You need to know who and what to ask
Until a few years ago, all underwriting knowledge how to assess cyber risks was available on the London and US markets. In the CEE area it relied entirely on extensive risk assessment forms, sent between companies, brokers and insurers in PDFs’ The forms were mostly based on YES / NO answers. If we combine this with the lack of local competences, we get poor risk assessment quality and real problems with the portfolio profitability. Findia, entering the cyber insurance market, decided to challenge the status quo.
The highest quality of risk assessment
To build the highest risk assessment competences of the entire team, Findia joined forces with Cyber Security Center (CSC), among others to benefit from the knowledge of IT security specialists.
Thanks to the support of CSC specialists, we are not afraid to approach the risk assessment of even the most complex companies. Thanks to the proprietary IT system, Findia has the ability to flexibly approach different groups of clients, and even adapt the risk assessment form to a specific cases. In addition, we prefer direct meetings with clients, physical or on-line. We strongly believe in individual risk assessment based on conversation. You have to understand the client’s business and be a content partner for IT specialists. Sometimes it is enough to receive from the client confirmation of compliance with security criteria in the form of disclaimers, and sometimes it is actually enough to fill in a form in the system. However, there are companies and industries for which a direct meeting with the client and jointly conducted risk assessment are the only correct way to check and understand processes related to key security areas, such as remote access to infrastructure, backups, data encryption, rights management, etc. Thanks to meetings, we are also able to provide selected customers with one more value: a set of written recommendations to increase cybersecurity.
Cooperation between Findia and CSC
The cooperation is based on three pillars: cyber and tech products, an IT system that ensures the security of all the risk assessment processes, and claims handling entirely based on local specialist entities. Findia is responsible for the insurance part, CSC for the development of the IT system and claims settlement. Claim adjustment is as effective as the risk assessment has been reliably carried out, and the client’s awareness of how to react to potential cyber incidents. Therefore, the CSC also organizes cyber incident response workshops. During such workshops, CSC specialists, including breach manager (a person responsible on the side of CSC for incident management), work out a way of reacting to a possible event, confirm resources, methods of communication, and discuss the most critical risks. Often, such workshops are the first step in companies to prepare written response plans to cyber incidents.
If you would like to learn more, we invite you to read the interview in Gazeta Ubezpieczeniowa with Tomasz Gaj, CEO of Findia, and Liliann Poradzińsk, CEO of Cyber Security Center: https://gu.com.pl/rynek-ubezpieczen/trzeba-wiedziec-kogo-i-o-co-pytac/