Apr 09, 2025
The Difficult Insured: Striking a Balance

CNA Canada’s Cindy Huang recently joined a NetDiligence panel to discuss how carriers can help deliver innovative and efficient cyber solutions to meet the needs of insureds. She shared some of her key insights from the discussion.

 

Difficult Insured: how do you define that?


There are no difficult insureds – however, there are complex insureds. These could include businesses with large scale operations, high value assets, complex supply chains, etc. These types of complex attributes can make it challenging to obtain information during the underwriting process. More complex accounts require in-depth conversations about how cyber risks are mitigated. Overall, the client is looking for a solution, the broker is looks to deliver a solution efficiently, and the underwriter can offer a solution based upon the quality of information available to them. Simply put, the more measurable and granular the view of the cyber risk, the more effectively carriers can deliver risk-aligned coverage solutions.

 

How do organizational structures and culture impact response to crisis?


Chief Information Security Officer (CISO) roles have evolved through the realization that cyber is not limited to an IT concern; it’s now an enterprise issue given today’s technology-dependent landscape. We’re seeing a growing top-down commitment with organization’s shifting their cyber culture from one that is reactive to proactive. For instance, many organizations are increasing their cybersecurity awareness training and phishing campaigns, and even tailoring them to specific roles. More companies are making the commitment to continuously invest in their cybersecurity program given the evolution of threats, enabling a faster response in a time of crisis. Smaller organizations are outsourcing their IT security to a Managed Security Service Provider (MSSP), realizing their lack of internal resources to ensure they are proactive in their cybersecurity programs.

 

Why is it important for insureds to have an Incident Response Plan (IRP) & claims response process?


From an insurer's perspective, what we offer is a comprehensive claims handling service when a data breach or cyber event occurs. When an insured party has a well-prepared (IRP), it significantly streamlines the claims handling process. Time is critical during a breach. The goal of an IRP is to minimize the disruption and restore operations restored.


Listen to the full conversation on The Difficult Insured: Striking a Balance published by NetDiligence Toronto.