P&C Technosavvy the March 2019 issue

Cyber Confidence

Q&A with Patrick Costello, Principal, Evolve MGA
By Michael Fitzpatrick Posted on March 1, 2019
Q
Let’s start with your platform—the MGA. How does it fit into the insurtech space?
A
In my mind, the MGA platform is ideal for a product like cyber insurance. From our perspective at Evolve, we have the ability to go super deep when it comes to cyber exposures, cyber coverage, making our quote-to-buying process as absolutely efficient as it can possibly be. And really, at the end of the day, the MGA model allows us to maximize the amount of value that we can provide to retail insurance brokers.
Q
A number of cyber-focused MGAs are popping up. How do you compete in that kind of market?
A
I’m confident we have the best cyber coverage that’s currently available. I truly believe there’s a massive deficit in coverage across the industry. It’s really common to see carriers that are excluding or limiting first-party coverage. There’s tons of new cyber policies that will include risk management warranties that will remove coverage in the event of a claim.

To give you an example, if you don’t perform something like dual-factor authentication…or maybe you’re not implementing the recommended cyber-security procedures. You’re not going to receive coverage. This is really frustrating to me, because a lot of competitors’ coverage seems to be smoke and mirrors and it kind of discredits cyber insurance as a whole. Beyond coverage, I think our efficiency is unparalleled. We are super focused on going the extra mile to make sure brokers and our insureds truly understand their exposures.

Q
Who are your insureds, and what are the biggest cyber threats they’re facing now?
A
We work with insureds in almost every industry out there. If I were to break it down to one major cyber threat that really every insured is facing, it’s the fact that everything is getting connected to the internet—your car, your doorbell, your TV, your heat, maybe even your refrigerator. The fact that all these things are getting connected to the internet dramatically increases your chances of getting hacked.

I always tell people you need to focus on what you can control. Make sure you have the right cyber security in place. Make sure you have the right cyber insurance policy in place. You want to make sure your employees have effective training. You’d be shocked at the amount of claims we see that are the result of human error and phishing.

Q
What cyber threats do you see out there on the horizon that people might not be thinking about?
A
Forbes recently said that cryptojacking is now more prevalent than ransomware. It’s when a criminal will hijack your computing power to mine for cryptocurrency, like bitcoin. It’s a scary thing, because it really, really slows down your systems and will drive business interruption losses and overtime costs. We actually just released an updated cyber form, our new Evolve 4.0 form, that specifically writes in coverage for this type of loss.
Q
There’s a lot of talk about silent cyber. How do you approach that?
A
Silent cyber refers to potential cyber exposures contained within traditional property liability insurance policies, which may or may not include or exclude cyber risks. They’re silent, right. This is a huge issue when a claim happens, because it can result in finger pointing from different carriers that say, OK, you should pick up the coverage because you say this or you say that. To avoid this issue, we always try to make sure the intent of our cyber policy is to respond primary so we know we are the first ones in there, and we want to be picking up those costs right away. In our minds, affirmative cover and that primary layer is the position we always want to take so there’s no confusion on the part of the insured.
Q
When it comes to underwriting, what’s your philosophy?
A
We don’t get overly technical with cyber-security related questions. We can gauge a lot from the industry class and the revenue, and we have lots of internal data that helps drive our decisions. We like to know how much an insured is invested in their IT security. You know, if they have a chief information security officer. If they have legitimately thought about their cyber exposures. We like to know if our insureds are compliant with industry-specific standards, but at the same time, we’re fully aware that human error is a huge reason for cyber claims and we take that into account with our underwriting, as well.
Q
What changes would you like to see in the current insurance distribution model?
A
Insurance is a very old-school industry with a significant age gap. Two changes I would like to see are increased efficiency and increased expertise. I think that a lot of times in the insurance distribution chain you have folks that are looking to add middlemen that are wearing multiple hats to the distribution chain. And it seems completely illogical to me, but it’s very common to see, you know, for example, a wholesale broker who specializes in executive lines. So they’re doing cyber, E&O, D&O, but with a developing product like cyber, I truly believe that retail brokers need a specialist who understands the environment inside and out.
Q
You mentioned insurance being old-school with the age gap. What’s your hiring and talent development strategy to deal with that?
A
Because most people, even within the insurance industry, are in the dark when it comes to cyber, we created a structured intensive-training program that will significantly boost an employee’s knowledge on everything cyber-related. Our new hires will go through different phases, they’ll pass tests, they’ll do industry-specific write-ups, they’ll review competitor forms, they’ll give internal presentations, etc. It’s a super-detailed process. We really want to make sure our employees are experts when they’re looking at risk or speaking with any of our brokers.

We’re looking to hire people right out of college. We’re looking to hire people that have some experience in the industry. But we’re also looking at people that have had serious experience in the industry. So I wouldn’t restrict it to one demographic or another. But it seems to me that millennials are a bit more attracted to just the overall vibe of cyber insurance and a lot of times, just based on the technology element of the industry, they have a strong grasp on it already.

Q
Your family has a long history in insurance. How did it play into your decision to start an MGA?
A
My great grandfather was an insurance broker, and I am the fourth generation of my family in insurance. I grew up working for my dad’s agency in Marin County, going into the office in high school. I got my P&C license when I was in college, and immediately out of college I jumped into an underwriting role with Ace in San Francisco. So I got a really broad perspective of the industry, not only from the carrier side but from the retail broker side.

I also saw my brother, who co-founded Evolve with me, at Lloyd’s of London, and I saw the wholesale distribution chain, as well, and how Lloyd’s of London worked. It was a great education in the industry. That’s really what caused us to jump into the MGA model and find the correct mentors in the industry that knew where the market was going and knew how to provide true value to the demographic of retail insurance brokers we’re working with. I think it was kind of a perfect storm of the experience across the industry, the family history, and the emerging product, like cyber, that we could really jump in and actually provide value when it comes to an emerging product.

Michael Fitzpatrick Technology Editor Read More

More in P&C

Council Q3 2024 P/C Market Survey Results
P&C Council Q3 2024 P/C Market Survey Results
More premium increase moderation, but umbrella sees effects of social inflation....
P&C Weathering Cyber Storms
Q&A with Joshua Motta, CEO and Co-Founder, Coalition
Certified Cybersecurity
P&C Certified Cybersecurity
HITRUST certification can give small to medium-sized businesses peace of mind th...