From the Front Lines: Cyber Liability
Ken Samson
Vice President
Dasco Insurance
Northbrook, Illinois
How did you get started at your agency?
Dasco is a family agency. My father started it back in 1970, so I guess you could say I grew up in the agency. I remember listening to my father talk about his day at the dinner table. By the time I could drive a car, I was pretty familiar with insurance. My after-school job was to come into the office and put all the files away. I had to work in the office over summer break, too. By the time I graduated college in 1993, I knew what I wanted to do.
Why specialize in cyber?
I like technology, I guess, but the power of it has always scared me a little. For five years at least, I have been talking to anyone who would listen about the threat of a breach. I talk to my clients about it, but I also talk to other agents about it. We have a lot of sensitive information. It scares the heck out of me to think what would happen to a client or my agency if someone hacked my system. I learned as much as I could about cyber liability from some excellent wholesalers—people who saw the threat too. Alex Wayne from A.J. Wayne & Associates and John Immordino from Arlington/Roe were both great teachers for me and continue to be great resources.
Biggest cyber changes you’ve seen over the years?
It used to be that only a few companies had anything to offer. Now, it seems like every company has addressed cyber in some way. There are a lot more players, which means you have to be even more careful. Since there is no standardization of forms or coverages, you really have to know what you’re doing. I find that I rely on a few markets I know have comprehensive forms and are competitive. This is still a new coverage and it is rapidly evolving. Every day it seems like there is a new market or a new exclusion or limitation you need to look out for.
What do you see—or hope to see—in the future for cyber insurance?
I hope that we get to a leveling off like employment practices liability insurance (EPLI). With EPLI coverage, the companies still have their own forms, but the terminology is similar. It is easier to compare two EPLI policies than it is to compare two cyber policies—the cyber policies look radically different and use very different language. I also hope our customers become more aware of the need for this coverage. As more agents talk about cyber more often, I think the awareness will go up, eventually.
What do you say to a first-time client looking at cyber coverage?
I have clients who get it—as soon as I start to explain the risk, they stop me and say, “Get me a policy to cover that—now.” I have other clients that struggle with understanding their exposure. They think it won’t happen to them or that the credit card company will hold them harmless. There are a lot of justifications from clients about why they don’t need the coverage. But honestly, most of my tech-savvy clients get this. Even if they don’t think they have a direct exposure, they know how bad things could get if they get pulled into a claim. It’s the established industry clients—the lawyers, doctors, CPAs, insurance agents, contractors—these are the clients I have the hardest time convincing. The irony is, many times, they have the operations with the biggest exposures!
Advice for a fellow agent trying to break into the cyber market?
Know your stuff. There is a ton of information out there—read it and have it handy to forward to a client who is on the fence. Write your own summaries. Some clients don’t want to read a 10-page report. Have a few stories—events that happened you can refer to. Don’t focus on huge data breaches like Target. Find stories that happened to clients who look like your clients. Most importantly, find a few wholesalers who are experts. While all our companies offer some kind of cyber coverage, nowadays, I find that the broadest forms and most competitive pricing come from monoline markets. A great wholesaler who understands the markets and the coverages will be a very valuable asset.
Favorite cyber success story?
Every agent needs a story, don’t we? I have two. We had a nonprofit client who held a gala fundraiser. They were selling raffle tickets and the credit card machine went down. To keep things moving, they just wrote down the donor, the credit card info, and the amount on a sheet of paper. At the end of the night, they couldn’t find the paper. They were 99.99% sure that it was accidentally thrown away, but they didn’t know. We called the cyber carrier, which was excellent. The adjuster told the client exactly what they needed to do to comply with the law. While nothing bad happened and there was never a suit, the client was so thankful to have the experienced help when they were in a crisis.
My second story is an attorney-client. We offered them cyber coverage year after year, but they never took it. One day, the client called—his computer was hit with Cryptolocker. The virus not only encrypted his entire server, it told him that if he did not pay 500 bitcoins, it would wipe the server clean. After paying the ransom and then paying an IT person to clean everything up, the client was out thousands of dollars—and nothing really bad had even happened. After that, the cyber policy became “real” to him.
