Mel Borsellino and Grace Ries are of one mind and vision when it comes to developing first-party cyber solutions that best meet their clients’ evolving needs.
Borsellino, vice president, manager, cyber hazards, heads FM Global’s cyber risk engineering unit. Her team works with the company’s research and engineering groups to develop assessment standards, tools and methodologies to gauge cyber risks. She was named a 2017 “Insurance Executive to Watch” by Risk and Insurance magazine. The magazine highlighted insurance executives taking on substantial new responsibilities, and recognized Borsellino for her engineering expertise in the cyber realm.
Ries, staff vice president, manager, cyber risk insurance products, and her team develop underwriting requirements and coverage for cyber-related risks. Ries was honoured by Business Insurance magazine with a 2017 Break Out Award highlighting her achievement as an “up-and-coming” leader in the insurance industry.
Here, Borsellino and Ries discuss the ways their respective teams are helping clients mitigate cyber attacks, and how they’re preparing to keep up with the world’s ever-increasing reliance on technology.
Describe your team’s responsibilities.
Grace Ries (GR): The cyber risk insurance products team ensures FM Global maximizes the value of our cyber insurance offerings for our clients.
Our FM Global Advantage® policy provides distinct cyber policy coverages: data programs and software (malware), computer systems non-physical damage (denial-ofservice attack), property damage caused by a cyber attack (resulting damage) and off premises data services (cloud). Based on client feedback and need, we added another feature to our cyber offerings in October 2016, called the Cyber Optimal Recovery endorsement.
What sets us apart from the competition is that we provide resulting damage and business interruption coverage via our allrisk policy. For instance, if there is a cyber attack on an industrial control system resulting in damage to equipment, there will be coverage for the physical loss or damage to the equipment, outside of the data, subject to the terms and conditions of the policy. Because the cyber market changes rapidly, we constantly work to keep ahead of it. My team is up to speed on what the market and our clients demand.
At FM Global, we combine the engineering, statistics and brainpower to help quantify the risk so we can continue to improve our cyber products and services.
Mel Borsellino (MB): On the engineering side, we are developing products and services for clients that will support our risk transfer solutions.
Cyber risk has perennially been an IT [information technology] issue, but it is an enterprise risk. Ultimately, risk managers are looking to us for education on the subject, a better understanding of their risk, as well as for practical loss mitigation solutions to help them prevent a cyber loss.
Tell us more about the Cyber Optimal Recovery endorsement.
GR: Cyber Optimal Recovery is part of the FM Global Advantage policy. It allows our clients to maximize recovery following a cyber loss that triggers coverage under both the FM Global Advantage policy and a stand-alone cyber policy. The endorsement gives clients the option to position our policy as primary, excess or contributing insurance to the cyber policy, if it maximizes their recovery. Cyber Optimal Recovery is our commitment to innovate with, and on behalf of, our clients.
How are you helping clients integrate cyber solutions into their business continuity plans?
GR: We are a specialty company, and we dedicate 100 percent of our focus to commercial property. If we want to remain a market leader in property loss prevention, we must treat cyber just like other perils. Cyber is surely a challenge for a lot of people. How do you wrap your head around something that is not physics-bound? We want to help clients think about loss prevention and risk mitigation solutions. Some may be hesitant to venture out because there’s not a solid way to do it, while others may see cyber security as simply buying the best antivirus program on the market. Putting cyber and risk improvement in the same sentence is still a new concept to a lot of people.
Why has cyber risk grown from an IT concern to an enterprise risk so quickly?
GR: Financial and reputational risk are even more on the line now. Hackers are no longer just looking to steal a Social Security number or other personal information, they’re also looking for ways to shut down a business entirely. As everything becomes more digitalized, businesses are more vulnerable.
Can you elaborate on FM Global’s cyber risk assessment?
MB: FM Global is developing a suite of cyber risk assessment solutions focusing on three vital areas of client concern: physical security, information security and industrial control and building systems.
Our field engineers now provide a value-added physical security evaluation as part of their loss prevention visits, which helps clients determine how well they control access to their facility and critical information networks.
We are also developing an online, secure, information security risk evaluation designed to assess a client’s cyber exposure based on risk factors unique to their business. This assessment will provide immediate and actionable recommendations to mitigate the cyber risk.
Finally, we are developing a new FM Global Property Loss Prevention Data Sheet to help prevent industrial equipment failures stemming from disruption to a client’s industrial control systems (ICS) or automated business systems due to operator error, equipment malfunction or malicious cyber activity. We are also enhancing our engineering service capabilities to include a more detailed review of our clients’ critical operating systems.
FM Global’s three-pronged cyber risk assessment will provide a comprehensive picture of an organization’s cyber risk.
This article first appeared in Reason Magazine 2017 Issue 2: Click here to read.