The average ransomware loss hit $353,000 this year 📈
Cyber Incident? Get Help

Cyber Savvy Broker: Courtney Mauge

Blog: Cyber Savvy Broker Courtney Mauge

As technology transforms the economy, businesses of all sizes have to navigate a new kind of risk: digital risk.

The most successful brokers will need to be prepared to help their clients navigate these complex risks. Our "Cyber Savvy Broker" series highlights forward-thinking brokers with the knowledge and skills to help their clients navigate this digital transformation.

Courtney Mauge is the SVP and Cyber Practice Leader at NFP. We had a chance to chat with her about how her background as an attorney helps her advise her clients and where she sees areas of improvement for the cyber insurance industry. 

How did you become a cyber insurance specialist?

I fell into my insurance career. I attended Emory University, then law school at UGA. There, I made a friend who knew his career path much better than I knew mine. He had a degree in risk management, graduated from law school, then started working in insurance. Following law school, I became a practicing attorney focused on data privacy and employment law. The firm life wasn't for me. My friend said, "You know, there's this world where you can use your law degree daily. You don't have to be a lawyer. I think you should check out insurance."

This career path has worked out very well because my background prepared me for where I am today. I focused on data privacy in law school, thinking I would eventually work in-house advising on data and privacy. But in the end, I wound up in cyber insurance. It helped me lay a solid foundation for helping our clients and really understanding the cyber landscape.

How does your background as an attorney help you advise your clients?

When I was a practicing attorney advising in-house clients, most of my challenge was to explain the law and then translate it into something everybody understood. That's still one of our biggest challenges as brokers in the insurance world because insurance policies are essentially a contract. The good news is I can walk through a policy and explain it in layperson's terms to my clients. In addition, my background as an attorney helps me understand the factors that can contribute to potential claims.

What has changed since when you first started selling cyber insurance to now?

The approach today is completely different compared to when I started. Initially, insurance applications were focused on data, and how businesses collected and stored data. At the time, the biggest claims and associated risks centered on how much personally identifiable information (PII) and how many credit card transactions your business processed. This was because there was value in stealing and reselling this information.

Fast forward to now: the value is not necessarily in selling the information. It’s the amount and quality of data, and its potential value. When we flip this approach — and don't look at the data you collect and store as the biggest risk — we must adjust how we underwrite and prepare our clients.

We've gone from a more simplified application process to one that involves making sure our clients are highly educated. We also engage many more stakeholders than in the past. For example, when I started in cyber, I typically spoke to just a risk manager. Today, I talk to a CFO or CIO and the entire information security team because what they do on a day-to-day basis is the key influencer of what that ultimate result will be for their cyber insurance.

What are the most challenging aspects of the current insurance market?

A few years ago, you could usually go through a legal process and only speak to a risk manager. There are so many more stakeholders involved now, and because of this, we’ve gone from a placement mindset to a consultant mentality and are much more hands-on throughout the entire year of a policy.

I think the constant changes and unpredictability of the claims landscape can often make it very hard to make clients feel like they chose the result that best served them. We've had to change our approach in our renewal process. It's not just 180 days leading up to an effective date —our current approach involves constant updates throughout the year. We want to ensure our clients are educated about the market and cyber landscape so come placement time, we're focusing more on strategy and not the marketplace.

Your clients should be fully aware of changes to the cyber landscape throughout the year before they arrive at the placement process. In this way, our clients feel more empowered and can be more successful with the option that best serves them.

What do you think the insurance industry has done well to evolve, and where do you see areas of improvement?

The insurance industry has done a great job of quickly adapting to a new cyber landscape.

The cyber insurance market doesn't get enough credit for the influence it has on changing the cybersecurity outlook of many companies. 

The industry could get better in its approach to understanding risk. While I do think there are a lot of uniform fundamentals in cybersecurity hygiene that most carriers agree upon, there's still a lack of uniformity in what applications require and the information needed across the marketplace. We should approach the application as a conversation starter to learn about a client and their cybersecurity posture rather than looking at it as a tool to decline. 

Improve your cyber knowledge with Coalition

Cyber insurance is one of the fastest-growing insurance products and a huge opportunity for brokers to grow their book of business. Coalition's Cyber Savvy program equips you with the tools and knowledge you need to deepen your cyber risk expertise and advise (and protect!) your clients. 

You can access more free Cyber Savvy Broker resources to continue your learning journey.