Emy Donavan
Regional Head of Cyber, North America,
Allianz
San Francisco
Time at company: 9 months.
Transitioning to the cyber market: I underwrote tech errors and omissions exposures from the start, after I completed a management training program at ACE in 2004. Tech errors and omissions losses can often be the inverse of cyber exposures for companies who receive tech services. So relative to cyber, I started out underwriting the same sort of exposures and loss scenarios for tech companies. At the time, there were barely notification laws. But even then, tech companies knew the value of their data, and they wanted an insurance policy that would cover business income interruption. That said, the market grew quickly, and I've been underwriting standalone cyber insurance since 2005.
To err is human: One of the main things to cyber is the human element to this risk. There are malware and ransomware campaigns in which someone sends an attachment that says "invoice," but it's actually malicious code that corrupts your files. Putting together online training for our insureds' employees is one way that they can better understand risk.
The changing cyber marketplace: In the United States, the market for cyber is hardening somewhat. Larger companies, after they started seeing losses accumulate at Target and Home Depot, now want $500 million tower limits instead of $10 million, which is almost the capacity in the marketplace. Large losses will still be a difficult risk to underwrite, and the middle market space is getting competitive now. The challenge is keeping up with the case law and regulation around the space, so you know what exposures you are insuring. Regulation, litigation and case law changes can vary significantly by the end of a policy period. I couldn't convince some companies to buy this coverage three years ago, but now, companies are calling me halfway through their policy terms to increase their limits.
You know what they say about those who assume: Being a young woman in both technology and insurance is not the easiest thing in the world. Several years ago, I was at a meeting with a Silicon Valley client with other directors and officers and cyber underwriters. There were a couple of women, but mostly men. And an underwriter next to me — a man — asked a question to the firm's chief information security officer, who responded with a technical answer. I raised my hand and asked a question about their infrastructure, and the guy responded, "We use our own servers, and a server is the box you plug the cables into for the Internet … " My jaw dropped. He assumed I was a trainee, when I was one of the most senior people in the room.
Related: 2015′s best insurance pros under 40
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.