Transcript
Connor Swalm:
Welcome to Gone phishing, a show diving into the cybersecurity threats that surround our highly connected lives. Every human is different. Every person has unique vulnerabilities that expose them to potentially successful social engineering. On this show, we'll discuss human vulnerability and how it relates to unique individuals. I'm Connor Swam, CEO of Phin Security, and welcome to Gone Phishing.
Hey, everyone, welcome back. It is your host, Connor, CEO at Phin Security, and welcome to another episode of Gone Fishing. We have a friend of mine, Brian Mahone, back on the podcast again. He is a cyber insurance expert, which is everyone's favorite topic. Right?
And today we're going to talk about. The future of cyber insurance. Brian, how are you?
Brian Mahon:
I'm great. Happy to talk about cyber insurance. One of my favorite topics. How are you?
Connor Swalm:
You're one of maybe seven people that would be happy. It's like hearing an abacus to do accounting.
Brian Mahon:
Yeah, it's like hearing that horrible sound from, like, dial up Internet.
Connor Swalm:
It's like, that's exactly what it is. It's exactly what it is now, I guess. Question from left field here. Do you see a world where cyber insurance isn't necessary, where it doesn't exist? Do you see a future where that's possible?
Brian Mahon:
I've heard some pretty technical security people and even some insurance carrier people say that in the future, the risk is just going to be too big, that cyber insurance will cease to exist. Carriers aren't going to be profitable, they're not going to make any money, and they're all just going to stop selling cyber insurance. I don't hope to see that future. I don't think that future will happen. Maybe I'm biased because I literally sell cyber insurance for a living, but humans like certainty.
And if you ask most cfos or mean, I think Warren Buffett has said and know keeps you up at night, or what's the biggest risk your company faces? It's cyber risk, cybersecurity. And you can be Fort Knox and have all the best controls in place and have phishing security awareness training, but that one in 100 chance or that thing that slips through the crack, someone still clicks on a link, even though they've been trained not to. And even though you have next gen. Firewalls and all these great tools, you. Want to transfer that risk. You want a billion dollar insurance company to come in and pay that million dollar claim or $100,000 claim and be an expert at paying that claim and doing it in a timely manner and getting you back up and running. So, yeah, will cyber insurance exist in the future? I hope so. I thinking we're so secure that we don't need it is certainly rainbows and unicorns.
Connor Swalm:
Yeah. You remind me of a quote that not only I say often, but I've started to hear a lot of folks. In my industry say is breaches are not a if, they are a when scenario now. And so what you should do beforehand. Is put in place all of the right controls and the right, if it's. Software or sometimes it's just people doing different things, the right policies to make sure that when a breach happens or. When you suspect it happens, that the impact is small enough to be mitigated properly.
Brian Mahon:
Totally. Yeah.
Connor Swalm:
Awesome. I didn't think that's where you were going to go with that question. I thought you were going to go into the land of rainbows and unicorns, which is, of course, technology and software are going to catch up and whatever. Insecurity, cybersecurity is going to be a thing of the past. And instead you're like, no risk is. Going to get so big that nobody's going to want to give us money anymore because it's going to be too much to secure. It's like, oh, wow, I didn't even think of that.
Brian Mahon:
Yeah. And that's a scary world. And maybe people who work in Homeland security know more than you and I. And going back to our first point. Of, well, maybe we want cyber insurance.
To exist in the future, and there should be a federal backstop to make sure that it does. There certainly won't be a federal backstop if there isn't a private cyber insurance marketplace underneath that as the primary risk transfer organization or mechanism. So, yeah, it'll be interesting to see kind of how it develops. But regardless, independent insurance agents and msps are really going to have to step up their game and take on that hat and that role as risk advisor, whether that's cyber liability or it technical products and hardware and services. There's a big blend happening, which I think is the first person to have. The holy trinity, so to speak, of MSP insurance distributor, and I'll say security vendor Trifecta will certainly be a special company.
Connor Swalm:
Yeah. Because they can all communicate with each other properly to actually not only give the data back to know where the. Risk actually is, but then have the MSP or the vendor actually step in and begin to mitigate additional risk that. The cyber insurance carrier is now aware of.
Brian Mahon:
Yeah. And I don't think we have an issue of not having enough data but being able to pull insights from it and collaborate is really where I think the magic happens.
Connor Swalm:
This was an interesting conversation. Not at all what I thought it. Was going to be. So what's one last thing you'd love our listeners and our viewers to take. With them about the future? Cyber insurance.
Brian Mahon:
I'm an optimist. Future is bright. Get the policy. Make sure it's a good one and keep doing what you're doing.
Connor Swalm:
Awesome. Get the policy. Future is bright. Cyber insurance will be here to fight another day. And I'll add one more thing onto. Please, please go talk to an expert like Brian here or anyone else in your local ecosystem. Cyber insurance is, well, cyber and insurance know. Those are two subjects that I know very little about and most people are very uncomfortable with. So combining them, I can only imagine, doesn't cancel out. Makes it even worse.
Brian Mahon:
Yes.
Connor Swalm:
Awesome. Well, everybody, thank you for listening. I hope you learned a little bit. About the future of cyber insurance. Where it's going, where it might be going, or maybe it's going to its own brave. We don't know yet. Time will tell and keep listening for. Next episodes as the world of cyber insurance continues to evolve. I would love to have you back on Brian, though. I'm sure we'll be chatting again real soon.
Brian Mahon:
Sounds good. Thanks, Connor.
Connor Swalm:
All right, everybody, thank you for listening once again, I am Connor, CEO at Phin Security. I am your host, and I was. Joined today by Brian Mahon, cyber insurance extraordinaire.
Thanks so much for tuning in to go on phishing. If you want to find out more about high quality security awareness training campaigns, how to launch them in ways that actually engage employees to change their habits, then check us out. Phin Security at phinsec.io. That's P-H-I-N-S-E-C IO. Or click all of the wonderful links in our show notes. Thanks for fishing with me today, and we'll see you next time.
