CYBER SMARTS

The Accredited Cyber Risk Advisor program prepares agents to shine in the complex world of cyber liability

By Elisabeth Boone, CPCU

It wasn’t so long ago that no one had heard of cyber risk and no insurer offered coverage to address the exposure. While hackers, phishers, and assorted scam artists were swindling their way through the World Wide Web, it was business as usual for corporations, nonprofit entities, educational institutions, and healthcare providers.

Independent agents and brokers, who are on the front line of the claims handling process, likewise tended to be unaware of the threats posed by cyber criminals … until their clients started to report losses, only to be told their claims weren’t covered by any of their policies.

It’s impossible to pinpoint exactly when the business community awoke to the reality of cyber crime and insurers began to consider the fact that their existing policies didn’t address the exposure. Today cyber risk is front and center for corporations, nonprofits, educational and religious institutions, and just about anyone who uses a computer to conduct business. What’s more, insurers have responded to the threat with products specifically designed to address it.

As for agents and brokers, the challenge was to go from zero to sixty at warp speed in the quest to become knowledgeable about cyber risks and the solutions available to manage them. Suddenly their electronic mailboxes were crammed with messages encouraging them to sign up for seminars, institutes, and workshops that were designed to bring them up to speed on cyber issues.

Although some of these offerings are legitimate, in the world of cyber education it’s important to separate the wheat from the chaff. Readers of Rough Notes, and insurance professionals all across the country, know that Scott Addis’s organization, Beyond Insurance, can be counted on to provide top-quality education in all aspects of property/casualty insurance and risk management. The CRA (Certified Risk Architect) designation, launched in 2011, is held by more than 150 members of the Beyond Insurance Global Network (BIGN), and members also can pursue specialized designations like CBWA (Certified Benefits and Wellness Advisor) and TRA (Trusted Risk Advisor).

Cyber savvy

As insurers began to offer separate liability policies to address cyber risks, agents and brokers recognized the need to get up to speed on cyber so they could provide expert advice to their clients, most of whom had cyber exposures of which they were unaware.

As more and more members of Beyond Insurance began to express the desire for a program that would prepare them to help their clients manage these risks, Addis says, he began to consult with experts about creating such a program.

Last fall, Beyond Insurance launched its newest designation program: Accredited Cyber Risk Advisor (ACRA). “Our first one-and-a-half-day workshop, held in Chicago in October, covered cyber events, regulations, claims and data breach responses, overcoming objections, and best practices in the design of an insurance and risk management program,” Addis says. Participants are required to successfully complete an exam at the end of the course. A second program will be offered next month in Atlanta.

Serving on the ACRA faculty and involved in designing the program are six professionals with expertise in managing cyber risks: Joel Fehrman, who manages the southeast region in Beazley’s technology, media and business services group; Alex Ricardo, who manages business development initiatives for the Beazley breach response program; Kenneth Suh, claims manager for the Beazley technology, media and business services team; Hank Stickley, RPLU, vice president of Socius Insurance Services; Cynthia Zimmerman, senior vice president and East Coast cyber practice leader for Socius, and Dominic Paluzzi of the Detroit law firm of McDonald Hopkins, whose practice focuses on data privacy and cybersecurity.

We spoke with Stickley and Zimmerman about their involvement in developing the ACRA program. We asked them what appealed to them about the opportunity to craft the agenda for the new offering

“Cynthia and I are both regular presenters at BIGN meetings and webinars and coauthored the Cyber, D&O, Fiduciary, and Professional Liability IQRM (Intelligence Quotient Risk Management) documents,” says Stickley. Created by Addis, the IQRM process helps BIGN members educate their clients on various areas of risk exposure.

“As authors of the Cyber IQRM it was a natural fit for us to expand on this process by developing a more comprehensive and interactive course to be presented to members of BIGN,” Stickley explains. “We are excited to help further their education in this space as they seek to differentiate themselves from competitors.”

What kinds of advice and support did Stickley, Zimmerman, and their fellow contributors provide throughout the process of creating the ACRA program?

“Beazley was a heavy contributor to the development of the Cyber IQRM, so it was natural to involve them in creating the ACRA course,” says Zimmerman. “Beazley’s Joel Ferhman, Alex Ricardo, and Kenneth Suh joined us as ACRA instructors. Dominic Paluzzi participated as an additional instructor. Throughout the development process we consulted regularly with the Beyond Insurance team to ensure that the course would meet their high standards.”

We asked Stickley and Zimmerman how they think acquiring the ACRA designation can help BIGN members serve their clients more effectively in an environment in which cyber risk is affecting businesses of all sizes and in all industries.

“An agent or broker with the ACRA designation possesses above averageknowledge of cyber exposures and avail-able solutions,” replies Zimmerman. “All cyber policies are not created equal; as a matter of fact, no two carriers’ forms are alike. The ability to navigate these forms to find the best solution for a client is critical, and this separates an ACRA designation holder from the competition.”

What advice would Stickley and Zimmerman give to agents and brokers who are faced with the challenge of identifying and addressing their clients’ cyber exposures?

“As the landscape for cyber exposures and coverages continues to change rapidly, our advice is to review forms carefully, as small differences in coverages can make a world of difference in the event of a cyber incident,” Zimmerman says. “The carrier market for cyber adds new players monthly, and the drive continues to capture more market share. As a result, the pressure from some underwriters and clients is to focus on price instead of coverage. Students of the ACRA designation program learn about common coverage differences as well as the importance of prompt and efficient response when a claim arises.”

Meet a designee

Nineteen BIGN members attended the inaugural ARCA program in Chicago last October. Among them was Jonathan Theders, CRA, CPIA, CHSP, ACRA. His agency, RiskSOURCE Clark-Theders, was the Rough NotesAgency of the Year for 2011, and Theders sits on the Rough Notes Editorial Advisory Board.

Currently, Theders is the only BIGN member in Ohio to hold the ACRA designation, “so if a client asks me what the letters stand for, it sounds pretty good to say I’m the only insurance professional in the state to have earned this certification,” Theders says with a chuckle. “I’m sure that will change as more members acquire the designation.”

Both the local business journal and Theders’ hometown newspaper publicized his attainment of the ACRA designation, and he says that has spurred clients and acquaintances alike to ask him what it means. This gives him the opportunity to explain that he has acquired specialized expertise in identifying and managing cyber risks and that he has access to experienced professionals in the field. “I also was asked to speak on this topic at an acquaintance’s CFO roundtable,” Theders says.

“I’ve become the de facto cyber leader in our agency, so it made sense for me to be the first person from RiskSOURCE to attend the ACRA event,” he explains. “Based on my experience, we plan to send more of our people to the next session in Atlanta. It’s important for us to be knowledgeable when talking with our clients about cyber risks; and thanks to the ACRA program, if we don’t know the answer to a certain question, we know where to find it.”