Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Austin Karpinski - Sr. Underwriter @ Markel
183 Plays10 months ago
Austin Karpinski - Sr. Underwriter @ Markel
Recommended
Transcript
Podcast Introduction
00:00:03
Speaker
Your federal seemed to invent your conversations at the intersection of cyber security, risk management and cyber insurance.
00:00:19
Speaker
Welcome to the EnsureSec Podcast.
Meet Austin Karpinski
00:00:22
Speaker
I'm doing a solo episode here today. This is Abe Gibson, your host. We've got a great show for you today. We've got Austin Karpinski. He's an underwriter at Markel, and we're super excited to have him on the show. I believe it's our first underwriter, which is kind of hard to believe that we're this far end and we haven't spoken to an underwriter yet.
00:00:43
Speaker
So I'm really glad to check that off the list.
Career Journey in Cybersecurity
00:00:48
Speaker
Yeah, welcome to the show. I usually like to start with just getting your background. What's your story? How did you end up here? I'm sure there's something unique there. Yeah, yeah, no, absolutely. Thanks, Gabe.
00:01:01
Speaker
Yeah, I kind of have a different story than a lot. I was actually kind of looking to go into the insurance industry out of college, which is interesting. I went to Illinois State and was a finance major dead set. I was like, I want to go be a financial analyst and dig into the numbers, do all that stuff.
00:01:21
Speaker
uh quickly realized I really like kind of the sales side the technical side with the sales side um and just didn't think that aligned um we had an insurance school luckily at at ISU um so I joined that
00:01:36
Speaker
got through that, got through the classes, rolling into senior year. I'm not really sure what I wanted to do. I did an internship in claims. I was like, I don't want to do claims. I think I want to do underwriting. What's some interesting underwriting? Luckily, Jim Jones with the Katy School came into one of our classes and was like, hey, we have this thing called cyber, and we're going to dig in. You're going to call brokers.
00:02:00
Speaker
and just learn about it like it'll be a semester you work on a couple hours a week see what you think um and kind of just go from there and uh went into that like weekend i was like this is what i want to do i started applying for jobs um and it was just like this is it's what i want to do
00:02:19
Speaker
I ended up going to Chubb out of school in their cap program for cyber. It was awesome program, like 300 people, not just in cyber, but across their cap program in the US. Got to meet a bunch of people, learn from industry leaders in cyber. But really my passion at the end of the day was more to kind of grow something. Chubb was amazing company. But I really wanted to kind of start something kind of more from scratch and kind of build it. I knew the cyber market was growing.
00:02:49
Speaker
It was becoming hard at that time, and I really kind of wanted to craft my own path. I knew that it was an amazing company to learn from, but ultimately I kind of wanted to go do something else. So went to a quick stint at Chrome and Forrester. I saw you had Bylight on the show. Great there. That was awesome. And then kind of came on
Challenges in Cyber Insurance
00:03:08
Speaker
to Markel that kind of grew out there.
00:03:09
Speaker
retail platform and now I'm kind of working on above two billion dollar accounts more like national account focused in the cyberspace currently and it's it's it's energizing it's fun I love what I do and it has that sales and technical side that I think I was really looking for so happy in my place and just happy to be on the show appreciate the invite
00:03:32
Speaker
Absolutely. That's awesome. You're on a very short list of people that I've spoken with that have told me that they had a plan to end up in insurance, which is awesome. Because it seems like most people just kind of fall into it. So take us through, what's the timeline there? When were you at Chubb? And then when did you make those moves to where you're at now?
00:04:00
Speaker
Yeah. So I was at Chubb roughly two years, um, learned a lot like year one out, uh, soft market transitioning. It was, it was summer of 2019 soft market, somewhat transitioning into a harder market. You can see the writing on the wall. Um, really just clicked in the hard market hit. Um, we were pushing rate. We were one of the first, I remember, um, a call.
00:04:26
Speaker
early 2020 when we were like, hey, we're pushing 20% rate. And I remember calling the broker and they're like, that's ridiculous. Now, I think it's gonna be worse in six months, wait and see. And luckily I was, luckily or unluckily, I was right.
00:04:43
Speaker
But it was an interesting space to be in. And it became really hard. And obviously, there was a lot of opportunities out there. And I was like, hey, I'm just going to take an opportunity. Nick Eckemitis called me from CNF and was like, hey, let's sit down. Let's talk about some things. And then I ended up working there for a little bit. I loved it. The team was awesome. The environment was awesome. And then was there for about a year, but really was looking for somewhere I wanted to like
00:05:13
Speaker
find myself in a career, really wanted to kind of grow something from scratch. They had a lot in place already. And I was like, I have that kind of entrepreneur spirit and was like, hey, I want to come in and kind of build something from not a lot. And Markell had a large retail platform, but not a lot from the from a large wholesale platform, but not a lot from the retail side. They did unlike the risk managed large accounts, but in the middle market space, they didn't have much.
00:05:36
Speaker
Um, so I sat down with them and they're like, can you go into, you know, a on marsh Willis? Um, we don't have any thing with them, but it's a hard market and let's go build this thing out. Um, my first year I went in, did pretty well. And, and, and it was just really fun, like coming in there, not really having anything, but the job was kind of just.
00:05:55
Speaker
grow, grow from nothing, which was really exciting to me. Um, and I feel like I learned a lot because obviously you kind of have to go in and be like, yeah, we don't have much with you, but let's really roll this out. And they're like, well, why, why do you want to grow with us? You kind of have to explain everything. Um, but that was really what I was looking for. And I, and I've loved it. I've been at Markell.
00:06:15
Speaker
about a year and nine months now and just transition into this more national accounts role about six months ago and really just trying to grow that out. Dallas is a huge growing area. Chicago is a big growing area for us. Houston is growing a lot. Denver is growing a lot. Obviously Chicago is huge, but a lot of these markets outside of New York and Chicago are gaining a lot of traction in that space and it's pretty exciting to see.
Market Volatility Discussion
00:06:44
Speaker
Yeah, so you started in 2019. I don't know how long you were in 2019, but obviously the entire world changed early 2020. So you really don't... And I'm in the same boat. We really don't know what a normal market looks like. It's just been wild.
00:07:06
Speaker
Yeah, yeah. And I have like some talking points here. And that's kind of what I what I had on some of it is like, this market has been probably the most volatile insurance market that I've seen. And it's just crazy, because we really haven't seen what like a typical market cycle really looks like. And I don't know if that's amazing, or if that's a little scary, but
00:07:32
Speaker
It's interesting to kind of come in around that time and kind of see all the volatility and how the market really adapted in the last few years. Yeah. Are you writing on admitted or surplus paper or a mixture?
00:07:50
Speaker
Yeah, so we can do a mixture. It really depends on kind of what the tower structure is. A lot of towers will be, you know, Beasley based out of London or some will be direct. So it really just depends. We have the ability to kind of ride on both, which I think is useful, kind of a plug and play scenario on what we're doing.
00:08:07
Speaker
But we're really trying to focus on kind of dropping down and becoming in more meaningful positions. I think you've probably seen this in what you do day to day, but really in the softer market.
00:08:22
Speaker
it becomes down to you, you kind of don't have as much leeway as you did in the hard market to kind of get. And these class actions that we're seeing on these massive accounts, kind of blow the entire tower. So it's kind of inclusive of where you are, you're probably going to pay at the end of the day. So that makes it a little difficult. But you also have to play the relationships and things like that, because you can't just be like, Oh, I'm X of 100. And now I want to be first access. That's
00:08:47
Speaker
Not really, unfortunately, how it works. So you have to have a kind of strategy around that. But yeah, that's kind of the general. We can kind of write on both and kind of just run with that how we want to. Yeah. So this is kind of a loaded question, but just speaking of volatility, do you feel like
00:09:09
Speaker
there's a place for admitted cyber in the future. Is it possible to profitably write admitted cyber just with how quickly things change? Will we see that in 10 years?
Industry Challenges and Adaptation
00:09:22
Speaker
Yeah, see, that's a good question. I think you can go a bunch of different ways. Another talking point, I was like, where is Cyber in 2030? I don't think any of us really know exactly where it will be. Ideally, I think it could be an admitted product. But I do think that that wholesale side and the not admitted side is huge just because of what you said. It changes so fast. We still have a lot of risks like MSPs and things like that that we really haven't grasped fully.
00:09:53
Speaker
which I would think would be awesome in the industry eventually is that we can have crafted solutions for these kind of nuanced risks that a lot of the times we're kind of like, they're too hard. We don't really understand. So a lot of companies just say we're not going to do it.
00:10:07
Speaker
And it kind of creates an unfortunate situation for MSPs or small K through 12 schools and things like that, because they don't really have the funding or even public entities, right? They don't have the funding. And then it's kind of like they already don't have the funding. They might not have the controls. And now we're also not really giving them the best solution. So it just creates a difficult spot. But I do think some of the larger companies
00:10:33
Speaker
the Fortune 500 companies that have really everything in place that they can and really have an innovative kind of solution around cyber. I think those can have those admitted type of towers for the most part. Sometimes they'll have non-admitted sprinkled in there. But I'm with you. I don't really know if we'll have admitted or non-admitted kind of going forward. I think it'll still be split. I don't really have a good answer for you there.
00:11:00
Speaker
Well, I mean, it's a hard ass to predict the future. What are your thoughts on it, I guess, too? I think what you alluded to on these larger accounts, it makes sense.
00:11:20
Speaker
primary admitted in the small and middle market, I just don't know if it's as flexible or fast as the way things develop. Because we see this, right?
00:11:38
Speaker
This is my assessment of what's going on. We saw people after this hard market ended in 2022. There's a massive market grab. It's a race to the bottom. Admitted markets had to try to catch up. Now they've caught up.
00:11:58
Speaker
Now the surplus players are saying, hey, claims are up. We're going to pull back a little bit. And then the admitted products are stuck. So I just don't know. You just don't see that kind of stuff happen in really most other lines that you would see in cyber. That's my concern. But I'm not the authority on that subject. That's just kind of what in my head makes sense. But that's also, I mean, above $2 billion,
00:12:28
Speaker
in revenue, most of the accounts that you're working with, what's the split on public versus private?
00:12:35
Speaker
Yeah, that's that's a good question. I actually get a good insight into that because I sit next to our public underwriter and our private underwriter. So we do it based on revenue where DNO kind of does it public versus private. I would say majority of mine is public, but there are some sprinkled in pretty large companies that are that are still private. So kind of a large split. But
00:12:59
Speaker
just looking at it i've done kind of both for the majority of my career but mostly in that middle market and it's just crazy bumping up into that two billion really how many how much capabilities they have from from a cyber security standpoint right like they're using so many new tools so many innovations and then you get back down.
00:13:19
Speaker
and talk to my middle market folks on our team, and you're like, let's hope they have EDR, right? It's like the haves and have nots of the cyber world, unfortunately. But it's a cool space to be, and I feel like you get the cutting edge of technology. You get to see all these new things that are coming on with AI and automation and machine learning in regards to the MDRs, the XDRs, really what's going on in the market and how they can
00:13:47
Speaker
understand these vulnerabilities in real time, segment things out, have 24 socks on top of it, and really monitor this stuff in real time that we had in 2019, but I don't think was utilized as appropriately because we really just didn't
00:14:06
Speaker
It wasn't as focused, right? The claims weren't coming in, so it was in place, but they really didn't bump up that cybersecurity spend and really focus on, let's be as secure as we can, I really think, until the cyber insurance industry really kind of pushed them in that direction more so.
Impact of SEC on Cyber Risk
00:14:22
Speaker
And it's claimed in class actions kind of came to place. Yeah. And I mean, I could be wrong, but I would imagine
00:14:29
Speaker
the kind of developments of the SEC, is there some buzz with the accounts that you're working with? Is that something that people are talking about or is it just kind of our industry that took notice? No, yeah. That's a big thing that's been talked about. I know there was a recent hack where the hackers actually reached out to the SEC and said, hey, we hacked them.
00:14:50
Speaker
And we also are going to tell you that they're not meeting this requirement also. So I think it's a huge issue. It's good for the industry overall, I think, but it definitely is an issue for kind of all accounts, regardless of size.
00:15:07
Speaker
It'll be interesting to see where that goes, where AI regulation goes, and kind of all the different regulatory type of bodies around cyber. Because I think that's kind of where we struggle in terms of a lot of it is these new regulations come out and we don't really have a grasp of an underwriting side of
00:15:25
Speaker
what the ramifications of those really will be until they happen. And it creates it creates a tough market again, kind of going back to what you said about admitted versus non admitted and that surplus lines kind of space. I think that type of stuff makes a huge wrinkle and makes it really hard to understand kind of where our rates are going, kind of going forward.
00:15:49
Speaker
Well, yeah, I mean, it brings up a good point.
Complexities of Cyber Underwriting
00:15:51
Speaker
Like, I have a ton of respect for cyber underwriters compared to any other type of underwriter out there, just because, you know, we're a cop. It's just all like the same thing over and over again. You get this Accord app. Everything that you do is pretty cut and dry to a certain extent.
00:16:13
Speaker
But you, I'm curious, what's the approach to stay on top of everything? I just don't...
00:16:20
Speaker
It's like you have to constantly be learning to just stay up to date. It's not like you, like other lines where it's like you start to gain traction, it's almost like you have to continue to keep learning just to keep up. Like you're able to approach from a personal level and then also from the carrier level, like what are carriers doing to make sure their underwriters are up to speed on everything?
00:16:44
Speaker
Yeah, that's a really, really good point, Abe. Really like what I do personally is LinkedIn. I think that's a huge spot. There's a bunch of good different types of information out there, different people to follow. And I feel like every morning I kind of log on to LinkedIn and kind of scroll through like, hey, is there the hacker news? Is there new hacks coming out? What's regulation looking like?
00:17:08
Speaker
what are carriers doing, things of that nature. And then also kind of collaborating with other people in the space, like I still have friends at CHUB and CNF and really seem like, what are they seeing? What are they talking about? Because I think like as an industry, you kind of have to collaborate to understand what's going on. And I think this podcast does a great job to kind of get, kind of break down those barriers and listen to people and what they're seeing from all different various lines in different areas in cyber. But
00:17:38
Speaker
Yeah, just kind of digging into that. And then from a carrier side perspective, really kind of understanding we have calls, update calls monthly. And then we have kind of some touch base calls weekly and dig into everything like Metapixels. Like are we seeing Metapixel claims? Where are they at?
00:17:57
Speaker
What does it look like? Are they longer tail claims? Do we really know anything? And it makes it hard, right? Like what you said, I've underwritten accounts that I'll see a Metapixel claim come through. And I'm like, well, when I underwrote this, I didn't even know what Metapixel was nor to look at it. I think it makes it a really, really difficult line of coverage to understand just because it is so fast paced.
00:18:23
Speaker
But I guess along with an answer to kind of your question is really just staying up every day and making sure you know kind of what's going on in the market in terms of what other carriers are doing, in terms of kind of what the new things are, what the new controls we need to look at are, and really just kind of digging into that and being kind of a self-learner at the end of the day, right?
00:18:46
Speaker
No one's at the end of the day is going to be like, hey, you've got to log on to LinkedIn for an hour every day and learn about this and want to go do it. And I think that's what kind of makes it interesting, right?
00:18:57
Speaker
No one is really like knows everything in cyber. And I think that's what makes it really cool. You can look at DNO and there's these 30 year industry veterans that can tell you everything that's happened in every market cycle. And cyber has some of those folks that have been here 20 years, but for 15 of those years, it was pretty much just a soft market with not a ton of claims. There was some volatility, but nothing like we've seen in the last few years and probably the next five or so years coming up with all the AI.
00:19:26
Speaker
Yeah, we had Craig Linton from Beasley on a couple weeks ago and he said that like cyber, years in cyber are like dog years. There's like a multiplier. Like if you're in cyber for like four years, that's like an entire career in another line.
00:19:46
Speaker
Yeah, honestly, especially those like those, like 2020 2021. I mean, everything was getting marketed. I think I was like, I knew every account, because I worked wholesale in retail, it's like you would see the same accounts over and over. And I mean, you were just getting
00:20:03
Speaker
I probably saw 2-3,000 accounts during that time. Were you able to look at all of them? No, not really. But you did invest and obviously everyone was kind of, you can't just, if you go from marketing 30% of your accounts to 100 in one year, you're not really going to triple staff and hope they do it that way.
00:20:25
Speaker
I feel like the market did kind of what they could do. RT was huge during that time, right? We work a lot with Reiner's team, but RT had a huge impact on really stepping up and coming into place and taking a lot of that work off the large carriers to kind of make sure the market was still kind of working well and there wasn't any large disruptions.
00:20:48
Speaker
Um, but there was definitely accounts that, you know, you bound it five minutes, uh, 11 55 at night and it was going to renew. And you got down on your computer at 11 55. Like, let's get this thing done. Um, unfortunately, we're not there anymore. But, uh, yeah, it is like dog years. I feel like you really just, uh,
00:21:10
Speaker
kind of get thrown into the fire and you have to figure it out. And I think that's fun for me, but not everyone loves that environment.
Evaluating Cybersecurity Measures
00:21:20
Speaker
So I can see it. Yeah, it'll weed out. Yeah, it'll weed out a lot of people.
00:21:27
Speaker
Just kind of speaking about marketing, there's a lot of brokers that listen to this podcast probably because I'm a broker and your peers tend to listen to what you have to say. I'm kind of curious from your perspective, what gets you excited and what makes a good submission?
00:21:53
Speaker
So I take a little different approach, especially in the larger companies. What really gets me excited is not necessarily the controls they have in place, but how confident the CSO is on the call, which is a different approach than a lot of people see. But to me, really, a lot of them have a lot of the same core controls. So to me, I sit on the call and listen to them. Are they confident when they talk about their IRR plan?
00:22:21
Speaker
do they like they have these people in place but some some people will kind of sit there and talk about it and all the CSOs are phenomenal by the way i'm not putting down any CSO but really like what makes me excited is when i get a CSO on there and you can see the energy and they're passionate about it and they know that they're really doing everything to make sure their organization runs safely um
00:22:41
Speaker
That gives me a lot of confidence because I know that, like you said, the market changes so fast so they might have the controls in place today, but they need to be updating these and getting new controls and looking at new cyber innovations almost consistently in that space to say ahead of the game.
00:22:57
Speaker
And so really just making sure that the companies are not only where they want to be today, but also in the future. I think that really excites me seeing these cutting edge companies that really kind of take the next step that they don't have to take to make sure that they're above and beyond. Because in the large space, they kind of all have
00:23:20
Speaker
a lot of the controls in place. In the middle market space, I think it's a little bit different. I was really excited about. I love managed detection response. I feel like EDR came out right. We need EDR. We need EDR. But the problem is we have a cybersecurity shortage. We get these EDRs in place, but a lot of times they don't have the staff
00:23:40
Speaker
or the expertise in these smaller companies to kind of come in and make sure everything's configured correctly, make sure they have the right people on there, possibly have a 24-7 sock on top of it monitoring a lot of that kind of stuff. So really that managed detection I think is huge. There's a lot of like different type of machine learning and things they can do that I think adds a lot of
00:24:03
Speaker
a lot of credibility to not only understanding the endpoints, but really mitigating the risk as a whole when we see these new vulnerabilities come out in real time.
00:24:13
Speaker
Yeah, no, that's a fantastic point. I'm imagining the apps will probably start to get more specific on this in the future, particularly about EDR because I mean, I can think of probably four or five completely free open source EDRs that you could launch with any organization and have absolutely no quality to your implementation, but you technically could answer yes on that app.
00:24:41
Speaker
But it's effectively, it makes no difference. So I think that the MDR pieces, that managed pieces is incredibly important. I mean, I love the approach, the kind of judging the confidence of the CISO.
00:25:00
Speaker
I mean, that's a huge thing. It's really hard for underwriters to verify information, but that's almost like a form of verification where you can just get a sense by people's confidence and what might be a stretch of the truth on the application versus what do they really have buttoned up. I'm taking particularly with their IR plan.
00:25:26
Speaker
It's not very hard to find a template online, but when rubber meets the road, what does that look like for an organization? Because that's incredibly important. Yeah, and you definitely see a pretty wide spectrum of how organizations work in cyber, which I think is super interesting. So every call, you have to
00:25:50
Speaker
look at it and be like, okay, how is this really working? How many teams are there? And now there's so many of those, you know, external, they'll be like, oh, we have a sock, but we also have, you know, a man in sock externally. I'm like, okay, so you have both using, utilizing both. Okay, that makes sense. All right. Like, let's dig into something else.
00:26:08
Speaker
But you just kind of have to really dig in. And I think that gives you a good view of just understanding where the CCS are going. Another big piece that I kind of didn't mention is the access controls. We're seeing a larger implementation on that, the domain admin service accounts, really digging into those, making sure you have rotated passwords, a PAM solution in place.
00:26:30
Speaker
Because at the end of the day, you can have all the segmentation you want. You can have all the controls you want. But if they get the keys to the kingdom and you have 100 domain admin service accounts and they can get into one of those, they can wreak havoc. And we've seen that in a lot of different cases.
00:26:46
Speaker
inclusive of all the segmentation and controls and what have you, that's in place, which is pretty crazy. So really digging into that and making sure they have a good game plan on how to do that, what their recommendations are, use of least privilege, things of that nature, to really kind of limit the lateral movement that we see, that wrecks havoc and obviously creates these large scale incidents.
00:27:10
Speaker
Yeah, that's one thing about these really, really large companies that I mean, to me, anything like with a B in the revenues is a really large company.
00:27:25
Speaker
It's kind of freaky how, like I would imagine, you know, MGM, um, like I'd imagine they probably had, like if they fill out a cyber app, it'd probably be a really good cyber app, but something as simple as, uh, you know, social engineering can, can lead to full limit losses like all the way up the tower. And I think they have like 200 million or something.
00:27:47
Speaker
It's just crazy like even how even with like incredibly buttoned up programs if you're just if you're just If there's just something off with with one piece of it it can it can I mean and there were like some small mga's in the towers like Could they can you even afford like a full-limit loss like that or are you gonna take out a whole company? It's wild. It's in that enterprise space
00:28:14
Speaker
Does that stress you out? Like you said, these towers are so big, and there's 30 different carriers on it. And a lot of times, especially from us, at Markel, we have Mint, who is our London-based team. We have Bermuda, and we have US. And a lot of times, we could have multiple layers on the same tower. So you kind of have to look at it.
00:28:34
Speaker
from a more global approach and understand kind of the risk management there. But it's just crazy that, yeah, one little tiny thing can make these massive tower blows that kind of put waves through the industry and make people kind of rethink their idea. Yeah, yeah. Speaking of that, there's a lot of talk in the space about
00:29:01
Speaker
And this is a loaded question.
Systemic Risk in Cyber Insurance
00:29:02
Speaker
Um, but there's a lot of talk in the space about whether or not due to the systemic risk that whatever that means, right? Cause there's, I can't find it like a unified definition of what systemic risk means. Are we talking about industries? Are we talking about like, uh, dependencies with certain systems, but due to the systemic nature of cyber risk is cyber risk insurable.
00:29:33
Speaker
Yeah, yeah, that is a loaded question. I mean, I think we've done a good job. I think the industry, when I think about what cyber risk is and how fast it moves, I'm honestly astounded by our industry every day on how we're able to navigate it. And honestly, navigate it relatively profitably. There has been, obviously, rise and dips in the volatility and all that.
00:30:01
Speaker
In retrospect, it's grown from a $3 billion industry when I started to a $12 billion global industry. And we've navigated it pretty well, I think, as an industry. There's been carriers that have gotten in and out, carriers that are growing. But I feel like we've kind of got a good grasp. Kind of going into the modeling part, I think
00:30:21
Speaker
still is in its infancy. A lot of the big companies are running these models. And I think they're really good. But the confidence we have in them, I don't know if we have full 100% confidence yet. Just given how much volatility is in the market, I think we get a ton of good data insights on what classes are of concern, where new things are coming.
00:30:43
Speaker
But really, kind of digging into the question, I think we've done a really good job. But another note I have is kind of being more proactive in the industry as opposed to, I feel like a lot of right now we're very reactive. I know that's almost impossible to be proactive in this industry. But I feel like with all this AI and automation, we can kind of start to look ahead and
00:31:06
Speaker
with somewhat confidence, build in some of this additional risk that we might not be pricing for today. I think that's more of like an industry issue as opposed to a carrier by carrier issue. But I think we kind of know that there's going to be some more issues. We can see the writing on the wall of the claims coming in and just kind of pricing things
00:31:30
Speaker
in alignment with that to make sure we are an insurable risk in the future. I saw you came out with something yesterday with your AI voice to talk about it. I thought that was pretty cool, but I think it is, right? There's so many different things we can look at. There's so many different controls we can look at.
00:31:50
Speaker
the systemic nature of things. I feel like we've seen these systemic things wanna cry. We've seen all these large scale incidents. And as an industry, I feel like we've navigated them pretty well. And our data collection and sharing of like, hey, log4j, this is out there. Let's get this fixed right now. And really putting that onus on the companies to really in real time, make sure they do these kinds of things. I think we'll make it an insurable risk in the future as well.
Is Cyber Risk Insurable?
00:32:18
Speaker
Yeah, I mean, unlike any other line, we have technology, whether that's right now or in the future, to be able to predict things before they happen and as they happen, and then be able to alert policy holders to proactively respond. We had a call with a
00:32:42
Speaker
a guy named Jeremy who's in threat intelligence and he can predict the future. He was telling us about manufacturing is probably going to get hit pretty hard because there's a lot of indications that there's some zero day vulnerability and a solution that's used widely across control systems and they have botnets that are collecting this data.
00:33:09
Speaker
He's saying like Warren manufacturing clients to be on on guard like we can't really we can't really do that with
00:33:19
Speaker
Like we can do that with like, if I think of it like a natural disaster, like there's some natural disasters that we can like track and maybe predict, but we could only like say, Hey, there's a hurricane coming. Like do like these things to mitigate the damages, but you can't like stop the hurricane from, from hitting your house. Like if it's going to, if the hurricanes come in, like you can't pick up your house and move it.
00:33:41
Speaker
but we can with cyber, we can, we could potentially do something like that. Um, so my, my opinion is it is an insurable risk. And I think as we see, I think a part of the problem with people saying, you know, it's not profitable, it's not profitable is because
00:33:58
Speaker
we were like the last 10 years has been an age of cheap money and there's been a lot of VC funding so you can kind of eat underwriting losses with with the massive amounts of money that you raise and it keeps costs down but I think when things are priced accordingly and there's less of an influence on uh from from you know venture funds I think that we'll really see that you know just straight up
00:34:25
Speaker
Underwriting cyber risk, we can do it with combined ratios below 100. Yeah, no, I totally think that that's viable. I know the middle market space has been a little tougher. I think the controls still are all over
Future of Cyber Insurance Market
00:34:42
Speaker
the board. That larger space, I think we have a little bit more of a grasp on because we can understand it. But as I say that, these class actions are massive and they're blowing entire towers. So you have to see where that comes as well.
00:34:54
Speaker
But yeah, no, I think we have a good grasp on it and the VC funding and all that stuff is slowing down. So it'll be interesting to see if there's any consolidation in the market. I mean, we kind of already saw that with travelers and Corvus, but if there's any consolidation in the market, if
00:35:10
Speaker
some of these insured tax and some of the VC funded type firms start to cut back and be a little bit more conservative on where they're putting out on pricing and kind of all of those things will be really interesting coming into 2024. I think next year will be an interesting year to see really where the rates go. We're kind of creeping our way back up to flat rates.
00:35:37
Speaker
But to see if we get any rate, to see where that rate environment goes and where the loss ratios come out from this year, I think will be extremely interesting and beneficial for everyone to see where the market is today, where we want to go, and have a game plan to attack that. Yeah, I feel like most people that I talk to feel like cyber is just this wild roller coaster. I mean, for good reason. And they think that
00:36:06
Speaker
we're either going to be in an incredibly soft market or an incredibly hard market, and there's no in between. Do you have a feeling of, it seems like we've been in a soft market for a decent amount of time now. Do you have any prediction, and not to hold you to it, obviously, but just any prediction on when rates will firm up, if ever?
00:36:30
Speaker
Yeah, I think it's I think it'll depend kind of on like where you are what accounts you're looking at so there isn't like a broad based answer but like in general I feel like I feel like q1 q2 of 2024 I think we'll start to see some movement and start to see
00:36:48
Speaker
more rate come out of this, especially I think on certain access towers, certain deals that that we might have not, you know, been rate adequate on certain certain types of things. But I'm thinking I'm thinking 2024 is going to have a little bit of rate somewhere in the year. I don't know when a lot. I think this year we looked at it and we're like, oh, Thanksgiving.
00:37:10
Speaker
That's when it's going to happen. Oh, Christmas, that's when it's going to happen. It still hasn't quite happened. But I feel like coming in 2024, a lot of data will come out. A lot of the claims trends will come out. People will start to really look at their books and understand the profitability. And I think we'll need a little bit more rate than we currently have. I don't know that with full confidence.
00:37:33
Speaker
I think we'll see some more hardening coming in in 2024 is kind of my general thought. Yeah. Yeah. I think there's a lot of people that would agree with you on that. Just kind of switching gears here from a
00:37:52
Speaker
And like I said, a lot of brokers listen to this podcast. And I think there's always like this, there's kind of like a reputation for there being somewhat of a tension between, you know, underwriters and brokers. Brokers want to write business. And this isn't true for most underwriters that I know of, but they'll say like, you know, brokers want to write business. Underwriters, their whole job is to like figure out ways not to write business, which couldn't be further from the truth. But
00:38:22
Speaker
I think a good question would be, from an underwriter's perspective, what are you seeing brokers do well? And then what are you seeing brokers do that you think brokers could improve upon to produce better submissions, better accounts, whatever it might be?
00:38:39
Speaker
Yeah, yeah, it's a good question. I mean, I think brokers do most things well, it's a tough, it's a difficult job. And in the hard market, I say, I think they had a little tougher job than we do. We looked at a lot of submissions, but at the end of the day, we could say no, if we wanted to, and we didn't like it, they kind of had to find a solution for the client, and a really, really, really tough time to do it. So I give them full credit than that. But as the market kind of shifted to a softer market, I feel like a lot of underwriters kind of got to
00:39:09
Speaker
Oh, we want this account, but we need to be here. And they're like, well, we have five other options. We'll just go with someone else. So I think this is, again, I think a little bit to the market. But the relationship side of things I think is still tough, just because of how volatile the market is. You can have a lot of good broker relationships, but at the end of the day,
00:39:33
Speaker
If you have a large delta or something like that, a lot of times they're still going to be like, hey, we need to be here. And if you can't hit it, we got to move. But I think in a lot of other lines, there still is that larger relationship of we've worked together 10 years. There isn't a lot of volatility. Let's just roll this thing.
00:39:50
Speaker
and not market it and not look for these solutions. So really getting back to having these stronger relationships and trying to build collectively and work together. At the end of the day, it's a partnership. The underwriters and the brokers need to work together to grow business, to work things. And obviously, we want to write business, too. We want to grow the book just as they want to give the best solution to their clients. So finding that fine line.
00:40:21
Speaker
What I've seen in the soft market that's been a little difficult for me, mostly on the larger accounts, is just these set ILFs and not really allowing the underwriters to have any deviation there, right? Like if I need to be at 80% on this layer, but I really think we should be at 85%, I don't really have any flexibility in that. And it comes down to then, as I think of it, more of a business decision, right? Like, hey, I want to be at 85, but I'm at 80. But I think if I write this account for three to five years,
00:40:51
Speaker
we'll get the rate we need eventually, right? So you have to kind of look at it from both sides of things to where, yeah, we had a lot of control and I was able to get, you know, over 100% ILS in that really hard market. And now it's kind of flipped and they're saying you need to be here. So I think, again, that that volatility of where the underwriters are in all control and the brokers are in all control, kind of finding that equilibrium and really building a relationship in that
00:41:14
Speaker
and the turbulent market I think is kind of what would be great kind of coming into the future years. Not that we're not doing that now, just a larger focus on that I think would be awesome.
00:41:29
Speaker
That's fine. I mean, it's, it's, it's such a relationship based industry. And even though we're in like a very technical line that speaks kind of a different language than the rest of the industry, it all goes back to relationships. It's a, which is a, which is awesome. That's really cool. So what are, what are some things that you're seeing right now that
00:42:01
Speaker
You know, like I just got my first, so it was like, it was essentially like an auto-declination based on a pixel scan, which I was like, whoa, that's wild. I've never seen that before.
00:42:18
Speaker
What are carriers and underwriters thinking about when it
Pixel Scans and Underwriting
00:42:23
Speaker
comes to pixels? Because that's the one that everybody's kind of talking about now. We've kind of gotten accustomed to port scans and external scans. Now we're looking at pixels and nobody knows what the heck's going on. What's kind of the chatter on your side of things?
00:42:37
Speaker
Um, I think still the same thing that we don't really know what's going on. I think it's too kind of early to tell. Um, claims are coming in. We're seeing it, but we don't really know how the litigation will go, how these things will actually end up, which I think makes it's a little difficult. Um, because there's a.
00:42:59
Speaker
ton of different approaches that underwriters are taking some are saying hey this is showing up on our scan we don't want anything to do with it and some are saying this we're not really seeing a large effect and we're fine with it right um but i think it's i think it's too soon to tell from from what i can see on my side of things i think
00:43:16
Speaker
definitely digging into it and our scans, we can kind of look at it and we can ask questions. But I think kind of same with everything that if we ask the right questions and we can kind of dig into the right data sets and what's kind of going on in regards to pixels, I think we can get a good grasp on it. I mean, I go on a ton of different websites now and now all of them do say, hey, do you want to accept all the cookies? Do you want to accept only certain cookies, right? Or do you want to decline all of them?
00:43:44
Speaker
where I think even six months ago, we really didn't see a lot of that. So I think it was a quick movement and we'll see where these claims come from. But I think just like anything, we'll figure it out, we'll underwrite to it and try to kind of move on. But I don't have a really good answer in terms of what we're really seeing. I think it's a little too soon for a lot of we're seeing on the carrier side. But we'll see.
00:44:20
Speaker
It's getting kind of annoying.
00:44:27
Speaker
Can we get like Google to like set up a you know, like cookie setting so we can say like, allow all on the on these websites or allow the like, because yeah, like you said, literally every website you go on, you have to do this now. And it's kind of an annoyance. It's, I guess, a good annoyance being an underwriter that they're doing it. Yeah, we can find a solution. So every website we don't have to go on, we have to
00:44:49
Speaker
you know figure out our cookies every single time and some people are like what are cookies they don't even have any idea so yeah yeah absolutely that's awesome um it's really it's really cool to hear uh your your perspective and um
00:45:08
Speaker
Is there anything that you, I like to give people like the opportunity to tell the industry something that they've wanted to say. Not that we have like a massive megaphone or anything, but there's a bunch of nerds that listen to this podcast. I'm a nerd. I feel like if you listen to people talk about cyber insurance, it probably is like a good sound. You're probably a nerd in the most endearing way possible. Is there anything that you'd like to share with the industry just in general that
00:45:38
Speaker
Uh, you don't feel like it's talked about enough. Yeah. Um, that's a good question. I haven't really opened it in a question tail interview question, but I'm just curious.
00:45:50
Speaker
Yeah. I think the one bigger thing is just really like, can we cut out the volatility? Because I think a lot of the chatter of larger companies is their concern about cyber is where it's going to go in the volatility of the market. So really just working together as an industry to, again, be proactive instead of reactive and try to hopefully model it in price for these things so we don't have to go
00:46:17
Speaker
we need 40% rate and then we need negative 20% rate and then we need 0% rate. So really not that we're ever going to get to how other standard markets are where we can just say all 5% rate across the book and that's what we're going to do and that's our strategy and it's not going to change. I don't think we'll get there, but just
00:46:36
Speaker
just a little bit more consistency, right? And I think that's on both underwriters and brokers. When a hard market comes, I don't think all of our underwriters can take as much advantage as we did last time of being like, no one wants to do it, so we're going to get the highest price we can, because I think that created some issues.
00:46:55
Speaker
and then kind of in the software market, getting these super cheap iOS just because you can also, right? So I know it's hard because you're working with clients and working with these things, but I think those little tidbits and pieces can help build a little bit more stable insurance market. Obviously, it's so hard because it's so fast and growing all the time, but just I think cutting out that volatility will give a lot of these companies
00:47:21
Speaker
better, a better light into cyber and being like, Hey, this is an insurable risk. Because I think a lot of times they're sitting there and thinking, well, if you guys have to charge 40%, and then 100%, and then negative 20%, like, do you really know what's going on? Or are we in here? Um, in this kind of goes into a lot of companies, not just where I work at, but the mindset around cyber has changed so much, right? I think a lot of companies
00:47:48
Speaker
kind of pushed their brakes in the hard market and said, hey, let's see what this looks like. And then we'll kind of dig into it. And now I think we're in a prime time where a lot of companies are growing. They're like, we want new cyber underwriters. We want to grow our book. And really bringing that consistency into the market, I think is going to be key.
Collaborating for Market Stability
00:48:05
Speaker
Because like what you said, when they're all,
00:48:08
Speaker
It's supply and demand. At the end of the day, it's economics. And we have a bunch of supply, and the demand's not there like it is now. The rates fluctuate. And then we have a bunch of demand coming up with AI. And the supply isn't there. We could run into the same situation. So really just trying to be a little bit more proactive and collaborative as an industry to work together and hopefully not have these large, large fluctuations. Fluctuations will always happen.
00:48:33
Speaker
But mitigate the volatility would be my goal. Don't know how to do it or where to start. I think that would create a better light for cyber because I think a lot of times people see it and they're just like, yeah, that's just crazy. I would never get into cyber. It's all over the place. You have to learn.
00:48:55
Speaker
I think it'd be cool to just kind of have that more proactive approach where we can have good insights and kind of build profitably from a top line perspective and really grow the industry the way we need to to make sure everyone's kind of profitable and running good combined ratios.
00:49:15
Speaker
I love the message. I try to preach that. And that's like the whole point of Insuresac is regardless of if you're a competitor or whatever it might be. We're in such a new space.
00:49:30
Speaker
that we're all really on the same team. If we want to build, we need to be on the same team. That's a better way to put it. We need to be on the same team if we want to build a profitable industry for the long term. So it's kind of futile to have a bunch of hyper competitiveness where you can't work together on stuff because it really takes a village to build a massive industry like this. I think it goes back to, sorry, sorry about that.
00:49:59
Speaker
Like everyone wants to grow their book, right? And so it becomes hard in a lot of these is like, if everyone wants to grow and we don't have the demand for everyone to grow at the time, it creates an issue. And I think a lot of companies are seeing that with new business dropping this year, just because there is a lot of new entrants in the market and everybody wants to grow. And that creates some issues. Obviously, we'll get through it.
00:50:24
Speaker
But yeah, that would be my goal. I don't know how we start. But yeah, like you said, we need to work together. And I think stuff like this, conferences, areas where we can get a bunch of different perspectives, I think adds a lot of light and creates us in more unity as kind of an industry. Absolutely. Well, speaking of perspective, if somebody wants to get more of your perspectives, where's the best way that they can find you?
00:50:51
Speaker
Yeah, mostly just LinkedIn. I try to stay pretty active on it, like putting out random things, tidbits, pieces of the market. But really, yeah, LinkedIn would be the main spot. I think it's an awesome platform. And I feel like the industry is doing some really cool things through LinkedIn. And that's kind of where you can find me.
00:51:12
Speaker
Cool. I'll make sure to link to that in the show notes. I'm sure that, um, I'm sure that there's some brokers out there like, dang, I want to work with Austin. Um, so yeah, I don't, for sure. For sure. Um, no, it's fantastic, man. I appreciate you coming on. Um, I learned a lot in this episode and I'm really looking forward to getting it released. So yeah, thanks man. I appreciate it.
00:51:35
Speaker
Yeah, thanks. I appreciate it. I think this is awesome when I I've listened to a lot of episodes and and I think it's cool for the industry. We're getting we're getting kind of that. I I I acquitted it yesterday to to the Pat McAfee show of ESPN, right? It's that on a field. So like, like, let's just talk about some stuff in sports that that we actually want to talk about. And I think the industry a little different perspective. I think it's really cool. So I appreciate the invite.
00:52:03
Speaker
Thanks for having me on and yeah, connect with me on LinkedIn.