warranting yourself. You're promising that you're going to have these levels of security throughout the course of the whole policy term. And if you don't keep these up, you may not have a policy that responds.

So, what you really want to find when you're talking about cyber policies is, a good application as well, because it adds an intrinsic value to your policy, when you don't have to necessarily answer all those questions. That's great, if you have these items in place, right? You have MFA, you have a callback provision as your protocol. But if the MFA goes down, if somebody is lazy one day and doesn't call back before they wire transfer and that's realized, you're not going to have the coverage there, even though you anticipated having that coverage. So, less is more, when it comes to the application, if at all possible.

Joey Giangola: So that's interesting. So, going up against the application itself, do you think the agent is going in often selling against the idea of cyber? Is that the biggest challenge, or do you think they're sometimes selling against another cyber form or application that maybe the client has already had? What... I guess, I've never really thought about it, but what do you think is more typical? Are they going in with a client that doesn't have anything, or are they trying to sell against something that they already have?

Adam Connor: I think right now, there's two things going on in the marketplace. One, premiums are going up. Right? I think for almost every industry class and every product out there, I talk to folks and they go, "Oh, the property went up. The employment practices went up. The director's and officer's, the cyber..." So, one thing is, I think companies are taking a lot more meetings with other agents, with alternative agents beyond their own. Right?

Once you're in there, cyber can be a great wedge saying, "Hey, do you have a cyber policy? We can review it." Or, "Hey, do you have a cyber policy in place? Let's talk about it." And if they don't, obviously that's your wedge saying, "Well, it's an important option. It's an important product." And hopefully, you already ran your quote, right? So you can say, "Hey, based on your data, we can indicate for you right now. We can give you a firm indication of what the pricing would be, type of limits." And you can chat about it. So that's one, right? I think a lot of folks aren't buying yet, so you definitely have that opportunity to go in and talk about it.

And some folks are buying, but they buy it because they're told to. Right? "Hey, you really need this. Here's the price." And you go, "Okay, that price makes sense. I'll just go buy it." The good folks are out there educating their client. They're discussing with them, "Do you have a breach response plan in place? Do you have certain people that are going to be contacted within the organization, if there is believed to be content that was compromised or a breach event or wire transfer or any of these things? Do you have rules, protocols in place? Do you have a breach response plan? Do you know who to call, when to call them, those types of things in place now?" Because that's really going to be how you add value to your clients.

It's not just putting an insurance contract in front of them and say, "Now you're blessed with cyber." It's going to be, teaching them how to use that policy, because right now, I don't think a whole lot of people understand how cyber works. It's not like a property policy, right? Your house burns down, you get a check, you build a new house. Right? Cyber is definitely a little different, and this is why you need to help educate your clients. Because what it's going to do is, going to give you those specialized services.

Once a cyber breach happens, or something happens on your network, you're not out calling an attorney. You're not out calling an IT firm. You're not out getting somebody to do notifications for you or offer monitoring to all your clients. You're not doing all of that. That's the services of the policy that you're buying, right? So you report it and then they are going to chat with you. They're going to deploy potentially, a law firm to chat with you. Right? They're going to deploy, probably remotely, an IT team to get the network secure [inaudible] to...

First of all, get it secure. And then to do forensics, to figure out how it got... how it happened, where it happened. And then also, to figure out if information was compromised. And then if there was, we can do notifications, they can do credit monitoring. Can do all those things throughout the country that you need, and you don't have to be a specialist in all those items. Right?

Often, companies are using third-party IT firms. Sometimes the third party IT firms are the ones that made the mistake, right? So you want to use that third party IT firm from the carrier to say, "Hey, we are a complete third party and we're just going to see what happened and give you the results. Right? They have no skin in the game of how it happened.

Joey Giangola: So you had mentioned the idea of buying cyber, because they're told to, right? Just to sort of following orders. So now, you're an agent and you've kind of picked up on that, right? You got somebody that says, "They told us to buy this. We really don't know." What are some of the things that they are able to sort of identify as vulnerabilities to sort of sell against, in terms of saying, "Hey, listen, I understand, you're just basically checking the box on this one. But these are some things that are going to potentially be a problem for you. And here's what we need to kind of figure out-

Adam Connor: Yeah.

Joey Giangola: Alternatives for."?

Adam Connor: These forms are pretty broad nowadays, right? But they are customized to an industry. Right? So you get all these services and all of these insuring agreements and you go, "Oh man, I have a lot of coverage. I hope it covers me for what I need." But different industries are going to be focused on different parts of the policy. Right? So you have a manufacturer, say. A manufacturer is going to be really interested in, if you have a breach, and you have a downtime, and you have business interruption costs, business income costs that they're going to lose, potentially, your machines can't run three shifts a day anymore. So that's hours down, that's machine hours down and... that you're not going to be able to recoup. So, that's business income that you don't get, and that's how the policy responds.

A consultant though, they may not be as worried about machine hours down or all that time down, because after three days, they're kind of back up and running. They can work on the weekends, they can catch up, they can work in the evenings. Or, they didn't need the internet, necessarily, their network, to be continuing to work those days. So, part of it also is, focusing on what they need. They might be really worried about reputational harm, because that's what they build their reputation on, their company on, is, "We're the best consultants. We have all... We secure your information, we do all this."

Same with lawyers, right? "Hey, we keep your data confident and secure." They're to be focused on different parts of the policy. So, focusing the policy on the industry, is what you want to chat mostly with your clients about. It's not, everything's important equally. It's what pertains to that industry.

Joey Giangola: Yeah. Of everything that we've talked about, is there one thing that sort of stands out to you that's really going to make a difference for that agent to have success going in on a cyber policy with an account?

Adam Connor: I think one item is, we've talked about it numerous times, but that being able to walk in with at least an estimate of price is going to be very helpful. When we first launched that BCS program... And now we have lots of fintechs out there, right? Where you can go and get a quote. And we do... we use a bunch of them, right? We do quotes within minutes with a lot of carriers, as long as they fit it within their appetite profile. But being able to do that, I think, really helps much different than it used to be.

I guess the other part is, focusing on kind of what the world is right now, where we're seeing claims. These things are happening all the time, getting an understanding of where the market is today and explain that, that these bad actors are out there. And they're motivated to respond with Bitcoin and get their money. It's a big business.

Joey Giangola: All right, Adam, I got three more questions for you. The first one, pretty simply, what's one thing that you hope you never forget?

Adam Connor: Hope I don't forget... I'd say, I guess, my first account, that that first win. Right? And the feeling that went along with it. You're a young guy, you go out there, you're trying so hard to get business in the door. And you get your first account, right? And you're jazzed up about it, you're excited, you remember that feeling. And I don't want to forget that feeling, because sometimes you just get lost in the minutia of the day-to-day activities and you go, "Oh man, I got to work on this. I've got to work on that one." They're all equal, man. It's exciting to win. It's exciting to help other folks educate and sell and do all this. So, keeping that in the back of your head, I never want to forget that.

Joey Giangola: All right. Now on the other side of that, what is one thing that you still have yet to learn?

Adam Connor: Yeah. In this world of cyber, there is so much to learn still. Right? Every day it's changing. Every market appetite is changing every day. There is not a lack of education going on constantly in this industry right now. Two years ago, we weren't even talking about MFA, multi-factor authentication. It was new and learning how that... what that means. So, I think there's a lot of education ahead of me.

Joey Giangola: All right, Adam, last question to you, sir. If I were to hand you a magic wand of sorts, to reshape change, alter, or speed up, really any part of insurance that you saw fit, what is that thing, where is going, and what's it doing?

Adam Connor: Well, I'd say a few years ago, five, six, seven... I mean, I guess I've been at RPS about eight years. Wow. And this new website, right? rpscyber.com really started that trend. Right? We actually were able to wave a wand five, six, seven years ago, and get this thing up and running. Now that everybody understands fintech, now that we've been a disruptor in the marketplace, I guess the next thing is to do is, just be able to get quotes, not have massive increases. Have underwriters respond quickly and get all these industries the level of capacity they need, because it's a growing industry. Everybody's looking for higher limits because they're realizing the exposure. Right?

It's I kind of... I always compare it to when you want to buy a car. Right? "Hey, I want to buy a black Toyota." Right? And then you go out and you drive to the mall or you drive to the grocery store, and you see five black Toyota's drive by. And you're like, "Oh man, this..." You start to notice these things. I feel like that's the same with cyber. Once you buy a million limit, you realize that you want to buy it, you buy it, and then all of a sudden, you see cyber attacks every day in the news, you hear about it. And you read about these articles, and all of a sudden you go, "Oh man, I wanted one. I should be looking at three or five." So, I think that's what I would hope, is that people realize the capacity they need. And then, and then our ability to get it.

Joey Giangola: Adam, I'm going to leave it right there, sir. This has been fantastic.

Adam Connor: Hey, thank you, Joey. It's been good. Thank you.