Deal with Me: Transaction Insurance Leaders Chat with Matt and Dan

Today, we begin a series of podcasts designed to provide insights—both personally and professionally—into the people that lead the Transaction Insurance industry, and increase the understanding of the Transaction Insurance marketplace, products, and trends.

Listen below to Matt and Dan’s first podcast episode, a conversation with guest Jeff Cowhey:

In his current role at Ambridge Partners, Daniel Auslander is responsible for maintaining and developing their brokerage relationships.  Ambridge, a managing general underwriter, is a market leader in the Transactional Insurance product lines with a keen interest in expanding its product portfolio – including Directors & Officers Liability and Intellectual Property Insurance.

Mintz Member Matthew T. Simpson focuses his practice on helping his clients navigate increasingly complex corporate transactions including leveraged buyouts, recapitalizations and minority investments in the United States and abroad. He is a leader of the firm’s transactional insurance practice, offering his clients increasingly creative and effective ways to distinguish themselves in competitive processes while mitigating downside risk, and acts as underwriting counsel to a leading transactional insurance underwriter.

Jeffrey D. Cowhey is co-founder and Chief Executive Officer of Ambridge Group, a managing general underwriter of Transactional, Legal Contingency, Management Liability, and Intellectual Property Insurance products. Established in October 2000, Ambridge provides its clients with customized and responsive underwriting solutions for a wide variety of exposures that prevent a transaction from being completed. Ambridge’s affiliate, Ambridge Europe Limited is a managing general underwriter of complex risks in the United Kingdom and other countries in the European Union and is authorized and regulated by the Financial Conduct Authority.

Sprinklered Buildings Still Burn

Kurtis Suhs
Founder and Managing Director, Cyber Special Ops, LLC

Mr. Suhs serves as the Founder and Managing Director for Cyber Special Ops, LLC,  a cyber risk company that provides its clients with Concierge Cyber®, a revolutionary new delivery solution for cyber risk services modeled on concierge medicine.

Many insurance professionals have compared cyber insurance to employment practices liability (EPL) insurance which took decades for organizations to adopt; however that is where the comparison ends. Cyber insurance is more analogous to catastrophic commercial property insurance, in which state-sponsored actors and sophisticated crime syndicates target and seek to burn down your building 24/7/365 days per year.

According to FM Global, the three main reasons sprinklered buildings burn are 1) design deficiencies, 2) system impairments before a fire, and 3) system impairments during a fire.  Let’s evaluate how each of these causes compare with cyber loss.

Design Deficiency

Sometimes due to design deficiency or system impairment, an automated  sprinkler system fails to suppress a fire sufficiently and thus a building burns despite the system.

Water supply
Is the water source
—a public water supply?
—a fire pond?

Incident Response
Is the data breach team
—an external third-party service provider?
—an internal legal and infosec team?

System design
Is the system design adequate?
What is the system trying to protect?

Network Design
Is the network architecture adequate?
What is the system trying to protect?

Changes in occupancy

Changes in electronic assets                               

The building (organization) was devastated by fire (a cyberattack). The cause of the devastation was multifaced. The water supply (incident response plan) was limited because a single connection from the public water main (a few data breach firms) supplied the entire sprinkler system (cyber insurance market). However, the water supply (incident response plan) was limited and the water flow (insured’s cyber insurance coverage and limit) to the automatic sprinklered system (network defense) was marginally adequate for the task. The sprinkler system (network defense) was designed for a facility (organization) that processed a specific amount and type of paper (electronic assets). The plant (organization) was changed to process a new and greater amount of  hazardous coated paper (sensitive information). This change was made without reevaluating the sprinkler design (network design) or water supply (incident response plan).

The system (network) simply couldn’t generate enough water (cyber insurance) to mitigate this type of fire (cyberattack) and suppress it because it wasn’t designed for this use and didn’t have enough water (cyber insurance coverage and limit) for this type of fire (cyberattack). Furthermore, the local fire department (cyber insurer) wasn’t aware of the change in the amount and type of paper (the exposure basis) and thus didn’t know they were responding to a hazardous chemical fire (state-sponsored actor), which requires a very different firefighting response (incident response) as compared to a traditional uncoated paper fire (simple malware).

System Impairments Before a Fire

A fire that would normally be adequately controlled or suppressed completely can instead rage out of control and destroy the building.

There are three type of impairments that can occur before a fire (cyberattack) as follows:

  • renovation of building (network)
  • inadequate maintenance of property (network)
  • arson (state-sponsored actors and sophisticated crime syndicates).

Deliberate action by an arsonist (state-sponsored actor or sophisticated crime syndicate) can impair or disable an automatic sprinkler system (computer network) so the arsonist’s (threat actor) fire setting (cyberattack) actions will cause damage.

Arsonists (cyber attackers) learn how sprinkler systems (computer networks) work and find ways to defeat or overtax them. Limited only by their imagination, for example, they may close valves (software applications) or attempt to overtax the system (all computer servers) by setting multiple fires (cyberattacks) designed to circumvent, damage or destroy the building (organization).

System Impairments During a Fire

System impairments that can occur during a fire are often the result of human action that cause a protection breakdown.

The most common system impairment that can occur during a fire (cyberattack) is premature closure of a sprinkler system’s control valve (network defenses).

Another common system impairment is the inadequate monitoring of the sprinkler control valve (network defenses).

Call to Action:

For most businesses, the five most important categories of risk are tied to 1) theft of intellectual property, 2) business interruption, 3) theft or corruption of personally identifiable information, protected healthcare information, 4) credit and debit card data and 5) diminished cash flow. But which of these is a priority, to what degree, and for which organization assets?

If we really want to make cybersecurity better, we first need to ask what do we need to protect within the organization? All of this is highly dependent on the business, the internal network structure, and the other security controls that are in place premised upon the zero-trust information security model.

Organizations will never outpace the sophisticated cyber threat actor. Remember, the cyber adversary only has to be right once while your organization has to be right 100% of the time.

How to Contribute Content for PLUS

Have you ever wondered how PLUS content gets sourced and developed? PLUS has several volunteer roles that are essential to the development and delivery of content. These roles include:

  • PLUS Symposia Chairs
  • PLUS Content Advisory Committees
  • PLUS Trend Advisors
  • PLUS Editorial Board

You can find more information about these roles here, and you can see the list of current content contributors in these roles on the PLUS website here.

Ideas generated by these roles as well as the Request for Proposal (RFP) process for National Events allows PLUS to continue to deliver timely, relevant and high quality content. While you might be familiar with the Request for Proposal (RFP) process for the PLUS Conference or Symposia, you may not be aware of all of the other content opportunities that are available.

Here is a glimpse at the additional PLUS content channels:

  • The PLUS Journal is a quarterly publication available exclusively to PLUS members. Articles are written by industry insiders and highlight the hot topics and key issues impacting the professional liability marketplace, as well as upcoming PLUS events and news.
  • The PLUS Blog is a great place to share thoughts on professional liability insurance with the PLUS membership of over 7,000 professional liability practitioners. PLUS has regular blog contributors and also welcomes one-off posts by members who wish to contribute.
  • PLUS Podcasts are pre-recorded, audio-only content that is available to members and non-members via the PLUS Connect App. Podcasts are an opportunity to share timely discussions amongst industry thought leaders on new trends and pressing issues.
  • PLUS Webinars are robust educational presentations which may be live or pre-recorded and require pre-registration.

You can learn more about these content channels here.  Interested in submitting an idea? We’d love to hear from you! Use the PLUS Content Idea form to submit your content ideas.