A cyber product aimed at medium-sized firms has been launched at Brokerslink with MS Amlin, Cyber Adapt and Cyber Scout partnering on the project

Brokerslink has heralded a new cyber risk insurance package at its conference in Marrakech.

PoCydon relies on “three prongs” and is aimed at medium-sized companies globally.

MS Amlin is the lead insurance carrier, along with Cyber Adapt with partners on the monitoring and preventative risk mitigation work.

The third partner is Cyber Scout, the role of which begins when a threat is detected, such as an attempt to interrupt service or to steal data.

“What we’ve done is to add insurance and cyber protection and breach response all together, hence the trident of PoCydon,” said Corey Gooch, director of business development, Brokerslink.

The language of the product is tied to the chief information security officer (CISO), focused on “confidentiality, integrity and availability”.

“That is as opposed to traditional insurance language policies that are more aligned to the risk manager,” said Gooch.

“The CISO can be an obstacle to buying [cyber] insurance,” he said, referencing IT managers’ tendency to believe their job is to prevent all threats, rather than accepting that eventually an attacker will get through.

“This should begin to break down some of those barriers,” said Gooch. “Using risk transfer should be a tool for the CISO to protect the business. It’s another tool in the kit to mitigate cyber risk.”

Too many companies have taken 120 days to realise they even have a cyber breach, he suggested.

“An aim of the policy is to identify a threat in real-time or very much earlier [than has been the case],” said Gooch.

The onset of the EU’s General Data Protection Regulation (GDPR) regime is particularly relevant, he suggested.

Part of Cyber Scout’s role will be to make a GDPR assessment, noted Gooch. “GDPR compliance applies for any company globally that operates within the EU,” he added.

Risk managers and CISOs’ priorities included identifying threats earlier, reducing the potential for volatility to the business continuity and to potential litigation, and keeping the organisation’s reputation intact, Gooch stressed.

“Reputational harm itself is not a risk but a consequence of something going wrong, and you need to have found a risk mitigation plan to deal with that,” said Gooch.

He explained that many of the intangible risks upon which risk managers and insurance professionals’ energies are focused can be begun to be made quantifiable, primarily through scenario analysis, which can allow firms to begin to model such risks.

“The company needs to be willing to take the time to identify and then drill down to understand these risks,” Gooch added.

The Brokerslink event in Morocco, which kicked off yesterday, has focused on the company’s ambitions - backed by a global network of regional broker shareholders - to challenge the dominance of the biggest insurance brokers.