Finding Peak w/ Ryan Hanley - How to Sell More Cyber Insurance with Pat Costello
Episode Date: July 29, 2021Spartan philosophy, built in the black-ops lab of business: https://www.findingpeak.comFinding Peak podcast: https://linktr.ee/ryan_hanleyIn this episode of The Ryan Hanley Show, Ryan Hanley interview...s Pat Costello, CPCU, Co-Founder, and Principal at Evolve MGA. Pat joins the podcast for a wonderfully nerdy deep dive into cyber insurance. Pat and Ryan also also discuss exactly how independent insurance agents can (and should) sell more cyber insurance to their clients. Don't miss this episode...Episode Highlights:Pat mentions what he’s learned from the pandemic. (5:34)Pat shares two reasons why having people in an office environment is vital. (7:17)Does Pat prefer working remotely or working in the office? (10:29)Pat shares his background and how Evolve MGA started. (13:15)Pat mentions some of the biggest issues he has seen from a retail broker perspective. (16:21)Why do agents still sell cyber insurance like it's a luxury and not as a necessity? (18:40)Pat gives a couple of facts about ransomware. (26:13)Pat shares why social engineering is the most common claim they see behind ransomware. (30:23)Pat explains why cyber insurance is significant. (34:24)Pat shares what they have recently introduced into their form. (47:35)Key Quotes:“If you have a few sales folks...I love having them together in the same room to kind of motivate each other and feel the energy, feel the vibes.” - Pat Costello“I think the insurance industry in the way it's set up with renewals, breeds an attitude of complacency for it, along with the fact that it's a pretty big age gap in the insurance industry.” - Pat Costello“As everything gets more connected to the internet and as people start using technology more, there's more potential for things to get hacked. If somebody is connected to the internet, it has the potential to be hacked. And so, everything that we are doing on a day to day basis is getting more and more technology driven.” - Pat CostelloResources Mentioned:Pat Costello, CPCU LinkedInEvolve MGAReach out to Ryan Hanley--Recommended Tools for GrowthOpusClip: #1 AI video clipping and editing tool: https://link.ryanhanley.com/opusRiverside: HD Podcast & Video Software | Free Recording & Editing: https://link.ryanhanley.com/riversideWhisperFlow: Never waste time typing on your keyboard again: https://link.ryanhanley.com/whisperflowCaptionsApp: One app for all your social media video creation: https://link.ryanhanley.com/captionsappGoHighLevel: It's time to take your business workflow to the Next Level: https://link.ryanhanley.com/gohighlevelPerspective.co: The #1 funnel builder for lead generation: https://link.ryanhanley.com/perspective--Episodes You Might Enjoy:From $2 Million Loss to World-Class Entrepreneur: https://lnk.to/delkFrom One Man Shop to $200M in Revenue: https://lnk.to/tommymelloIs Psilocybin the Gateway to Self-Mastery? https://lnk.to/80upZ9This show is part of the Unplugged Studios Network — the infrastructure layer for serious creators. 👉 Learn more at https://unpluggedstudios.fm.Advertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy
Transcript
Discussion (0)
Happy holidays. Want to give your host a gift? Consider subscribing, rating, and reviewing the show this holiday season. It really helps the show grow. From all of us at believe, have a Merry Christmas, everyone, and a happy holiday.
Food Laboratory in the basement of his home.
Hello, everyone and welcome back to the show. Today we have a tremendous episode for you, conversation with Pat Costello, co-founder, and CEO of EvolveMGA.
one of the most comprehensive cyber specialist carriers in our industry.
And Pat is doing some really interesting things.
And what I love about EvolveMGA is that they are trying to educate and bring cyber to the agency force.
Right.
I mean, too many of us are not selling enough cyber.
I get it.
It's not an easy sell.
It's tough to lead with cyber.
Oftentimes our commercial clients are looking at cyber as a luxury.
and I've said it before and I'll probably end up saying a thousand times,
but in the very near future, cyber could be a more important coverage than general liability
in protecting particularly small business, but really all business.
And I think we're doing our clients a disservice by not pushing cyber harder.
And what I like about EvolveMGA is that they are working to create a comprehensive program
but also educate agents and educate consumers on why cyber.
is important and past just a good guy, very dynamic.
Enjoyed this conversation.
I think you're going to get a lot out of it.
And it's just conversations like these that really is why I love doing this show
because we're talking a little bit about business, a little bit about insurance,
nerd and out on some coverage stuff.
It's just all around an episode I think you will love.
Before we get into our sponsors, though, I just want to say something that I know every once
and a while I reiterate, but I just want you to know.
I love you guys for listening to this show.
I really do.
We are absolutely cranking at Rogue and we got a million things going on.
And it is getting harder and harder to find time to create these episodes.
That all being said, I'm dedicated to continuing to bring you this show because it seems to help.
I love your feedback.
I hope it does.
You know, it just, it is such an honor.
And I feel it as a prerogative is the wrong word.
obligation is certainly the wrong word um feel it is my maybe i guess i feel it is an obligation to
give back to the industry in some way through these conversations in whatever way they may add value
to you so i hope you continue to enjoy them i just want you to know that it does not get past me
that you're choosing to listen to this show versus other shows versus other pieces of content that
exist and um i take the responsibility to help add value to your life very serious and um i just appreciate
listening. So all right with that I want to give a quick shout out to podium. Podium is kind of
changing the game for how we collect leads here, how we communicate with our customers. The
web form to text functionality is incredibly powerful. We're getting, you know, we're almost at like
100% response rate for leads that come through the kind of podium widget on our site. They
have a ton of other options, including payment options and all kinds of different things.
You know, Podium is one of those tools that I say, whether you choose to use Podium,
or not, you need to know what it does.
It's a tool that just understand its functionality.
Maybe today isn't the actual day that you purchase or need the tool,
but I think it's a type of functionality that you're going to want to have in your agency
at some point.
And Podium's been a great partner for us.
They really have.
You know, I'm not always sure what you're going to get out of a partner when you first
start working with them.
And, you know, we use Podium every day.
And they've just been great.
And I've enjoyed them both as a sponsor.
of the show. I've enjoyed getting to know the people there and I've enjoyed using them in my agency.
So go to P-O-D-I-U-M.com, P-O-D-I-U-M-D-M-G-R. Reach out to Podium, let them know Hanley sent you,
and, you know, just get the demo, understand what they're doing. And if you like the tool,
use it. I do. All right, with that, let's get on to Pat Costello of EvolveMGA.
Yo, dude.
Hi.
What's up, man?
How are you?
I'm good.
Yeah.
Just, you know, trying to get stuff done.
Another day in the neighborhood here.
Yeah.
Are you in upstate New York right now?
Yeah.
Yeah.
Yeah.
Yeah.
We, we, so the agency is based here.
This is where I live.
It's actually where I grew up to.
And I have teammates across the country in the world, which is the new, the new thing for, I think, probably for a company like yours,
that's not necessarily unique, but for a lot of brokers and agencies in particular, you know,
I tell people like, oh, you know, my producers in Chicago and I have a client success person who's
down in Florida and I have a VA in the Philippines. I'm like, wow, what? Yes, that is totally
unique. You know, it's just, it's an interesting, it's an interesting thing. Finding the right
people to operate in that kind of ecosystem is definitely interesting.
Totally. And I will say it was a huge learning experience with COVID happening and learning how to manage a remote culture.
Yep.
And make sure people are happy, motivated, performing, you know, all that stuff was a learning experience.
So I think we're better off for it now that we're kind of coming out of it.
So yeah, man, we definitely went through some interesting experiences.
I think it's been, and I'm interesting in your take.
for me, you know, we were always remote, right?
Like I think I would love to have a home base someday.
We have a co-working space that kind of is our home base,
but I would love to have a place where like, oh, you know,
bye, honey, I'm going to the office.
You know what I mean?
Like that kind of thing.
Like that would be nice to have that kind of separation.
Yeah.
Have just a place where all our mail goes instead of the floor of my basement office.
And, you know, I think that would be nice.
at the same time, you know, we haven't had to deal with, well, how do we judge performance in a
remote work environment? Because we never had an in-person work environment.
Yeah.
Those aren't even questions. Like it's just we have our way of judging performance and talking
through things and we use the EOS system.
I don't know if you're familiar with entrepreneurs.
Yes.
So we use EOS.
And, you know, when you have a system for tracking performance,
and you stick to it, it's not necessarily any more difficult with remote employees.
But I do think if you have a standardized in-person culture to go remote is probably a huge shock.
Yeah, I think there's two areas where I'm like, I think having people in an office environment are huge.
One is like sales motivation.
And, you know, if you have a, you know, a few sales folks.
I love having them together in the same room to kind of motivate each other and feel the energy, feel the vibes.
And we've seen our best sales folks have been in rooms with other sales folks.
Yeah.
That I've been on islands have been a little bit slower.
And there's anomalies.
But I think, you know, if I had my preference, I'd like to have the sales folks on like a sales floor.
For us, underwriting as well, a lot of times it's really advantageous to have underwriters that are kind of chatting about a risk to make sure they're fully understanding,
comprehending all the exposures associated.
But just general, like, I think employee happiness and bonding and excitement about the workplace
and what we're doing as a team and connecting with individuals outside of the normal,
you know, I need to get this quote done.
I need to, you know, talk to this person about this risk.
I need to do that.
it's you know it's the whole personal side of things where it's like oh like how was your day what's going on
what are you doing for dinner what are you doing for lunch and that personal side of things i just think
makes it so much more fun yeah which is kind of the culture that we're trying to cultivate
i agree with that i would i would prefer in person you know the i i have but i struggle with too
you know and this is nothing against anyone who listens to this who lives in all
but, you know, this isn't like a bastion of insurance talent here.
Not that there aren't incredibly talented people, but this isn't like a place where,
one, it's not a huge market to begin with.
Two, a lot of the, all the colleges are geared more towards engineering.
Just we have RPI, we have union.
Everything is kind of evolved around that.
I mean, University of Albany's liberal arts college,
but most people who go to University of Albany do not,
day here in Albany, they leave. That's a problem that we have. So it's not like it's difficult to
find people who, who are motivated to come in and work in an insurance agency, which, you know,
even though there are most days, it's hard for us to even consider ourselves that it, it is,
you know, it still kind of is what it is. You still have to have the licensing. And then in this
space, like right here, like locally, like it's been, it was a huge challenge. And it wasn't until
I started opening up our search to the to the basically the entire country that we started to find
people who really fit our culture, believed in what we were doing.
Like it became, you know, we got to really pick.
So I go back and forth on it.
Like, there's part of me that's like, I don't care where you live.
If you're working hard, if you believe, you show up to the meetings, you do your work.
I love it.
The other part of it is like I would love to bump into everyone every day and know like what
they're up to because I do kind of like, I like the people that are on our team and we just don't
get to see each other that much, you know?
Yeah.
Yeah, totally. Yeah, it's, it's, we, with our HQ here in Santa Fe, we've opened it back up and we have, you know, around 20 people kind of floating around here and just, it's been a total change because I was so used to work sporting on my own. No interruptions, no distractions, no people come and ask me questions. And so now I'm back. And now we're, now we're fully up and running. And it's like buzzing downstairs. Like, yeah, it's exciting. It's fun. But I'm totally like, I don't have the solitude.
that I had to just focus on a project.
So that's really interesting
the transition there.
But if I had to choose between the two,
I would just love to have, you know,
full on office environment going.
And then, you know, strategic days where now,
because now it's like,
like I love the home office setup that you have,
like just what I can see from my screen behind you.
Yeah.
That's kind of what I've set up at my home office.
Yeah.
And it's like I spent all of COVID,
like dialing the perfect home office.
And so now I'm like,
like now I'm like torn between the two.
So yeah,
a couple days here there to work from home,
I think is a good thing.
There's definitely part of me that like we will eventually get an office at some point,
probably in the next 12 months at some point.
And there's part of me that's like this space is so highly functional, right?
Like I have video studio.
I can do a podcast.
I can do videos right here.
I have a creative computer,
which you can't see.
So like I have a two screen.
window set up here for like insurance and business specific stuff and then I can swivel to my
right 90 degrees and here's my you know my we'll call a creative computer like mac it's my
mac it's got the uh you know where I do all the videos where I do all the podcasts like any of that kind of
stuff and then if something's going on on this computer I have another one right here and then I got
all this is so functional like I can be 150% functional here and there's no way if we go to
an office that I can have this same setup like it just won't happen it's the command center
Yeah, yeah. That's what it is. Yeah. So it, I've just basically said when we go to an office, I'm not changing anything here. I'm just going to get new stuff.
Yeah. Just get new stuff for the office. Like, this is staying exactly the way that it is. Yeah. Yeah. I love it. I have the same mindset. Yeah. So, you know, I didn't, as much as this is interesting, I didn't bring you on here to shoot shit about home, you know, remote versus versus home. You know, I'm interested in what you're doing. I'm interested in your backstory. I know you've, I know you've, I'm interested in your backstory. I know you've, I know,
you've done a lot of podcasts and people who followed you.
Maybe there's some people who haven't heard your story.
So maybe just if you could give us the 10 cent tour on getting,
on founding evolve and just involve in general.
I mean, obviously I'll do a little intro so they'll know kind of the basics.
But I just want to catch people up so we can get to some more fun stuff.
Absolutely.
If we're talking about my story and the founding of Evolve,
I think it kind of,
it goes back to really growing up because my brother and I were,
fourth generation into the insurance industry. So we grew up working for a dad who was a retail agent
in Northern California. He owned his own agency and we would go in and, you know, work for him
literally in high school, kind of just doing like administrative tasks. And in college,
we ended up getting our PNC licenses doing a little bit of selling. My brother's 18 months younger and
he's who co-founded evolved with me. But in college, we also,
We're able to intern at Lloyd's of London for a Lloyd's wholesale broker called Safe Online,
which was really, really unique experience.
For all the agents that are listening,
totally recommend going and checking out Lloyd's of London when you get the chance.
It's really kind of the birthplace of insurance.
A lot of history there, very traditional environments, very fun, fun environments.
And so we interned there for a summer and coming out of college,
my first job was as an underwriter for Ace in San Francisco in the professional liability
department. My brother's first job was working for that same Lloyd's wholesaler that we interned with.
So we were kind of going down our respective paths. And I think both of us, we were always very
entrepreneurial. We were always very independent. I think in my personal experience on the
carrier side of things, I was in working for a huge company. And I didn't see a lot of ways
where I could control my own destiny.
I didn't see it.
There wasn't a ton of role models that I had access to that was like,
I want to be like that.
You know, I was I was working hard.
I, you know, didn't see a lot of people noticing what I was doing
and the potential to move up and grow and coming to my own wasn't necessarily available.
And so my brother and I started kind of looking at what's the next thing we're going to do?
And because he was kind of feeling similar ways in a much smaller organization where
he was kind of, you know, ready to move on. And so we started pitching different ideas to mentors.
And we had a mentor that, you know, helped us kind of plan out and recommend the business model that we have today,
which is EvolveMGA. And so Evolve is a cyber insurance specialist. At the moment, all we do is cyber insurance.
We are a market for retail insurance brokers.
So if there is an insurance broker that wants to get a cyber quote,
we have one of the most comprehensive cyber policies that currently exists,
which is a big statement to say right now because the cyber market is getting harder and harder.
Claims are going up, particularly ransomware.
And it is getting tougher and tougher for folks to get quality cyber coverage.
and from a retail broker perspective,
one of the biggest issues that we see is understanding the exposures
and then also understanding the quality coverage
and having those conversations with your clients.
So we've done everything we can to make it as simple as possible
for a broker to show their client that they have tremendous exposure,
which they do, right, which they, it's, it's,
should be explicitly clear at this point.
But if there is any issues with that,
We're really focused on that education.
So showing someone in a particular industry why they have tremendous cyber exposure with claims examples.
And then I think our quote proposals are really well laid out to really explain the exposure, explain the coverage.
And I know our team is always there to answer any questions.
But Ryan, we've gone so far down the education rabbit hole that our team, like our production underwriting team, has in a given year,
We'll do over 2,000 educational face-to-face interactions, breaking down exposure, talking about a particular industry and their exposure, breaking down coverage, etc., breaking down the state of the market.
So on top of that, in November, we're going to be hosting our second Cyber Sales Academy, which is going to be super cool.
We have Frank Abagnale from the movie, Cast Me If You Can, coming to speak, who,
A lot of people know him for check fraud, but he also specialized in cybersecurity, wire transfer,
fraud, social engineering, stuff like that, which is the second most common claim we see
behind ransomware. So he's going to be there. We're going to be doing an event at the Cowboys Stadium.
And so it's Dallas center of the country. So we're going to have people come in from both sides.
And so we're planning for about 100 agents. So we're about to release that. But education is huge.
comprehensive cover is huge and then we're always working on how we can better our service.
So that's kind of a summary breakdown of how we started and what we're doing today.
It's been about six years since we were founded.
Why do you think that agents still sell cyber like it's a luxury and not like it's a necessity?
I think the insurance industry and the way it's set up with renewals breeds an
attitude of complacency for, along with the fact that it's a pretty, pretty big age gap in the
insurance industry. So you have these producers that have built these books over a number of
years and they have renewal income that's coming in at a 90 or 90% rate or higher. Not a ton of
motivation to learn about a new complex product that isn't a high revenue producing line of
business, especially a product that's changing all the time. It's.
evolving. So I just think the motivation isn't always top of mind, but I think the fact that claims are
coming in, the market's getting hard and clients are now asking about this all the time.
I think that's going to be changing. I also will say it's a complex product.
When you say cyber insurance, people can confuse it with tech E and O. They might think about the
internet. They might think about, you know, computers. But if I were to break cyber insurance
down to one sentence, cyber insurance is coverage for the costs associated with hacking attacks,
data breaches, and system failures. Those are the three major triggers that I want people to
remember. So if you can break it down on one sentence, it makes it a lot easier to communicate
to your clients. And that's one of the big purposes of Sales Academy and simplification, I think,
is really key to make sure clients truly understand why they need this. Yeah. It's funny. I think a lot of
times people still think like, oh, I don't take credit card. People like, I don't take credit card,
so I don't need cyber insurance. It's like that was like cyber insurance in 2005. That's not,
that doesn't even close to what we're talking about today anymore. And the fact that,
so cross-selling cyber insurance, now again, we're still getting started as an agency.
So it's not like I can talk in like thousands when we talk about volume, but we,
cyber insurance is a huge part of our cross-sell process. And we know that a lot of times at
the initial point of sale, you're not going to get.
that cyber purchase. And where I think a lot of agents fall down is because at the immediate sale,
when you're selling the BOP or the comp or maybe the commercial auto whatever, because maybe
cyber fuels like an additional policy at that time, oftentimes you get a, well, you know,
let me think about it. And then they never get back around to it. So we've actually built three
touch points into the course of the year post post initial sale if they don't purchase a cyber
policy at the point of contact to retouch on what those are. And, you know, I, I, I, I, I, I, I,
firmly believe that we could be looking at, and I know, I don't know of any legislation that's
happening, maybe you do. But I do think in the next five to 10 years, we could look at something
where cyber liability becomes a mandated coverage, much like having workers comp or personal
auto, only because it is absolutely insane what's happening out there. And if, and if agents are
unaware of what's happening, then just do a simple Google search. I mean, you can't, it is like
every single day. I had a guy call me.
And I don't know if I've told the story on the podcast before or not, but I had a guy call
me because I've done a lot of cyber videos.
And he said, hey, man, I hope you can help me.
I'm having a really tough time.
I said, well, what's up?
He said, well, I just had a cyber incident put me out of business.
And I'm hoping you could help me.
I was like, well, I'm not really sure.
This would have been a good call before the claim happened before the incident.
But so he said, you know, I have a cyber policy.
and that policy covered tearing down.
So basically he had a ransomware attack,
except when they left the system,
they just destroyed the system as they were leaving the system.
So it wasn't just like, oh, you're unlocked.
They just absolutely obliterated everything on the way out.
There's all kinds of like, I don't know what you call them,
but there's all kinds of like hooks and malware things like embedded.
And I don't mean destroyed it like they tore it apart.
I mean, like, there's just all kinds of crap that they left, like keystroke finders and stuff that were stuck in the system.
So they had to get rid of everything.
And that costs about $600,000, which the carrier that he had, actually, the cyber company paid for it.
So, okay, great.
You know, you'd think, listen to him going, okay, this sounds good.
He's up and running.
Two months later, he's got all his equipment back.
Like, yes, he lost some data, but he was able to recoup some of it cleanly.
And he goes, but I said, well, what happened, man?
and he said, my two biggest clients canceled their contracts on me for breach of contract
because there's no way that they could have stayed with me post a cyber claim.
Because if we had had another one, they would have all been fired by their.
Basically, he placed nurses was his business.
Okay.
And so I said, well, send me your policy because I know that reputation and so there's certain hooks on the end of policies,
which actually cover you for lost clients or lost business because of
reputational hits after a cyberclaim and he sent it to me and sure shit they didn't it didn't have that
right so i i felt bad i actually probably lied to him a little because i didn't want to like
completely i just said look man there are some endorsements not every policy has them
unfortunately you don't have them um there's not a whole lot you can do because you had this policy
for two years and it just didn't have that and it's it's like that level of detail in cyber policies
could have changed that guy's life.
You know what I mean?
Like if someone, if his broker or wherever he bought it,
we didn't get into that.
I felt bad.
I was going to start crying.
You know, if someone had said,
hey, look, you know,
there are there are endorsements that you can add to the end of this policy,
which could at least maybe help with some of the financial hit
of losing major clients because of reputation post post-claim.
He just didn't have those things.
And now he went out of business.
Ryan, I think the example that you brought up
is phenomenal because you are touching on a few first party coverage sections that a lot of
carriers or cyber markets do not pick up. So the first one you mentioned is system damage and
data restoration. So cyber policies to take a step back are third party coverage and first
party coverage. Third party is typically based around someone making a claim against the insured
for losing their information, some sort of liability coverage. First part.
coverage is for the cost that the insured is directly responsible for paying out based on someone hacking them.
So their system goes down.
They need business interruption coverage, right?
They need system damage coverage.
If someone does exactly what you mentioned where, you know, they can't use their system anymore and they need, they might need, for example, in the insurance world, if someone hacks, you know, one of our agencies, they might need all the client information recreated because maybe that information is deleted or compromised or encrypted.
And then beyond that, the biggest areas where we see claims are crime, cybercrime.
So ransomware, those extortion payments, social engineering.
And so those are the areas where cyber policies are getting more and more limited.
So for all the agents out there, if you're offering a cyber policy, you want to make sure you have strong, comprehensive, first party cyber coverage.
and to throw a couple stats at you.
I mean,
ransomware attacks during the pandemic increased by 800%.
The scary thing about ransomware attacks, go ahead, go ahead.
It's just insane.
It's so much.
It's crazy.
It's crazy.
The scary thing about ransomware attacks is most people don't report them
because another thing that you mentioned is you're insured,
lost vendor relationships because there's a negative connotation
with businesses getting hacked and that being out of the news.
What a lot of times that company has done everything they can from a cybersecurity standpoint,
there's no cybersecurity that is 100% effective.
So it's it's kind of sad to see that there's this huge negative connotation in the public for,
and obviously you know, you want to make sure you're as secure as possible.
And some people are more responsible than others.
But a lot of times there's just no control there.
but the FBI gets about 4,000 complaints per day about businesses getting hit by ransomware attacks.
4,000.
The scary thing is the majority of people don't report them because they don't want to have that negative connotation with their vendors.
One thing to be clear on, this guy was not my insured.
He had just called me.
He would have had that coverage if he was my insured.
But no, he did not.
He was not.
He just called me.
because he found me on YouTube, but I just want to, but I did have an insured, I did have an
insured have another claim. And this is just another example. Because I think a lot of, I think a lot of
agents and this isn't a knock. Like this is a coverage that in general is relatively new. Two,
that as an industry, we don't spend enough time on three. I think the way it was initially
taught was so wonky that it was like impossible to understand. Right. You just, when this first
hit, what, about a decade ago, like maybe 10, about 10 years ago, right? It really started.
It started to become, it existed before that, but it started to become a coverage of people
we're talking about. And it just was like, I mean, insurance is boring enough. And then
people who were teaching cyber, like, it was almost like they were purposefully making it more
boring. And it was just very tough to get your head around. So I think people struggle with
selling it for a lot of those reasons. I think that's changing. I think you guys are a big
part of it. And just the, you know, you got the podcast. You do a lot of podcasts. You have a lot
of content, you can share a lot, you make it fun. It's just more inviting, which is a very good
thing. But that being said, I still feel like a lot of agents just don't understand how this can
work. So I give that one example, a claim that we thankfully avoided but was very nearly a claim
was actually we had a wire fraud incident. So I have a furniture store that I insure. Someone emailed
one of his commercial clients with an invoice that said, hey, you owe us 50,000.
can you pay the invoice guy doesn't even look at it sees who's it's from forwards it on to his
whoever that that that person gets it pays the invoice no big deal okay two days later he emails my
client goes hey man you know I just got an invoice for you and I didn't really think about it at
the time we paid it but like what was that for what do we buy and he's like you don't know you don't
know us any we didn't send you an invoice so this is the thing that the tightly the closely
the closely related, you know, email that if you actually look at the thing is different.
And then the email looked the same.
The signature was very close in terms of, you know, hey, my client, president or whatever.
And then one, it's kind of weird.
It's coming from the president.
So maybe that should have been a key.
But he didn't, he didn't check it out.
He's just going through his day fast for his email on.
She wires this money for this payment.
And thankfully, they were able to get all $50,000 back.
So the bank transfer hadn't cleared all the way.
because it was international, like they didn't know, you know, and they were able to get the 50,000 back and they didn't end up putting a claim in note and there was no loss. He got all the money back. That's great. But, but that easily, that money easily could have gone off into nowhere. And if that guy comes back and goes, hey, man, I need that 50,000 bucks, then that's a cyber. I mean, that's social engineering, right? I mean, am I describing a social engineering claim?
What's up, guys? Sorry to take you away from the episode, but as you know, we do not.
run ads on this show.
And in exchange for that, I need your help.
If you're loving this episode, if you enjoy this podcast, whether you're watching on
YouTube or you're listening on your favorite podcast platform, I would love for you
to subscribe, share, comment if you're on YouTube, leave a rating review if you're on
Spotify or Apple iTunes, et cetera.
This helps the show grow.
It helps me bring more guests in.
We have a tremendous lineup of people coming in, men and women.
who've done incredible things, sharing their stories around peak performance, leadership, growth,
sales, the things that are going to help you grow as a person and grow your business.
But they all check out comments, ratings, reviews, they check out all this information before they come on.
So as I reach out to more and more people and want to bring them in and share their stories with you,
I need your help.
Share the show.
Subscribe if you're not subscribed.
And I'd love for you to leave a comment about the show because I read all the comments.
or if you're on Apple or Spotify, leave a rating review of this show.
I love you for listening to this show.
And I hope you enjoy it listening as much as I do creating the show for you.
All right, I'm out of here.
Peace.
Let's get back to the episode.
You're describing it exactly as what it is.
Social engineering is the most common claim we see behind ransomware.
We have started to refer to it as wire transfer fraud because the acronym is WTF.
Yeah.
Right?
That's exactly what.
someone be thinking when they change for money out. And that's something that's happened to the biggest
companies in the world, the Facebooks, the apples. It's huge in real estate, huge in law firms right now.
It's, but it's ransomware and wire transfer fraud are industry agnostic, right? If you have an email
address and a bank account, you can be victim of one of those hacking attacks. So that's why I say,
Those are great claims examples to bring up to any client because if you're a legitimate business,
you're going to have an email address and a bank account.
And you want to make sure those are protected.
So I think that when you bring up or when brokers are looking for examples,
I think that's a great place to start.
But I also think brokers need to know that a lot of times small to medium sized businesses
assume that they are not going to be victims of hacking attacks that, you know,
the hackers are only targeted the huge businesses of the world because that's what we see in the news,
right? We always see when a major company has a hacking attack occur, but we don't see a lot of
times or the small to mid-sized businesses when the truth is those are the low-hanging fruit because
they usually don't have the cybersecurity in place that they probably should. And they're much more
willing to pay a ransom just to get their systems back online. So it's something that I think
folks should think about if they, you know, initially believe that only big businesses get hacked.
Yeah. So anyone that's listening, you can steal those two examples, but, because stories sell, right?
But I think we need to find, we need to find our own. Hopefully, we can find them and they're not our
clients. We can, you know, just read the trade journals. You find tons of examples and just use those
examples because I said this before. I said this maybe about a year ago during the pandemic when all
the stats were coming out about how hard everyone was getting hit with these. And I actually
read that there were a couple homeowners insurance companies that were thinking about adding personal
cyber liability because these guys are not, I say these guys, I'm assuming they're all
disgusting men sitting in basement somewhere, you know what I mean, they're doing all this hacking.
I don't know, that's just the visual I have, but like eating Doritos and like regular Coca-Cola,
like these, you know, awful humans. And, and, and, and they're pinging like, like, home routers and
then using those as like proxies to then blast out all this malicious content and that can you know if they
can track it back to your home router you can be brought in a lot and you know there's just all this
crazy stuff and I and I said like I just put out a couple messer I did a video or something I just was like
cyber there's a very realistic possibility that in the in the near future cyber liability is as or
more important than general liability like if I had to think about rogue you know what's a
is a million times larger exposure than a slip, trip and fall, third party bodily injury or
property damage. I mean, that's general liability, right, in a stroke. Like, is there, is,
is it more likely that someone slips and falls on a property that I'm responsible for? Or someone hacks into
my system and steals their information or uses my system from ransomware or whatever. Like,
it's just, but yeah, we won't, we don't think about it that way. We think, oh, you know, I own a small
agency, so I don't need it. You know, I own a small business. And it just couldn't be farther from
the truth. Yeah, well, Ryan, as, as, we don't think, we don't know, as, you know, I don't know,
as as everything gets more connected to the internet and as people start using technology more,
there's more potential for things to get hacked.
If something is connected to the internet has the potential to be hacked.
And so everything that we are doing on a day to day basis is getting more and more
technology driven.
So I don't think there is a more crucial coverage for the 21st century than cyber insurance.
So I think it's something that really, really,
needs to be top of mind. And yeah, I mean, if if there's any agents out there that have any
questions on it, like we're we have the luxury of being a specialist where we can go really deep
on this. Not only in our coverage, but all the coverage that's floating out there in the
market. What's really, you know, working from a broker's standpoint in terms of making sure
this hits. Like you mentioned claims examples. We have like 75 industries, all the major industries,
like laid out of, you know,
other five major exposures in the claims examples associated with that industry. So for example,
someone needs claims examples on restaurants or manufacturers or contractors, lawyers. We have
claims examples aggregated. So the other thing that I really like that helps identify exposure
is dark web scanning. Most people don't realize that they have probably over 100 accounts that
they are, their information is in when you talk about being a member of LinkedIn, of Facebook,
of Instagram, of, you know, your gym, of your bank account, right? You have all these
credentials and what you don't realize is the majority of these companies have had some sort
of data breach at some point, right? And it's likely that your email address and password are
associated with that data breach. So on the first page of all of our quote proposals is an automatic
dark web scan that we do for everybody associated with their domain name and it shows you the
credentials that are floating out there on the dark web right now that are being bought and sold and
if you haven't changed your password some hacker out there someone on the dark web could buy your
information and try to log into wells fargo or whatever it is so the dark web is a scary place
and the the fact that people aren't actively changing their password using password
managers practicing quality cyber hygiene. That's just got to be, you know,
multifacture authentication. That's just got to be part of the normal day to day to make sure
you're secure. And we have, you know, a list of things that folks can do to secure their
home office to make sure they're taking the right cybersecurity steps. In fact, Ryan,
we have six free services, cybersecurity services that we provide to all of our insurance for free,
if they want access to them for proactive cybersecurity.
Which password manager do you recommend, like last pass or?
Last pass is my go-to.
Yeah.
Yeah.
I know.
I got to get on a last pass train.
Logging in and out of systems is the big is like,
that is like one of those nightmare things that we all deal with.
Carriers are the worst because they make you change your password.
Like some of them, it's every two days.
Some of them it's never.
And you're just, oh my God, I can't.
I have no more iterative.
and I don't have the brain cycles to remember.
And then everyone just goes, last pass.
And I'm like, God, I just got to sign up for it.
But so you had said before that cyber insurance is the only product that you offer at this time.
What does that mean?
So I think that we've set up a really great network of insurance agents across the US.
We've gone really, really deep.
when it comes to cyber.
And I think if we can find another product that is a specialty quality product
that our agents would, that would add value to our agents and would add value to their
insureds.
Like a tech E&O or something like that.
Could be tech E&O, could be Dino, could be ENO, could be, you know, I know there's a really
big need right now for brokers that are working in the cannabis space because there's very few
markets. And there's lots of lines that could be associated with that. So we are actively
exploring what could be the next product that would add value. And I think we would only move on it
if we felt it was, you know, a great product that was comprehensive and that we know our
distribution network. Because we, I think we work with about 2,000 insurance agencies across
the UF, about 2,000 offices. So if it,
paired well with cyber and it was something that you know worked within our business model to have
our folks be able to communicate and explain and um show our brokers why it's relevant then I think
that's something that we would want to bring on yeah one of the things that I think is a huge
opportunity is techie you know and the reason I think it's an opportunity not not necessarily
for you guys but just in general is because it's very it has a very narrow band
and what's considered tech, you know, today.
And I feel like that bandwidth is, I think it's, I think it's just, I think the carriers
that are writing it, I think they're just a little behind and updating what a technology
related company is.
Like, you know, when you look at some of the exposure, when even look at some of the exposures
that Rogues, right?
Let's take my own business.
Yeah.
We have a lot of technology related errors, errors and, and omissions issues that we could have
as we build our own tech and we build our own connections into different systems and
what could happen there.
And, you know, right now it's like, do you develop an app?
Yes.
Okay, tech, you know, what about websites that develop functionality on those sites that are
proprietary to their business?
It's not actually an app that they're selling, but it's proprietary tech that is delivering
a service inside a web portal or form or whatever.
Like, how does that, you know, you really have to search to find someone who will
classify that inside of a tech E&O, but when you get that dial into the policy forms,
standard E&O isn't covering that. And it's certainly not covered under a bop. So like maybe media
liability, but that's a stretch. I mean, that's a big stretch to think that media liability is going
to cover that. So I feel like there's a big gap in that market just because I think it was
originally for like app developers. You know what I mean? That's really what it is. It's like
they're thinking like high functionality technology or technology that's running maybe a
manufacturing plant maybe like something that's driving it through a system.
But there's to me, there's a much broader spectrum of tech exposures that are seeping into
businesses because today everyone is is bolting on their, I shouldn't say everyone.
A lot of businesses are bolting on their own technology solutions and products that maybe
they're not selling to the market but are but are highly that are big but are being used to drive their
business maybe even conjunction with some off the rack stuff and that technology that you're building
and implementing and delivering services through that's a that's a big gap I believe in the
current structure of of bop and errors and omissions if you don't have that tech terminology
built in so um you know I I don't say that's probably way more detailed than
anyone really cares about. But, you know, this is just something that I've seen with some of our
clients is I'm like, how do I cover this feature of their product delivery, right? They have this.
That's pretty standard. This is pretty standard. But what about this piece right here in the
middle that connects these two things and does this that they built? Ah, you know, well,
it's the future because there's so many business functions that are reliant on technology.
if you have someone that makes a mistake in creating that,
it could be massively costly to that business.
So there's no doubt it's an option for the future.
And I also would like love to just clarify like because people always confuse cyber and tech, you know.
Yep.
The reason why we stand alone cyber does not include tech, you know, is because there's a double trigger.
So for example, if I'm.
a hacker and I'm looking to get into somebody's business, excuse me, I could potentially exploit
an error that a programmer made in putting that tech, putting that software or that program together.
So therefore, it could trigger tech, you know, policy could trigger cyber policy.
So that's why we don't include tech, you know, in our form.
Like you said in the beginning, cyber policies in the past, a lot of times combine the two.
but at this point we're separating it out because hacking attacks are so real and there's so much
going on that combining the exposure of the two on the one policy is too much.
Yeah, I agree with you.
I think they need to be, I think they could be sold as a package, but the forms have to be
separated.
Yeah, yeah.
I think that's the way it has to be.
I mean, that's my personal opinion on how it should be sold is separate forms,
but packaged together, mostly to make it understandable and easy for brokers.
and customers and shards to understand what the hell they're purchasing.
Because, you know, but if, so if it came as a package, but, but was technically separate
forms, I think that would be an incredible way to deliver that, especially if you had a,
if, you know, whether it was a broader industry or just a broader sense of what tech,
you know, covered.
I think there's a lot of opportunity there.
It feels very narrow to me as, as a coverage.
Yeah.
Yeah, totally.
And I actually personally live that space a bit because, um,
My dad has specialized in ensuring tech companies in Silicon Valley.
That was, you know, his niche as a producer and instill is really tech, venture capital and private equity.
So I've seen him go through that process.
And it's been a really interesting market because I think tech, you know, is much harder to get now than it was.
Yeah.
Five, 10 years ago, there's people pulling out.
And I think the underwriting is still being perfected in that space.
Well, it's what is tech?
You know what I mean? Like that's it's such an ethereal thing that I think, you know, there are some very straightforward senses of what that is. And then it gets, you know, the, the gray fringes are are very wide or, you know, there's a lot of breath to the to the fringes to what constitutes. Where does it tech? When is this just a standard, you know, policy? And when is it a tech, you know, policy? When do you need neither? And what is the real trigger to do the experience?
And when do you just need cyber coverage, right?
I mean, these are, these are real questions.
I think everyone outside of true specialists have and even there, you know,
I think you get confused by what is a moving target in terms of underwriting guidelines
and appetite and all that kind of stuff because no one can figure it out.
And it doesn't help that every system is being tested a thousand times a day by hackers.
I mean, you want to run it.
You want to get the shit scared out of you.
launch a brand new website.
Don't ever go to it.
Just launch it and then watch the traffic.
Right.
Just watch the traffic.
You'll have your bot traffic will be 200, 500 hits within like a day or two.
Yeah.
And you're like it doesn't even exist.
It's just a there's nothing even there.
How are they finding?
Because these freaking bots are just scanning the web all day long constantly.
And it's just watching.
And people just don't realize this.
They don't, they have no idea.
No, that's a great point.
That's a great point for people to know how often hacking attacks are happening.
I mean, even in our own industry, Ryan, when you look at the last few months,
AXA hacked, CNN, CNA, $40 million ransom.
Arthur J. Gallagher, right?
Like, you couldn't get a quote from it.
We're getting brokers that were coming to us.
Like, hey, we usually go to, we usually go to, you know, Gallagher or, you know, RPS to get our cyber quotes.
But they just didn't have access, right?
So, man.
And honestly, like a lot of insurance agencies we work with have experienced hacking attacks themselves.
So, you know, they, at the end of the day, serve as great claims examples for clients and how real things are.
So, but it's the new world that we're living in.
Yeah. So is there anything coming down the pipe in the cyberspace just in general that people should look out for? Is there any new coverages? Is there any talk in the cyber nerd forums of new things that we need to be prepared for that we need to consider? I mean, most people probably found half the shit that we've said so far to be beyond what they've thought about and that doesn't make them bad. But like, is there anything new that that that we're going to see in the next 12, 24?
months that we should be repaired for from the cyber respect? Well, from a coverage standpoint,
one thing I'm excited that we recently introduced into our form is cyber coverage for senior
executive officers personal funds because a lot of times we see the CEO or the CFO or, you know,
the principal or somebody that's high up get targeted specifically by hackers. And a lot of times
you'll see these C-level folks, really anybody at a company, doing their personal banking at work,
going to Wells Fargo.com. You mentioned key logging malware. If someone puts that on your computer,
they just get your username and password to your Bank of America bank account,
you know, they can transfer funds out. So that's specifically covered within our form.
Another crazy thing is in the last year or so,
there was the first death associated with a cyber attack.
It was a Sherman hospital, I believe.
They got hit by a ransomware attack.
The technology was down so they couldn't admit patients.
So something happened.
There was an accident that happened or someone needed medical, urgent medical care.
They were not able to be admitted to this hospital.
And unfortunately, they ended up passing away.
So that is another form of coverage.
So bodily injury coverage associated with hacking attacks is something that we have
built into our form recently.
And I think when you look at the future, you know, you can talk about more comprehensive
bodily injury covers.
You can talk about property damage, you know, when you talk about someone hacking into
a Tesla or something like that, that's a really interesting space.
But like I said, in the beginning, if something's connected to the internet, it can be hacked.
So, you know, when you talk about your thermostat being connected to the internet, you know,
when you talk about like, like, you know, your smart home, whether it's your smart refrigerator,
your smart range, your smart washer dryer, your smart locks, right? Those all could be the
initiation of significant financial loss if they're hacked. So it's there's significant potential
for the market to grow. And that's that's one of the reasons in the beginning why we named
to the company evolved because we knew that the not only would the hacking attacks change,
but the coverage would change along with it.
So it's funny.
We have enjoyed the name evolve just because when we go to cyber conferences and cyber events,
it's just free marketing because everyone's saying evolve, evolve, evolve, as things change.
Yeah.
Yeah, that's wild.
It is pretty, you just think about, you know, you just think about everything,
that's connected is it gets more connected.
You know, obviously good cybersecurity is always a good first line of defense.
But like always, if you don't have a good insurance policy, there's no one's showing up after
that.
You know, I had some guy say to me one time, I have a cyber security from the houseman.
So, okay, great.
But they, do they offer you cyber insurance?
He's like, no, I'll just sue them and something goes wrong.
And I'm like, that is a wild way.
Like, that's a wild mindset.
Like versus, I mean, I'm telling you, the policy that I quoted him was like,
$1,400. Like, this wasn't like some big, huge policy. Like, yes, just the mentality of I'd rather
have nothing because it was whatever, whatever reason. And I'll just sue my cyber security company.
I'm like, one, how do you know you win? They probably, they're probably doing most things right.
Two, like, what the? What? Like, this is the mentality? I just. Yeah. And if it's a legitimate
cybersecurity or IT company, they probably have a contract in place that spells out what happens if
there's something that they don't catch. But yeah, that that is wild. And the other thing I want to
reiterate about cyber policies is they give you access to forensics firms, to PR firms, to
folks that literally have ransomware negotiators on their team. Like that is that is a forensics
firm associated with our cyber policy. They have ransomware war rooms where they're going to be
acting on the insurance behalf. And not only are they going to be figuring out, because
it's extremely expensive to have the forensics firms come.
Like if you were just not having a cyber policy,
to get the forensics firms to come in,
figure out what's in your system,
figure out what happened,
figure out how to get it back to normal,
repair it if need be.
Oh, wait,
you just lost 5,000 people's information.
Now we need to bring in a legal firm
to figure out what you need to do
because you just lost all their data.
It's been exposed.
And now you need to notify.
You need to figure out what regulations
you need to comply with.
And then, you know what, now we've been down for four days in how much revenue have we lost per day?
What's the business interruption costs associated with that?
Right. And then if there's an extortion itself, do we have to pay that? Do we not?
Right. Like we saw on the colonial pipeline attack, I believe it was negotiated down from 10 million and they ended up paying $5 million on that ransom.
But a lot of times these ransomware hackers literally have call centers. It's a business where,
they're like, okay, you know,
they're communicating with the forensics from.
The forensics are very used to it.
So that's why I'm excited for this sales academy
because we're going to have like the forensics guys,
like the ransomware negotiators come in and talk about,
you know, this is how it typically works.
This is what you need to be prepared for.
And kind of talking about the major things that act as selling points for brokers
and that business owners should be aware of.
It's a pretty wild idea that somewhere,
there is just like showing up for work, you know, just hat, you know, whatever, lunch, walk out the door, like, bye, honey.
You know, have a nice day.
And like you show up to like hackers, you know, whatever.
And like that's what you, that's what you do today.
Like today I'm going to, I'm going to send out like 10 million emails.
Hopefully one of them will hook someone.
And then I'm going to start talking to them on the phone and negotiating, you know, their ransom.
And that's, and you come home and like, how's your day?
Well, I got like, I got 25,000 out of this business in Maine.
And, you know, I mean, like, right?
I mean, that's insane.
It's just crazy.
That's like what their day is.
Like, it's just like, and then, you know, you throw a big, like champagne party on the pipeline one or whatever.
You know, it's.
Yeah.
It's wild.
And frankly, you don't even mean to have technical expertise.
Like, you know, a lot of people have that image of that hacker in the basement, you know, eating ships.
but you can literally buy ransomware on the dark web and then you just get a bunch of email
addresses and send it out to them like that that's how simple it is so it's not as complex as
people might think that's actually it would be a good SaaS company like you take like 5%
of all your ransomware hits and you just sell ransomware as a service yeah and and you know
you just sell it to hackers.
They put the emails through and you get five to 10% of whatever ransom where they get.
Ryan, we've seen that.
We've seen that exact thing where they,
there's literally taking commissions from the software that they are,
the malware that they are putting out there on the dark web.
Yeah.
So,
uh,
well,
hey,
everybody's got to make a buck,
you know,
but it's our job to make sure that buck doesn't come from our clients or
if it does,
we can,
uh,
we can get it back.
So,
Dude, I appreciate you spending this time. I'm a big fan of what you're doing.
Where can people learn one more about Evolve and two, about the conference that you're putting on if they're super interested in cyber and open their cyber game.
Yeah.
So to learn more about Evolve, you can go to EvolveMGA.com.
And we work with retail brokers across the U.S.
And if someone's looking to get a quote or get appointed, if you just go to our website, evolvemGA.com.
and click to get a quote.
You fill out your insurance information, the agency's information.
We can get folks appointed.
The other area is going to underwriting at evolvemga.com,
emailing, underwriting at evolvemGA.com with anything they would like,
any questions that they have.
We're happy to act as an educational resource.
And then I'd say for the upcoming sales academy,
I'm super excited about it.
It's going to be the first week of November, November 2nd and 3rd.
And it's going to be in Dallas, just a couple highlights, but we're going to have the whole purpose of the conference.
It's any agent that attends.
They should be able to leave that conference being able to explain cyber exposure and quality cyber coverage to any one of their clients in under two minutes.
And we're going to have the best of the best in the industry from forensic professionals to Frank Abingale from Cassidy if you can to, you know, one of the number one cyberproducing.
producers at Hub to talk about his sales process.
And then you're going to have access to all of our underwriting team to ask
them questions.
And so I think at the end we're going to give our like kind of like sales playbook for
cyber to anyone that attend.
So very excited, especially because it's really our first conference coming out of COVID
as well.
So it's going to be great to see people face to face.
Yeah.
That's awesome.
Where can people get more info on that?
Is it on the website as well?
Or where do they sign up if they're interested?
You know, we are creating a web page for people to register. It is not up and official yet.
So if there are folks that are interested, just emailing underwriting at evolvemj.com saying
I'm interested in attending the Cyber Sales Academy. We're probably going to reserve it to about 100 seats.
So I know we have a lot of folks in Texas alone, a lot of folks that attended our last one in Chicago.
So seats will fill up quick.
but emailing underwriting and evolvemj.com is the best way for us to make sure people get reserved.
Awesome, man.
Well, hey, I appreciate you.
I appreciate you coming on the show and Sharon.
And I've been following you guys for a while.
We're an appointed evolve MGA.
And as we start to have more policies rolling, you guys are in the mix.
And we look forward to writing more business with you.
And hopefully some of the listeners here will get on the train too.
You know, just speaking to the agents before we sign off, guys, I mean, I've said this a bunch on the show dropped a lot.
I wanted to do this episode specifically because cyber is one, it's a great way to add more value
to your customers. It's a great way to put money into your bottom line. But you are providing,
I mean, this is really what we do is getting out ahead of these things and getting coverage
in our client's hands. And I just, to me, cyber is an absolute no brainer. Like we have to get this
in our client's hands for commercial clients. So appreciate you, man.
Of course, Ryan. Thank you so much for having me on. I love what you're doing. And love the energy.
entrepreneurial spirit. So if there's anything you ever need, any time then. Thank you.
Close twice as many deals by this time next week. Sound impossible, it's not. With the one call
closed system, you'll stop chasing leads and start closing deals in one call. This is the exact
method we use to close 1,200 clients under three years during the pandemic. No fluff, no
endless follow-ups, just results fast. Based in behavioral psychology and battle tested, the one-call
Closed system eliminates excuses and gets the prospect saying yes, more than you ever thought
possible. If you're ready to stop losing opportunities and start winning, visit master
of theclose.com. That's master of theclose.com. Do it today. If you're the purchasing
manager at a manufacturing plant, you know having a trusted partner makes all the difference.
That's why hands down, you count on Granger for auto reordering. With on-time restocks,
your team will have the cut-resistant gloves they need at the start of their
shift. And you can end your day knowing they've got safety well in hand. Call 1-800
Granger, click granger.com, or just stop by. Granger, for the ones who get it done.
If you like the show, please take a moment to rate, review, and subscribe. It really does
help the show to grow. Thank you for listening. Happy holidays. Want to give your host a gift?
Consider subscribing, rating, and reviewing the show this holiday season. It really helps the show
grow. From all of us at Believe, have a Merry Christmas, everyone, and a happy holiday.