Specialty Podcast: Is Ransomware Dead? Exploring the Next Chapter in the Cyber Threat Universe

Intro (00:00):
You are listening to the Alliant Specialty podcast, dedicated to insurance and risk management solutions and trends shaping the market today.

CJ Dietzman (00:08):
Welcome back everyone to another Alliant Specialty podcast. CJ Dietzman here with Alliant Cyber, and these are super exciting times here at Alliant and specifically at Alliant Cyber. And we are super excited to welcome a new member to the Alliant Cyber Team, with a specialty in cyber brokerage, a fellow that I've known for quite some time: Nolan Wilson, welcome to the Alliant Cyber Team.

Nolan Wilson (00:32):
Hey CJ, thanks a lot for having me. Great to be here.

CJ Dietzman (00:35):
We are super jazzed that you're here, Nolan. Tell us a little bit about your background and the specific areas of expertise that you're bringing to the team.

Nolan Wilson (00:43):
I've been in the industry about 18, 19 years. I started at one of the large brokers in the account management division, which was more of a generalist role, but enabled me to see all lines of coverage. And then about 2015 I transitioned to the E&O and cyber world. So, I've been on both the brokerage side as well as working for a couple of MGAs during that time before I found my way to Alliant here within the last month.

CJ Dietzman (01:06):
Awesome. And Nolan, for the benefit of our clients and for those who joined the podcast today, can you tell us specifically why Alliant? Why Alliant Cyber? Why now? What drew you in to join the team?

Nolan Wilson (01:20):
I think it was just the team that I saw that was being built. I talked to a handful of guys on the leadership building out the practice, which I think had a lot of great opportunities. I think every broker has gone through the environment where you have a lot of individuals that are handling cyber that may not be experts, and then you build out a specific team to really adhere to the needs of the clients. And after meeting with a handful of individuals on the team and seeing how the culture worked, it's definitely an exciting time and I see a lot of great opportunity. So, that was a big part of it.

CJ Dietzman (01:51):
Very cool, very cool. Thanks for sharing that, Nolan. Nolan, what approach do you take when engaging with clients? What can Alliant Cyber clients expect when engaging with Nolan, if you're a part of the cyber brokerage and the cyber risk management team?

Nolan Wilson (02:07):
I think that, to me, one of the most important things is building out the relationships, not only with clients, but also with the underwriters that you're working with. How do you create an environment where the client can trust you and rely on you? They know you're going to be responsive, they know you're detailed oriented around the policy coverage terms and conditions, that you're going to be pushing for the best price in the marketplace. So, all of those things take time to get to know a company, to really understand what they do, what their goals are, as well as if you're going to work with a risk manager or a CFO, or whoever's controlling the insurance, to really understand what their individual goals are so you can make sure that you're hitting on those points for them. So, I think the brokerage piece and the coverage, and making sure you're responsive on claims and the advocacy part with controls, that's all a huge part of the job. But, I think so is creating the relationships with the clients so that they know you, they have an expectation of your work product, and they can rely on you to show up when you say you're going to and do the things that you say you're going to within the timeframe that we all agree on.

CJ Dietzman (03:08):
Good stuff. Having said that, I am super eager to get you engaged with some of the clients I'm working with here at Alliant Cyber. That's number one. Number two, since we have you on the podcast today, Nolan, I want to pick your brain a bit. This is a critical moment in the cyber risk management industry. There's a lot going on. Just think about what we've all experienced in the past 24, 36 months, where the market is at. But perhaps most importantly, I wanted to get your candid perspective, Nolan, for the benefit of our clients and I'm certainly interested to hear your answer as well. What are we seeing right now in the cyber insurance market? What's going on right now? What are the trends that you're observing? And then of course, what do you see on the horizon?

Nolan Wilson (03:50):
That's a big question there. I think over the last handful of years you've seen the continued entrance of new companies into the marketplace. Obviously, there was some struggles in 2020, 21, 22 with the pandemic, but there's been a continued influx of MGAs and other parties, and cybersecurity firms as well that are offering different services within the cyber insurance realm. So, I think that has created a ton of competition. You saw losses that really ticked up and impacted the insurers in 2020, 21, and you saw a lot of increase in pricing, increase in retentions from that. But the competition did not stop, and with the number of entrants that are in the marketplace now, you've started to see that trend down and some of the pricing come down on renewals and programs. So, I think part of that is we're at a point in the cyber industry where a lot of companies and a lot of insurance companies are trying to figure out what are the cybersecurity standards and protocols going to be? What do they need to be? I was given an analogy with auto insurance - you would never try to get auto insurance for a car that didn't have seat belts and didn't have a steering wheel, didn't have airbags. But I think there's been such a variance in what the requirements are from a cyber underwriting perspective, that it's caused a lot of confusion with clients who maybe don't know the answers or don't understand the questions being asked and has resulted in a lot of ambiguity in how the pricing is determined, how the retentions are determined, how the coverage is determined.

And so, I think we're starting to figure that out as an industry and move more to agreed-upon standards that are required from an underwriting perspective for all companies to have whether it's MFA or EDR tools, or other things like that. So, I think that's helped drive, along with how the marketplace was increasing prices and retentions a couple years ago, that's really helped drive an increase in understanding and the need to have controls in place from the client side, from the buyers of the insurance. Which has hopefully helped us all get on the same page between the broker, client and the underwriter with what is required and how that insurance is going to be priced. So, I think we're starting to see a lot of the standardization take place. Although, I know clients still feel like it's probably a lot of back and forth with underwriting questions during their renewal process, but I think the market has been softening with more competition around pricing and coverage terms and conditions. I think there's still a handful of things around ransomware, business interruption, how claims may or may not come in, you have the war exclusion. There's a lot of hot topics that are still out there that I think from a coverage perspective we're still working through. And I guess seeing more claims examples happen helps to provide further clarity on how the policies are going to respond and helps the clients better understand how the policies will and will not respond. Those are few of my thoughts around that.

CJ Dietzman (06:38):
Good stuff. A bunch of us from Alliant Cyber, from the broader Alliant organization, were at RIMS together with clients. We had a lot of tremendously engaging and deep dive dialogues on these topics. One of the questions that was asked was, "hey, is the market softening?" Which I think you addressed, but I wanted to see if you agreed with some messaging that I shared with clients, and I'll kind of repeat here, which is, if there has been some softening in the market, which I think there has, if carriers have responded favorably to meaningful progress and enhancement around cyber controls, which they have, is this the time to take the foot off the gas, so to speak, to further your automotive analogy? I believe the answer is no. I believe now is the time to remain vigilant. Now is the time to proactively develop an outlook, a projection for what some of those emerging next generation, next wave cyber threats will look like. If there's anything that the past 25 years has taught me about cybersecurity and cyber threats, and incidents and response, and ultimately losses and claims is that it's not over yet. There will be a next wave; there will be a next chapter to the cyber threat universe. Just like five years ago it was probably difficult to predict the nature and extent of the ransomware spike that we had 2020, 2021 and beyond. What's next? I've got some ideas, but what are your thoughts? A couple of the clients out at RIMS I know just came straight out and said, "Hey, is ransomware dead? Is ransomware done? Are we through the woods? Has the market softened?" Any further thoughts on that? Go ahead, Nolan.

Nolan Wilson (08:22):
Yeah, I think you're spot on with there's a natural inclination when you see some of the pricing coming down that maybe everything's in place that needs be, but I think you're right. You can't pull back on the constant evolution of your company around incident response, having controls, security controls in place to protect your company because as you know CJ, threat actors are continuing to evolve all the time. There's new groups that pop up and everybody seems to always have a new gig. So, I think the clients have to continually evolve along with the threats that, like you said, I don't think we can predict in two years. It could be something different. Ransomware's been the big one. Business interruption is the big one, and back in 2015, 2014, it was all about privacy. It was all about some of the large retailers that had huge privacy events and loss of whether it was healthcare information or credit card information. And that was a huge issue for consumers, and resulting lawsuits, and notification costs, and credit monitoring. But I think we've seen that really trend down. I think that while it's still an exposure, it doesn't seem to get the headlines as it used to. So, I'm not sure what 2024 is going to bring as far as the exposure. But I think you're absolutely right that the clients need to remain diligent to the extent they can and continue to invest the resources and the time to understanding the exposures that their organizations could face, and put in best practices and protocols to mitigate those events.

CJ Dietzman (09:43):
Well said. I want to sum things up here. Welcome Nolan Wilson to the Alliant Cyber Team. Looking forward to engaging with impact with our clients, together with you and our other colleagues here at Alliant. Truly exciting times as we continue to build out and enhance our cyber capabilities with our platform, our framework, our Alliant Cyber ecosystem, our incredibly evolved brokerage team. It's just really the place to be in my view and I've been doing this a long time. So, welcome Nolan. Thank you, everyone, for joining us and we look forward to working with you in the future.