Welcome to Tech Talks with Taylor, the podcast where we explore how the right technology can create better business outcomes, everytime. I'm Leanne Taylor, founder of Taylor Made Sales, and I'm passionate about helping Australian businesses connect with the tech solutions that drive success. In this episode, I'm excited to bring you a great discussion about Cyber Insurance. Joining me are the experts, Gareth Downie from PSC Insurance and Chris Self from MyEmpire Group to make it all clear for you. We break down why cyber insurance is essential to protect your business from cyber attacks and financial losses. Gareth explains the different types of coverage, and Chris shares practical tips on how to strengthen your security.  We also cover what insurers look for, so you know what you need to get covered. It's all about keeping your business safe and informed.  For more details contact [email protected] or visit www.taylormadesales.com.au  Full Episode Transcript: (Upbeat introductory music plays) Leanne Taylor: Welcome to Tech Talks with Taylor. I'm Leanne Taylor, your host of 10-minute Tech Talks where we cut straight to the heart of tech for Australian businesses. In each session, we'll spend only 10 minutes with an industry expert unpacking the latest products, services, and solutions to help your business achieve great technical outcomes. Let's get started. (Music fades out) Leanne Taylor: Hi everyone, it's Leanne Taylor here from Taylor Made Sales and we've got a great session today. We're talking about cyber insurance. Today I have Gareth Downie from PSC insurance as well as Chris Self from My Empire Group. Welcome gentlemen. Gareth Downie: Thanks. Thanks for having us. Leanne Taylor: Gareth, starting off with you, tell us a little bit about PSC and really, what is cyber insurance? Why is it important and why do my customers need it? Gareth Downie: Thanks, Leanne. So a bit about PSC Insurance Brokers is we're the largest, um, independently owned insurance broker here in Australia. Um, and we're actually a, you know, major part of the Adona Group, which is one of the globally largest and independent insurance brokers. Um, and what that does, it actually allows us a lot of leverage, uh, for our clients, you know, when we approach international markets, we're able to get better rates, better premiums, and better coverage. And, and that ultimately just benefits our clients in the long run. When we turn our attention to cyber insurance, cyber insurance generally is a type of insurance that businesses take out to mitigate the operational and financial risk of a cyber event. Generally, we see coverage take two paths. You got what we call first-party and third-party coverage. First-party coverage is essentially when your business is attacked by a data breach or a ransomware attack, the policy will respond. Third-party coverage is when you become legally liable in your course of business for a network breach or a data breach or ransomware attack to a third party. Um, and that's kind of what we see a lot of policies take the form of. Leanne Taylor: Okay, so Gareth, why is cyber insurance so important? Gareth Downie: Why is it important, right? And this is, you know, something that a lot of clients ask us, you know, why must I buy, um, cyber insurance? Why is it important? I don't really need it. Um, and look, you know, that, those are valid questions, but, you know, cyber insurance is more important today than it's ever been because what we're starting to see is, you know, any threats, uh, are constantly evolving and there's actually no business large or small that's immune, unfortunately. So, and then a cyber event can, you know, have a devastating financial and reputational consequences for a business. I mean, you've got to think, you know, if you've built your business up from the ground up and then all of a sudden, um, you suffer a, a data or ransomware attack, you know, it could almost cripple your business. And by having cyber insurance, what it does is it provides the business with the financial protection, um, and access to expert, uh, response teams. So when you actually have one of these events, um, we've got an expert panel part of the insurance, um, that will help you and walk you through these, uh, events. And, you know, another real important thing that people sometimes misunderstand is, oh, well, I've got cyber insurance, I don't need to do active risk management. Um, and, and you know, that's a real kind of concern because, you know, buying cyber insurance is just good risk management. Um, it's also really handy to continue, uh, with, you know, your own cybersecurity and having strong cybersecurity practices. And this is, you know, what we've worked with clients and My Empire, um, who have been a great supporter of our clients in, you know, actually helping them develop good security hygiene, because, you know, cyber insurance is, is part of the broader risk management strategy, and it helps businesses recover, but the best approach when we talk cyber, cyber insurance and cyber, uh, security is, you know, preventing attacks where possible and being prepared to respond to events or cyber attacks when they occur. Leanne Taylor: So this is a great introduction to you, Chris. Um, can you tell us a little bit about My Empire Group and what you guys are seeing from the customer-facing side, and how you guys support them, um, complementing what Gareth is saying from the risk management strategy around cyber insurance? What are you guys doing in the day-to-day network operations for customers? Chris Self: My Empire is a, essentially a cybersecurity consultancy like many others. The, the key thing for us is we're here to help prevent that business ending. The way My Empire started was actually a two owners, they actually owned a previous business and was significantly impacted by a cyber attack, so much so that within two weeks of this attack unfolding, they lost their entire business. One key learning from that besides all of the instant response, helping to manage your people through a crisis like that was being really clear on what your info, cybersecurity or insurance policy really looks like. The concepts that Gareth touched on is exactly the same as what we're looking at when we look at third-party risk in security as well. So that first party, looking internal, how do we get the basics right? How do we build the baseline internally so that we're secure, we've protected ourselves, protected the things that matter to us. And then when we look at that third-party piece, what we're looking at there is the comfort we have of our supply chain and making sure that our supply chain appropriately aligns to our risk posture and providing that comfort through assessments, review of our suppliers so that they appropriately handle our data and report to us if anything goes wrong. That encompasses a variety of services as you would typically see across cybersecurity consulting, focusing on how do we strategise, how do we build our capability within inside the business, how do we look at risk, how do we look at technical controls, process controls, how do we build out a changing culture and awareness inside the business to support that business operating securely? And all of our conversations we have with our clients focuses so heavily on the business and their risk posture because from that, we can build out exactly what you need in regards to the types of controls, the level of depth that you take your implementation of your security capabilities across your organisation so that it is fit for purpose within inside a tolerable, uh, budget within inside the capability of inside your organisation as well. Leanne Taylor: So Chris, an interesting point you raised there because a lot of companies that I speak to go, "Oh, I've got an IT provider or I've got an MSP that looks after my IT." So as a business owner, I think there's a lot of thought out there that, oh, because I've got an IT company working with me, I don't need to worry about it. They're, they're doing all of that kind of thing. And I think it's really important to call out to our listeners that, um, yes, you've got your an IT provider generally looking after your networking and your Wi-Fi and your laptop rollouts and all all the sort of business as usual kind of activities, but it's really important to keep your cybersecurity, um, teams independent and separate to your IT operations teams. Chris Self: What I'd like to start with a little bit there, Leanne, is I think we have to look at this a little more of a another security term, so sorry to throw these in there, but a layered defence approach. And and focus on everybody has a specific role to play in that layered defence and for the betterment of that client and their environment and their protection of their data or protection more broadly of the things that matter to them. So, I think it's good to call out that there is a different role for the MSP, for a security provider, for the insurer, for your legal team. I think those there are all different types of roles that need to be considered to consider how we look at this layered defence for an organisation. Working with the MSP is where you you blend that operational element and I think having the conversations with your MSP around what is the right technology, what is the right process to support a secure environment is, is really important as well. Using a MSP, an MSP, using a security company like My Empire to support your overall security posture, uh, brings cohesiveness into the delivery of robust security controls. Leanne Taylor: Gareth, I might look back to you, um, just conscious of our time. So how do insurers view and assess our customers? Gareth Downie: Yeah, no, like a good question. So essentially, you know, if you, um, have never held cyber insurance before and you know, you operate a business, you know, insurers are looking for a couple of, you know, key things, you know, as a minimum. And we're talking, you know, MFA, so multifactor authentication, uh, we're looking for, you know, patching, do you have an antivirus? Um, do you know who has access to information? So asset management and user management. Um, you know, things like endpoint detection, uh, you know, those are the kind of basic things that an insurer is looking for, you know, in order to, you know, provide some sort of policy. I mean, long gone are the days where, you know, you could, um, go to an insurer and say, "Oh, my client has pretty much nothing, can you provide us a policy?" Nowadays, insurers are really looking for those minimum standards. But in terms of, you know, the affordability of cyber, there is a number of insurers on the market that, you know, offer a range of products from, you know, your bare basics to, you know, quite in-depth, uh, sub-limits and, you know, large limits and, you know, particularly on a couple of, you know, larger clients I deal with, we've got what we call towers, which you got multiple insurers on. Um, so the whole, you know, insurance industry around cyber is really developing and we're really looking to kind of grow, um, that kind of establishment, uh, for a lot of our clients that, you know, get better rates, um, through PSC's buying power, uh, globally as part of the Adona Group. So that's one thing that's been, you know, quite favourable for us moving forward. Leanne Taylor: Thanks, guys. This has been a great chat and hopefully has answered a few questions our customers have around the importance and benefits of cyber insurance as well as working with a trusted security partner to, to help guide them through that process. So thank you very much gentlemen for coming in today, and, uh, look forward to chatting with you next time. See you soon. Gareth Downie: Thanks very much. Chris Self: Thanks, Leanne. (Outro music plays) Leanne Taylor: Thank you for listening to Tech Talks with Taylor. I'm Leanne Taylor and here at Taylor Made Sales, our mission is to keep you, our valued customers, up-to-date, informed about the latest technology innovations that can support and elevate your business. Stay curious, stay connected, and we'll see you next time. (Music fades out)  

Ver todos los episodios