if they don’t hire someone with the
right expertise they are potentially
leaving themselves really vulnerable.”
Jackie Quintal, a financial
institutions practice leader at Aon, said
she too is seeing a trend toward putting
human resources, risk management
and other disciplines together to create
cultural change around cyber security
— not only in financial services but
also across industry sectors.
“It is really the combination of
upfront training and trying to mitigate
the human error component of things,
with thoughtful strategies around
identification and response, because
there has almost become an expectation,
from a cyber perspective that things
are going to happen,” she said.
James Burns, the cyber product leader
for London-based managing general
agency CFC Underwriting, said some
of the most frequent losses his team
sees are triggered by cyber phishing.
“Companies spend a lot of money
on cyber defenses, which is important
but might not count for much when an
employee sees an email and clicks on it,”
He said he does see much more
collaboration between HR and risk
management these days.
“Again, banks are not alone here,”
Burns said. “We frequently see
situations where the risk management
folks are not talking to the IT
department, because for so many years,
they didn’t have to,” he said.
“There has been some progress
made, but there is much more that
needs to be done, certainly in the
accounts that we have seen,” Burns said.
THE NEED FOR CULTURAL SHIFT
Burns’ colleague Neil Beaton, head
of a new financial institutions practice
at CFC Underwriting, said he believes
cultural issues in banking make
employees susceptible to phishing.
“One of the things for financial
services in particular is that they are
hierarchical organizations, and if
somebody says to do something, there is
a tendency to just follow orders,” he said.
“In those situations, if somebody
sees a note from their superior they
tend to act on it. What you need is for
someone to turn around and say, ‘Am I
really supposed to be doing this?’”
Michael O’Connell, financial
institutions practice leader, WTW,
and former underwriter with AIG,
said in his meetings with underwriters,
evidence that internal discussions are
underway at some companies to break
down silos between HR, information
security and risk management is well-
received by insurers.
“When you start to have those
execs in the room, that leads to
broader and wider acceptance from
the underwriting community to
support the risk, whether it be from
an underwriting standpoint or a risk
mitigation standpoint,” he said.
Aspen’s Ladeau added some
organizations are differentiating
themselves from their competitors in
the degree to which they are training
and collaborating internally to make
employees a stronger piece of cyber
resiliency and security.
“Cyber security is becoming an
area for competitive differentiation,”
said Ladeau. “The cyber risk working
groups that were traditionally defensive
are now bringing in the production
folks and driving corporate adherence.”
“I think there are some financial
institutions that have embraced that,” he
continued. “When you sit in on these
underwriting calls there is a marked
difference in philosophies, so it’s not a
one-size-fits-all answer,” he said.
Ladeau said at least one regional
bank as well as a major card brand are
now referencing their embrace of cyber
security in their marketing, attempting
to associate it with their brand.
“Whoever can figure that out first
is going to be well-positioned because
the issue isn’t going away.” &
DAN REYNOLDS is editor-in-chief of
Risk & Insurance. He can be reached at
“Companies spend all of this
money on cyber defenses,
which doesn’t really matter
much when an employee sees
an email and clicks on it.”
— James Burns, cyber product leader, CFC
Large properties have large risks.
We have solutions with a human touch.
© 2018 The Travelers Indemnity Company. All rights reserved. Travelers and the Travelers Umbrella logo are registered trademarks of The Travelers Indemnity Company in the U.S. and other
countries. CP-8337 Rev. 6-18
Having an insurer as dedicated to your success as you are can help keep your business moving forward. With Travelers National Property, you’ll
work with an experienced team who understands the risks you face and can provide coverage and risk control strategies to help keep you protected.
Travelers has years of experience with large property, and as the largest writer of commercial property insurance in the United States,* you can trust
us to stand by you through the ups and downs.
*SNL 2016 U.S. Statutory DWP: CMP, Commercial Auto, Commercial Property, General Liability, Management & Professional Liability, Workers’ Compensation based on TRV definitions