The Ryan Hanley Show - RHS 109 - How to Sell More Cyber Insurance with Pat Costello
Episode Date: July 29, 2021Became a Master of the Close: https://masteroftheclose.comIn this episode of The Ryan Hanley Show, Ryan Hanley interviews Pat Costello, CPCU, Co-Founder, and Principal at Evolve MGA. Pat joins the pod...cast for a wonderfully nerdy deep dive into cyber insurance. Pat and Ryan also also discuss exactly how independent insurance agents can (and should) sell more cyber insurance to their clients. Don't miss this episode...Episode Highlights: Pat mentions what he’s learned from the pandemic. (5:34) Pat shares two reasons why having people in an office environment is vital. (7:17) Does Pat prefer working remotely or working in the office? (10:29) Pat shares his background and how Evolve MGA started. (13:15) Pat mentions some of the biggest issues he has seen from a retail broker perspective. (16:21) Why do agents still sell cyber insurance like it's a luxury and not as a necessity? (18:40) Pat gives a couple of facts about ransomware. (26:13) Pat shares why social engineering is the most common claim they see behind ransomware. (30:23) Pat explains why cyber insurance is significant. (34:24) Pat shares what they have recently introduced into their form. (47:35) Key Quotes: “If you have a few sales folks...I love having them together in the same room to kind of motivate each other and feel the energy, feel the vibes.” - Pat Costello “I think the insurance industry in the way it's set up with renewals, breeds an attitude of complacency for it, along with the fact that it's a pretty big age gap in the insurance industry.” - Pat Costello “As everything gets more connected to the internet and as people start using technology more, there's more potential for things to get hacked. If somebody is connected to the internet, it has the potential to be hacked. And so, everything that we are doing on a day to day basis is getting more and more technology driven.” - Pat Costello Resources Mentioned: Pat Costello, CPCU LinkedIn Evolve MGA Reach out to Ryan Hanley Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
In a crude laboratory in the basement of his home.
Hello everyone and welcome back to the show.
Today we have a tremendous episode for you.
A conversation with Pat Costello, co-founder and CEO of EvolveMGA.
One of the most comprehensive cyber specialist carriers in our industry.
And Pat is doing some really interesting things. And what I love about Evolve MGA is that they're trying to educate and bring cyber to the agency force, right?
I mean, too many of us are not selling enough cyber.
I get it.
It's not an easy sell.
It's tough to lead with cyber.
Oftentimes our commercial clients are looking at cyber as a luxury.
And I've said it before, and I'll probably end up saying it a thousand times, but in
the very near future, cyber could be a more important coverage than general liability
in protecting particularly small business, but really all business.
And I think we're doing our clients a disservice by not pushing cyber harder.
And what I like about EvolveMGA is that they are working to create a comprehensive program
but also educate agents and educate consumers
on why cyber is important.
Pat's just a good guy, very dynamic.
Enjoyed this conversation.
Think you're going to get a lot out of it.
And it's conversations like these
that really is why I love doing this show
because we're talking a little bit about business, a little bit about insurance,
nerding out on some coverage stuff.
It's just all around an episode I think you will love.
Before we get into our sponsors though, I just want to say something that I know every once in a while I reiterate
but I just want you to know, I love you guys for listening to this show.
I really do.
We are absolutely cranking at Rogue and we got a million things going on and it is getting harder
and harder to find time to create these episodes. That all being said, I'm dedicated to continuing
to bring you this show because it seems to help. I love your feedback. I hope it does. You know, it just, it is such an honor, you know, and I feel it as a,
as a, as a prerogative is the wrong word. Obligation is certainly the wrong word.
Feel it is my, maybe I guess I feel it is an obligation to give back to the industry in some
way and through these conversations in whatever way they may add value to you. So I hope you
continue to enjoy them. I just want you to know that it does not get past me
that you're choosing to listen to this show
versus other shows,
versus other pieces of content that exist.
And I take the responsibility
to help add value to your life very serious.
And I just appreciate you for listening.
So, all right, with that,
I wanna give a quick shout out to Podium.
Podium is kind of changing the game for how we collect leads here, how we communicate
with our customers.
The web form to text functionality is incredibly powerful.
We're getting, you know, we're almost at like 100% response rate for leads that come through
the kind of Podium widget on our site.
They have a ton of other options, including payment options and all kinds of different things.
You know, Podium is one of those tools that I say,
whether you choose to use Podium or not,
you need to know what it does.
It's a tool to just understand its functionality.
Maybe today isn't the actual day that you purchase
or need the tool,
but I think it's a type of functionality
that you're going to want to have in your agency
at some point.
And Podium has been a great partner for us.
They really have.
I'm not always sure what you're going to get out of a partner when you first start working with them.
And we use Podium every day.
And they've just been great.
And I've enjoyed them both as a sponsor of the show.
I've enjoyed getting to know the people there, and I've enjoyed using them in my agency.
So go to podium.com,
podium.com,
reach out to Podium,
let them know Hanley sent you
and just get the demo,
understand what they're doing
and if you like the tool,
use it, I do.
All right, with that,
let's get on to Pat Costello
of EvolveMGA.
Yo, dude.
Hi.
What's up, man?
How are you?
I'm good.
Yeah?
Just, uh, you know, trying to get stuff done.
Another day in the neighborhood here.
Yeah.
Are you in upstate New York right now?
Yeah, yeah, yeah, yeah. Another day in the neighborhood here. Yeah. Are you in upstate New York right now?
Yeah.
Yeah, yeah, yeah.
We, so the agency is based here.
This is where I live.
It's actually where I grew up too. And I have teammates across the country and the world,
which is the new thing for, I think, probably for a company like yours,
that's not necessarily
unique, but for a lot of brokers and agencies in particular, you know, I tell people like,
oh, you know, my producer is in Chicago and I have a client success person who's down in Florida.
And I have a VA in the Philippines. I'm like, wow, what? Yes. That is totally unique.
You know, it's just, it's an interesting, it's an interesting
thing. Finding the right people to operate in that kind of ecosystem is definitely interesting.
Totally. And I get, I will say it was a huge learning experience with COVID happening and
learning how to manage a remote culture and make sure people are happy, motivated, performing, you
know, all that stuff was, um, was a learning experience.
So, and I think we're, we're better off for it now that we're kind of coming out of it.
So, um, yeah, man, we definitely went through, uh, some interesting experiences.
I think it's been, and I'm interested in your take for me you know we were always remote right like
I think I would love to have a home base someday you know we have a co-working space that kind of
is our home base but I would love to have a place where like oh you know bye honey I'm going to the
office you know what I mean like that kind of thing like that would be nice to have that kind
of separation yeah have just a place where all our mail goes instead of
the floor of my basement office and you know I think that would be nice at the same time
you know we haven't had to deal with well how do we judge performance in a remote work environment
because we never had an in-person work environment yeah So those aren't even questions. Like it's just, we have our way
of, of, of judging performance and talking through things. And we use the EOS system.
Um, I don't know if you're familiar with the entrepreneurial system. So, so we use EOS and,
um, you know, when you have a system for tracking performance and you stick to it, it's not necessarily any more difficult with remote
employees. But I do think if you have a standardized in-person culture to go remote
is probably a huge shock. Yeah. I think there's two areas where I'm like, I think having people
in an office environment are huge. One is like sales motivation. And, and,
you know, if you have, you know, a few sales folks, I love having them together in the same
room to kind of motivate each other and feel the energy, feel the vibes. And we've seen
our best sales folks have been in rooms with other sales folks that have been on islands have been
a little bit slower and there's anomalies, but I
think, you know, if I had my preference, I'd like to have the sales folks on like a sales floor
for, for us underwriting as well. A lot of times it's really advantageous to have
underwriters that are kind of chatting about a risk to make sure they're fully understanding,
comprehending all the exposures associated. But just general, like, I think
employee happiness and bonding and excitement about the workplace and what we're doing as a team and
connecting with individuals outside of the, you know, normal, you know, I need to get this quote
done. I need to, you know, talk to this person about this risk. I need to get this quote done I need to you
know talk to this person about this risk I need to do that it's you know it's the whole personal
side of things where it's like oh like how was your day what's going on what are you doing for
dinner what are you doing for lunch and that personal side of things I just think makes it
so much more fun yeah which is kind of the culture that we're trying to cultivate i agree with that
i i would i would prefer in person you know i i have but i struggle with too you know and this
is nothing against anyone who listens to this who lives in albany but you know this isn't like a
bastion of insurance talent here not that there aren't incredibly talented people,
but this isn't like a place where one, it's not a huge market to begin with to a lot of the,
all the colleges are geared more towards engineering. Just we have RPI, we have union,
um, our, everything has kind of evolved around that. I mean, university of Albany is liberal, liberal arts college, but, um most people who go to the University of Albany do not stay here in Albany.
They leave.
That's a problem that we have.
So it's not like it's difficult to find people who are motivated to come in and work in an insurance agency, which even though most, it's hard for us to even consider ourselves that
it, it, it is, you know, it's still kind of is what it is. You still have to have the licensing.
And then in this space, like right here, like locally, like it's, it's been, it was a huge
challenge. And it wasn't until I started opening up our search to the, to the, basically the entire
country that we started to find people who really fit our culture, believed in what we were doing.
Like it became, you know, we got to really pick.
So I go back and forth on it.
Like there's part of me that's like,
I don't care where you live.
If you're working hard, if you believe,
you show up to the meetings, you do your work.
I love it.
The other part of it is like,
I would love to bump into everyone every day
and know like what they're up to.
Cause I do kind of like,
I like the people that are on our team
and we just don't get to see each other that much, you know?
Yeah, yeah, totally. Yeah. It's, it's,
we with our HQ here in Santa Fe, we've opened it back up and we have,
you know, around 20 people kind of floating around here and just,
it's been a total change because I was so used to working on my own,
no interruptions, no distractions, no people come and ask me questions.
And so now I'm back and now we're, now we're fully up and running and it's like buzzing
downstairs. Like it's exciting. It's fun. And but I'm totally like, I don't have the solitude
that I had to just focus on a project. So that's really interesting to transition there. But
if I had to choose between the two, would just love to have you know full-on office environment going and then you know strategic days where now because
now it's like like I love the home office setup that you have like just what I can see from my
screen behind you yeah that's kind of what I've set up at my home office yeah and it's like I
spent all of COVID like dialing the perfect home office. And so now I'm like,
now I'm like torn between the two. So yeah, a couple of days here there to work from home,
I think is a good thing. There's definitely part of me that like, we will eventually get an office
at some point, probably in the next 12 months at some point. And there's part of me that's like,
this space is so highly functional, right? Like I have video studio,
I can do a podcast, I can do videos right here. I have a creative computer, which you can't see.
So like, I have a two screen window set up here for like insurance and business specific stuff.
And then I can swivel to my right 90 degrees. And here's my, you know, my we'll call it creative computer, like Mac. It's my Mac. It's got the,
you know, where I do all the videos, where I do all the podcasts,
like any of that kind of stuff. And then if something's going on,
on this computer, I have another one right here.
And then I got all this stuff. I am like, this is so functional.
Like I can be 150% functional here.
And there's no way if we go to an office that I can have this same setup.
Like it just won't happen. It the command center yeah yeah that's what it is yeah so it um i've just
basically said when we go to an office i'm not changing anything here i'm just gonna get new
stuff yeah just get new stuff for the office like this is staying exactly the way that it is
yeah yeah i i love it i have the same mindset yeah so know, I didn't, as much as this is interesting,
I didn't bring you on here to shoot shit about home, you know, remote versus versus home on,
you know, I'm interested in what you're doing. I'm interested in your backstory. I know you've
done a lot of podcasts and people have followed you. Maybe there's some people who haven't heard
your story. So maybe just, if you could give us the, the 10 cent tour on getting on, on
founding evolve and just
Evolve in general. I mean, obviously I'll do a little intro, so they'll know kind of the basics,
but I just want to catch people up so we can get to some more fun stuff.
Absolutely. If we're talking about my story and the founding of Evolve, I think it kind of,
it goes back to really growing up because my brother and I were fourth generation into
the insurance industry.
So we grew up working for a dad who was a retail agent in Northern California.
He owned his own agency and we would go in and work for him literally in high school,
kind of just doing like administrative tasks.
And in college, we ended up getting our PNC licenses,
doing a little bit of sailing. My brother's 18 months younger, and he's who co-founded Evolve
with me. But in college, we also were able to intern at Lloyd's of London for a Lloyd's wholesale
broker called Safe Online, which was really, really unique experience for all the agents
that are listening. Totally
recommend going and checking out Lloyd's of London when you get the chance. It was really
kind of the birthplace of insurance. A lot of history there, very traditional environments,
very fun, fun environments. And so we interned there for a summer and come out of college. My first job was as an underwriter for ACE in San Francisco in the on the carrier side of things, I was in working for a huge company and I didn't see a lot of ways where I could control my own destiny. I didn't see it. There wasn't a ton of role models that I had access to that was like, I want to be like that. You know, I was, I was working hard and I, you know,
didn't see a lot of people noticing what I was doing and the potential to move up and grow and come into my own wasn't necessarily available.
And so my brother and I started kind of looking at what,
what's the next thing we're going to do.
And cause he was kind of feeling similar ways in a much smaller organization
where he was kind of, you know,
ready to move on. And so we started pitching different ideas to mentors. And we had a mentor
that, you know, helped us kind of plan out and recommend the business model that we have today,
which is Evolve MGA. And so Evolve is a cyber insurance specialist. At the moment,
all we do is cyber insurance. We are a market for retail insurance brokers.
So if there's an insurance broker that wants to get a cyber quote, we have one of the most
comprehensive cyber policies that currently exists, which is a big statement to say right now,
because the cyber market is getting harder and harder. Claims are going up, particularly
ransomware. And it is getting tougher and tougher for folks to get quality cyber coverage.
And from a retail broker perspective, one of the biggest issues that we see is understanding the exposures and then also understanding the quality coverage and having those conversations with your clients.
So we've done everything we can to make it as simple as possible for a broker to show their client that they have tremendous exposure, which they do, right, which they it's, it's should be explicitly clear at this point.
But if there is any issues with that, we're really focused on that education. So
showing someone in a particular industry why they have tremendous cyber exposure with claims
examples. And then I think our quote proposals are really well laid out to really explain the
exposure, explain the coverage. And I know our team is are really well laid out to really explain the exposure, explain
the coverage. And I know our team is always there to answer any questions. But Ryan, we've gone so
far down the education rabbit hole that our team, like our production underwriting team has in a
given year, we'll do over 2000 educational face-to-face interactions,
breaking down exposure,
talking about a particular industry and their exposure,
breaking down coverage, et cetera,
breaking down the state of the market.
So on top of that, in November, we're going to be hosting our second Cyber Sales Academy,
which is going to be super cool.
We have Frank Abagnale from the movie,
Catch Me If You Can, coming to speak, who a lot of people know him for check fraud, but he also
specialized in cybersecurity, wire transfer fraud, social engineering, stuff like that, which is
the second most common claim we see behind ransomware. So he's going to be there. We're
going to be doing an event at the Cowboy Stadium. And so it's Dallas center of the country. So we're going to have
people come in from both sides. And so we're planning for about a hundred agents. So we're
about to release that, but education is huge. Comprehensive cover is huge. And then we're always
working on how we can better our service. So that's kind of a summary breakdown of how we started and what we're doing today.
It's been about six years since we were founded.
Why do you think that agents still sell cyber like it's a luxury and not like it's a necessity?
I think the insurance industry and the way it's set up with renewals breeds an attitude of complacency for along with the fact that it's a pretty, pretty big age gap in the insurance industry.
So you have these producers that have built these books over a number of years and they have renewal income that's coming in at a 90% rate or higher, not a ton of motivation to learn about a new
complex product that isn't a high revenue producing line of business, especially a product
that's changing all the time, it's evolving. So I just think the motivation isn't always top of mind, but I think the fact that claims are coming in, the market's getting hard and clients are now asking about this all the time.
I think that's going to be changing. I also will say it's a complex product.
And when you say cyber insurance, people can confuse it with tech E&O.
They might think about the internet, they might think about, you know, computers. But if I were to break cyber insurance down to one sentence, cyber insurance is coverage
for the costs associated with hacking attacks, data breaches, and system failures. Those are
the three major triggers that I want people to remember. So if you can break it down to one
sentence, it makes it a lot easier to communicate to your clients. And that's, that's one of the big purposes of sales Academy and
simplification I think is really key to make sure clients truly understand why they need this.
Yeah. It's funny. I think a lot of times people still think like, Oh, I don't take credit. I got
people like, I don't take credit cards, so I don't need cyber insurance. It's like, that was
like cyber insurance in 2005. That's not, that's not even close to what we're talking about today anymore and the fact
that um so so cross-selling cyber insurance now again we're still getting started as an agency so
um it's not like i can talk in like thousands when we talk about volume but we cyber insurance is a
huge part of our cross-sell process and we know that a lot of times at the initial point of sale, you're not going to get that
cyber purchase.
And when I, where I think a lot of agents fall down is because at the immediate sale,
when you're selling the BOP or the comp, or maybe the commercial auto, whatever, because
maybe cyber feels like an additional policy at that time.
Oftentimes you get a, well, you know, let me think about it.
And then they never get back around to it.
So we've actually built three touch points into the course of the year post initial sale,
if they don't purchase a cyber policy at the point of contact to retouch on what those are.
And, you know, I firmly believe that we could be looking at, and I know, I don't know of any
legislation that's happening, maybe you do. But I do think in the next five to 10 years,
we could look at something where cyber liability
becomes a mandated coverage,
much like having a worker's comp or personal auto
only because it is absolutely insane
what's happening out there.
And if agents are unaware of what's happening,
then just do a simple Google search.
I mean, you can't, it is like every single day.
I had a guy call me, and I don't know if I've told the story on the podcast before or not, but I had a guy call me because I've done a lot of cyber videos. And he said, Hey man, I hope you
can help me. I'm having a really tough time. I said, well, what's up? He said, well, I just had
a cyber incident, put me out of business and I'm hoping you could help me.
I was like, well, I'm not really sure.
This would have been a good call before the claim happened, before the incident. So he said, you know, I have a cyber policy and that policy covered tearing down.
So basically he had a ransomware attack, except when they left the system,
they just destroyed the system
as they were leaving the system.
So it wasn't just like, oh, you're unlocked.
They just absolutely obliterated everything on the way out.
There's all kinds of like,
I don't know what you call them,
but there's all kinds of like hooks and malware things
like embedded in this.
And I don't mean destroyed it like they tore it apart.
I mean, like there's just all kinds of crap that they left like keystroke finders and
stuff that were stuck in the system. So they had to get rid of everything.
And that costs about $600,000, which the company,
which the carrier that he had actually the cyber company paid for it.
So, okay, great. You know, you'd think I'm listening to him going, okay,
this sounds good. He's up and running two months later.
He's got all his equipment back. Like, yes, he lost some data, but he was able to recoup some of it
cleanly. And he goes, but I said, well, what happened, man? And he said, my two biggest
clients canceled their contracts on me for breach of contract, because there's no way that they
could have stayed with me post a cyber claim. Cause if we had had another one, they would have all been fired by there.
Basically he placed nurses was his business. Okay. And,
and so I said, well,
send me your policy because I know that reputation and so there there's,
there's certain hooks on the end of policies, which,
which actually cover you for lost clients or lost business because of
reputational hits after a cyber claim. And he sent it to me and sure shit, they didn't, it didn't have that. Right. So I, I felt bad.
I actually probably lied to him a little, cause I didn't want to like completely, I just said,
look, man, there, there are some endorsements. Not every policy has them. Unfortunately,
you don't have them. Um, there's not a whole lot you can do because you had this
policy for two years and it just didn't have that and it's it's like that level of detail in cyber
policies could have changed that guy's life you know what i mean like if someone if his if his
broker or wherever he bought it i we didn't get into that i felt bad i was gonna start crying
um you know if if someone had said hey look you know look, there are endorsements that you can add to the end of this policy, which could at least maybe help with some of the financial hit of losing major clients because of reputation post claim.
He just didn't have those things.
And now he went out of business. I think the example that you brought up is phenomenal because you are touching on a few first party coverage sections that a lot of carriers or cyber markets do not pick up.
So the first one you mentioned is system damage and data restoration.
So cyber policies, to take a step back, are third party coverage and first party coverage.
Third party is typically based around someone
making a claim against the insured for losing their information, some sort of liability coverage.
First-party coverage is for the cost that the insured is directly responsible for paying out
based on someone hacking them. So their system goes down, they need business interruption coverage,
right? They need system damage coverage if someone does exactly what you mentioned where, you know, they can't use their system anymore and
they need, they might need a, for example, in the insurance world, if someone hacks,
you know, one of our agencies, they might need all the client information recreated because maybe
that information is deleted or compromised or encrypted. And then beyond that, the biggest areas where we see claims are
crime, cybercrime. So ransomware, those extortion payments, social engineering.
And so those are the areas where cyber policies are getting more and more limited.
So for all the agents out there, if you're offering a cyber policy, you want to make sure you have strong, comprehensive, first party cyber coverage.
And to throw a couple stats at you, I mean, ransomware attacks during the pandemic increased by 800%.
The scary thing about ransomware attacks. Go ahead.
It's just insane. It's so much. It's crazy.
It's crazy. The scary thing about ransomware attacks is most people don't report them.
Because another thing that you mentioned is you're insured lost vendor relationships,
because there's a negative connotation with businesses getting hacked. And that being out
in the news. What a lot of times that company has done everything they can
from a cybersecurity standpoint, there's no cybersecurity that is 100% effective. So it's
kind of sad to see that there's this huge negative connotation in the public for, and obviously,
you know, you want to make sure you're as secure as possible. And some people are more responsible
than others, but a lot of times there's just no control there. But the FBI gets about 4,000 complaints per day about businesses getting hit by ransomware attacks.
4,000. The scary thing is the majority of people don't report them because they don't want to have
that negative connotation with their vendors. One thing to be clear on this
guy was not my insured. He had just called me. He would have had that coverage if he was my
insured, but no, he did not. He just called me because he found me on YouTube, but I did have
an insured. I did have an insured have another claim. And this is just another example because
I think a lot of agents, and this isn't a knock, like this is a coverage that in general is
relatively new to that as an industry, we don't spend enough time on three, I think the way it
was initially taught was so wonky that it was like impossible to understand, right? You just,
when this first hit, what about a decade ago, like maybe 10, about 10 years ago, right,
it really started to become, it existed before that,
but it started to become a coverage of people were talking about.
And it just was like, I mean, insurance is boring enough.
And then the side people who are teaching cyber, like,
it was almost like they were purposefully making it more boring and it was
just very tough to get your head around.
So I think people struggle with selling it for a lot of those reasons.
I think that's changing. I think you guys are a big part of it. And just the, you know, you got the podcast, it for a lot of those reasons. I think that's changing.
I think you guys are a big part of it.
And just the, you know, you got the podcast, you do a lot of podcasts, you have a lot of content, you can share a lot, you make it fun.
It's just more inviting, which is a very good thing.
But that being said, I still feel like a lot of agents just don't understand how this can
work.
So I give that one example, a claim that we thankfully avoided, but was very nearly a claim was actually we had a wire fraud incident.
So I have a furniture store that I insure.
Someone emailed one of his commercial clients with an invoice that said, hey, you owe us $50,000.
Can you pay the invoice?
Guy doesn't even look at it, sees who's it's from, forwards it on to his whoever, that person gets it, pays the invoice, no big deal. Two days later, he
emails my client goes, hey man, I just got an invoice for you and I didn't really think about
it at the time we paid it, but what was that for? What did we buy? And he's like, you don't know.
You don't know us anymore. We didn't send you an invoice. So this is the thing that the tightly the closely related, you know, email that if you actually look at the thing is different. And then the email looked the same. The signature was very close in terms of, you know, hey, my client president or whatever. And then one, it's kind of weird. It's coming from the president. So maybe that should have been a key. But he didn't he didn't check it out. He's just going through his day fast for his email on, she wires this money for this payment.
And thankfully they were able to get all $50,000 back. So the bank transfer hadn't cleared all the
way. Cause it was international. Like they didn't know, you know, and they were able to get the
50,000 back and they didn't, they didn't end up putting a claim in note and there was no loss. He got all the money back. But, um, but that easily, that money easily could have
gone off into nowhere. And if that guy comes back and goes, Hey man, I need that 50,000 bucks.
Then that's a cyber. I mean, that's social engineering, right? I mean, am I describing
a social engineering claim? What's up guys. Sorry to take you away from the episode, but as you know, we do not run ads on this show.
And in exchange for that, I need your help.
If you're loving this episode, if you enjoy this podcast, whether you're watching on YouTube
or you're listening on your favorite podcast platform, I would love for you to subscribe,
share, comment if you're on YouTube, leave a rating review if you're on Spotify or Apple iTunes,
et cetera. This helps the show grow. It helps me bring more guests in. We have a tremendous
lineup of people coming in, men and women who've done incredible things, sharing their stories
around peak performance, leadership, growth, sales, the things that are going to help you grow as a person and grow your
business. But they all check out comments, ratings, reviews. They check out all this information
before they come on. So as I reach out to more and more people and want to bring them in and
share their stories with you, I need your help. Share the show, subscribe if you're not subscribed.
And I'd love for you to leave a comment about the show because I read all the comments. Or
if you're on Apple or Spotify, leave a rating review of this show. I love you for
listening to this show and I hope you enjoy it. Listening as much as I do creating the show for
you. All right, I'm out of here. Peace. Let's get back to the episode. You're describing it
exactly as what it is. Social engineering is the most common claim we see behind ransomware.
We have started to refer to it as wire transfer fraud because the acronym is WTF, right? That's
exactly what someone would be thinking when they transfer money out. And that's something that's
happened to the biggest companies in the world, the Facebooks, the App apples, the it's huge in real estate, huge in law firms right now. It's,
but it's ransomware and wire transfer fraud are industry agnostic, right? If you have an email
address and a bank account, you can be victim of one of those hacking attacks. So that's why I say,
those are great claims examples to bring up to any client, because if you're a legitimate business, you're going to have an email address and a bank account.
And you want to make sure those are protected.
So I think that when you bring up or when brokers are looking for examples, I think that's a great place to start. brokers need to know that a lot of times small to medium-sized businesses assume that they are not
going to be victims of hacking attacks that you know we're only the hackers are only targeted the
huge businesses of the world because that's what we see in the news right we always see when a major
company has a hacking attack occur but we don't see a lot of times are the small to mid-sized
businesses when the truth is those are the low-hanging fruit because they usually don't see a lot of times are the small to mid-sized businesses when the truth is those are the low hanging fruit because they usually don't have the cyber security in place that they probably should
and they're much more willing to pay a ransom just to get their systems back online so it's
something that I think folks should think about if they you know initially believe that only big
businesses get hacked yeah so anyone that's, you can steal those two examples, but because stories sell,
right. But, but I think we need to find, we need to find our own and hopefully we can find them
and they're not our clients. We can, you know, just read the trade journals. You find tons of
examples and just use those examples. Cause I, I said this before, I said this maybe about a year
ago during the pandemic, when all the stats were coming about out about how hard everyone was getting hit with these. And I actually read that there were a
couple homeowners insurance companies that were thinking about adding personal cyber liability,
because these guys are now I say these guys, I'm assuming they're all disgusting men sitting in
basements somewhere, you know, I mean, they're doing all this hacking. I don't know. That's
just a visual I have. But like eating Doritos and like regular Coca Cola, like these, you know i mean they're doing all this hacking i don't know that's just a visual i have but like eating doritos and like regular coca-cola like these you know awful humans um and uh and and
and they're pinging like like home routers and then using those as as like proxies to then
blast out all this malicious content and that can you know if they can track it back to your
home router you can be brought in a lot and you know there's just all this crazy stuff and i and i said
like i i just put out a couple mess or did a video or something i just was like cyber there's a very
realistic possibility that in the in the near future cyber liability is as or more important
than general liability like if i had to think about you know, it's a cyber is a million times larger exposure than a slip trip and fall third
party bodily injury or property damage. I mean, that's general liability, right? And a stroke,
like, is there is, is it more likely that someone slips and falls on a property that I'm responsible
for? Or someone hacks into my system and steals their information or uses my system from ransomware or
whatever. Like it's just, but yeah, we won't, we don't think about it that way. We think,
ah, you know, I own a small agency, so I don't need it. You know, I own a small business and
it just couldn't be farther from the truth. Yeah. Well, Ryan, as, as everything gets more
connected to the internet and as people start using technology more, there's more potential
for things to get hacked.
If something is connected to the internet, it has the potential to be hacked.
And so everything that we are doing on a day-to-day basis is getting more and more technology driven.
So I don't think there is a more crucial coverage for the 21st century than cyber insurance.
So I think it's something that really, really needs to be top of mind.
And yeah, I mean, if there's any agents out there that have any questions on it, like
we have the luxury of being a specialist where we can go really deep on this,
not only in our coverage, but all the coverage that's floating out there in the market,
what's really working from a broker standpoint in terms of
making sure this hits, like you mentioned claims examples. We have like 75 industries,
all the major industries like laid out of, you know, their five major exposures in the claims
examples associated with that industry. So for example, someone needs claims examples on
restaurants or manufacturers or contractors, lawyers, we have claims examples on restaurants or manufacturers or contractors,
lawyers, we have claims examples aggregated. So the other, the other thing that I really
like that helps identify exposure is dark web scanning. Most people don't realize that they
have probably over a hundred accounts that they are, their information is in.
When you talk about being a member of LinkedIn, of Facebook, of Instagram, of, you know, your gym,
of your bank account, right? You have all these credentials. And what you don't realize is the
majority of these companies have had some sort of data breach at some point, right? And it's likely
that your email address and password
are associated with that data breach.
So on the first page of all of our quote proposals
is an automatic dark web scan that we do for everybody
associated with their domain name.
And it shows you the credentials
that are floating out there on the dark web right now
that are being bought and sold.
And if you haven't changed your password, some hacker out there, someone on the dark web could buy your information and try
to log into Wells Fargo or whatever it is. So the dark web is a scary place. And the fact that
people aren't actively changing their password, using password managers, practicing quality cyber
hygiene. That's just got to be, you know, multifactor authentication. That's just got to
be part of the normal day-to-day to make sure you're secure. And we have, you know, a list of
things that folks can do to secure their home office, to make sure they're taking the right
cybersecurity steps. In fact, Ryan, we have six free services, cybersecurity
services that we provide to all of our insureds for free if they want access to them for proactive
cybersecurity. Which password manager do you recommend? Like LastPass or? LastPass is my go-to.
Yeah. Yeah. I know. I got to get on the last pass train. I logging in and out of systems
is the biggest is like, that is like one of those nightmare things that we all deal with.
Carriers are the worst because they make you change your password. Like some of them it's
every two days, some of them it's never. And you're just like, Oh my God, I can't have no
more iterations. And I don't have the brain cycles to remember. And then everyone just goes last pass. And I'm like, God, I just got to sign up for it. But so, so you had said before
that cyber insurance is the only product that you offer at this time. What does that mean?
So I think that we've set up a really great network of insurance agents across the US. We've gone really, really deep when it comes to cyber. And I think if we can find another product that is a specialty quality product that our agents would, that would add value to our agents and would add value to their insureds.
Like a tech E&O or something like that?
Could be tech E&O, could be D&O, could be E&O, could be, you know, I know there's a really big
need right now for brokers that are working in the cannabis space because there's very few markets.
And there's lots of lines that could be associated with that. So we are actively exploring what could be the next product that would add value.
And I think we would only move on it if we felt it was, you know, a great product that
was comprehensive and that we know our distribution network.
Because I think we work with about 2,000 insurance agencies across the U.S. about 2000
offices so if it paired well with cyber and it was something that you know worked within our
business model to have our folks be able to communicate and explain and show our brokers why
it's relevant then I think that's something that we would want to bring on. One of the things that I think is a huge opportunity is tech, you know, and the reason I
think it's an opportunity, not necessarily for you guys, but just in general, is because it's very,
it has a very narrow bandwidth and what's considered tech, you know, today. And I feel
like that bandwidth is, I think it's,'s i think it's just i think the carriers that
are writing it um i think they're just a little behind in updating what a technology related
company is like you know when you look at some of the exposure when even look at some of the
exposures that rogue has right let's take my own business we have a lot of technology related errors
errors and um and omissions issues that we could have as as we build our own tech and we build our own
connections into different systems and what could happen there. And right now it's like,
do you develop an app? Yes. Okay. Techie, you know. What about websites that develop
functionality on those sites that are proprietary to their business. It's not actually an app that they're selling, but it's proprietary tech that is delivering a service inside a web portal or form or whatever.
Like, how does that, you know, you really have to search to find someone who will classify that
inside of a tech E&O. But when you dial into the policy forms, standard E&O isn't covering that.
And it's certainly not covered under a BOP so like maybe
media liability but that's a stretch I mean that's a big stretch to think that media liability is
going to cover that so I feel like there's a big gap in that market just because it I think it was
originally for like app developers you know I mean like that's really what it is is like they're
thinking like high functionality technology or technology that's running maybe a manufacturing plant maybe like something that's
driving it through a system but there's to me there's a much broader spectrum of tech exposures
that are seeping into businesses because because because today everyone is is bolting on their I
shouldn't say everyone a lot of businesses are bolting on their own technology solutions and products that maybe they're not selling to the market, but are being that's a big gap, I believe in the
current structure of, of BOP and errors and omissions, if you don't have that tech terminology
built in. So, you know, I don't say that's probably way more detailed than anyone really cares about,
but, you know, this is just something that I've seen with some of our clients is I'm like,
how do I cover this feature of their product delivery?
Right. They have this. That's pretty standard. This is pretty standard.
But what about this piece right here in the middle that connects these two things and does this that they built?
You know, well, it's the future because there's so many business functions that are reliant on technology. And if you have someone that makes a mistake in creating that,
it could be massively costly to that business.
So there's no doubt it's an option for the future.
And I also would love to just clarify,
because people always confuse cyber and tech E&O.
The reason why standalone cyber does not include tech E&O
is because there's a double trigger.
So for example, if I'm a hacker
and I'm looking to get into somebody's business,
I could potentially exploit an error that a programmer made in putting that software or
that program together. So therefore, it could trigger a tech E&O policy, could trigger cyber
policy. So that's why we don't include tech E&O in our form. And like you said in the beginning,
cyber policies in the past, a lot of times combine the two but at this point we're separating it out
because hacking attacks are so real and there's so much going on that combining the exposure of
the two on the one policy is too much yeah i agree with you i think they need to be i think
they could be sold as a package but the forms have to be separated yeah yeah i think that's the way it has to be i mean that's my personal opinion on how it should be sold as a package, but the forms have to be separated. Yeah. Yeah. I think that's the way
it has to be. I mean, that's my personal opinion on how it should be sold as separate forms,
but packaged together, mostly to make it understandable and easy for brokers and
customers insureds to understand what the hell they're purchasing. Cause you know, but if,
so if it came as a package, but, but was technically separate forms, I think that would
be an incredible way to deliver that,
especially if you had a, if you know, whether it was a broader industry, or just a broader sense
of what techie, you know, covered, I think there's a lot of opportunity there. It feels very narrow
to me, as one of the as a coverage. Yeah, yeah, totally. And I actually personally
live that space a bit, because my dad has specialized in insuring tech companies
in Silicon Valley. That was his niche as a producer and still is really tech, venture
capital and private equity. So I've seen him go through that process. And it's been a really
interesting market because I think tech is much harder to get now than it was five, 10 years ago. There's people pulling out.
And I think the underwriting is still being perfected in that space.
Well, it's what is tech?
You know what I mean?
Like that's, it's such an ethereal thing that I think, you know,
there are some very straightforward senses of what that is.
And then it gets, you know, the gray fringes
are very wide or, you know, there's a lot of breadth to the fringes, to what constitutes,
where does a tech, when is this just a standard E&O policy? And when is it a tech E&O policy?
When do you need neither? And what is the real trigger to the exposure? And when do you just need cyber coverage? Right? I mean, these are, these are real questions. I think
everyone outside of true specialists have, and even there, you know, I think you get confused
by what is a moving target in terms of underwriting guidelines and appetite and all that kind of stuff,
because no one can figure it out. And it doesn't help that every system is being tested a thousand times a
day by hackers. I mean, you want to run it. You want to get the shit scared out of you.
Launch a brand new website. Don't ever go to it. Just launch it and then watch the traffic,
right? Just watch the traffic. You'll have your bot traffic will be 200 500 hits within like a day or two yeah and
you're like it doesn't even exist it's just a there's nothing even there how are they fighting
because these freaking bots are just scanning the web all day long constantly and it's just wild and
people just don't realize this they don't they, they don't, they have no idea.
No, that's a great point. That's a great point for people to know how often hacking attacks are happening. I mean, even in our own industry, Ryan, when you look at the last few months,
AXA hacked, CNA, $40 million ransom, Arthur J. Gallagher, right? You couldn't get a quote from him. We
were getting brokers that were coming to us. They're like, hey, we usually go to Gallagher or
RPS to get our cyber quotes, but they just didn't have access, right? So man, and honestly, like the, a lot of insurance
agencies we work with have experienced hacking attacks themselves. So, you know, they, they,
at the end of the day, serve as great claims examples for clients and how real things are.
So, but it's the new world that we're living in. Yeah. So is there anything, um, coming down the
pipe in the cyberspace just in general that people should look out for? Is there any new coverages? Is there any talk in the cyber nerd forums of new things that we need to be prepared for they've thought about and that doesn't make them bad. But like, is there anything new that, that,
that we're going to see in the next 12 to 24 months that,
that we should be repaired for from a cyber respect?
Well, from a coverage standpoint,
one thing I'm excited that we recently introduced in our,
into our forum is a cyber coverage for senior executive officers,
personal funds, because a lot of times we see
the CEO or the CFO or, you know, the principal or somebody that's high up get targeted specifically
by hackers. And a lot of times you'll see these C-level folks, really anybody at a company doing their personal banking at work, going to
wellsfargo.com. You mentioned key logging malware. If someone puts that on your computer,
they just get your username and password to your Bank of America bank account.
They can transfer funds out. So that's specifically covered within our form. Another crazy thing is in the last year or
so, there was the first death associated with a cyber attack. It was a Sherman hospital, I believe
they got hit by a ransomware attack. The technology was down so they couldn't admit patients.
So something something happened, there was an accident that happened or someone needed medical
urgent medical care. They were not able to be admitted to this hospital. And unfortunately, they ended up passing
away. So that is another form of coverage. So bodily injury coverage associated with hacking
attacks is something that we have built into our form recently. And I think when you look at the
future, you know, you can talk about more comprehensive bodily injury coverage.
You can talk about property damage.
You know, when you talk about someone hacking into a Tesla or something like that, that's a really interesting space.
But like I said in the beginning, if something's connected to the Internet, it can be hacked.
So, you know, when you talk about your thermostat being connected to the Internet, you know, when you talk about like, like, you know, your smart home, whether it's your smart refrigerator, your smart range, your smart washer dryer, your smart locks.
Right. Those all could be the initiation of significant financial loss if they're hacked. So it's, there's significant
potential for the market to grow. And that's, that's one of the reasons in the beginning why
we named the company Evolve because we knew that the, not only would the hacking attacks change,
but the coverage would change along with it. So it's funny we we have enjoyed the name evolve just because when we go to
cyber conferences and cyber events it's just free marketing because everyone's saying
evolve evolve evolve as things change yeah yeah that's wild it is it is pretty you just think
about you know you just think about everything that's connected as it gets more connected you know obviously good cyber security is always a good first line of defense but like
always if you don't have a good insurance policy there's no one showing up after that you know i
had some guy say to me one time i have a cyber i have the cyber security from the house man said
okay great well but they do they offer you cyber insurance he's like no i'll just sue them if something goes
wrong and i'm like that is a wild way like that's a wild mindset like versus i mean i'm telling you
the policy that i quoted him was like 1400 bucks like this wasn't like some big huge policy like
yes it's the mentality of i'd rather have nothing because it was whatever whatever reason and i'll just sue my cyber security company i'm like
one how do you know you win they probably they're probably doing most things right
two like what the what like this is the mentality i just yeah and if it's a legitimate cyber security
or it company they probably have a contract in place that spells out what happens if there's
something that they don't catch but yeah that that wild. And the other thing I want to reiterate about cyber policies is they
give you access to forensics firms, to PR firms, to folks that literally have ransomware negotiators
on their team. Like that is a forensics firm associated with our cyber policy. They have ransomware war rooms where they're going to be acting on the insurance behalf.
And not only are they going to be figuring out, cause it's extremely expensive to have
the forensics firms come. Like if you were just not have a cyber policy to get the forensics
firms to come in, figure out what's in your system, figure out what happened, figure out how to get it back to normal, repair it if need be. And then, oh, wait, you just lost
5,000 people's information. Now we need to bring in a legal firm to figure out what you need to do
because you just lost all their data. It's been exposed. And now you need to notify. You need to
figure out what regulations you need to comply with. And then, you know what? Now we've been down for four days.
And how much revenue have we lost per day?
What's the business interruption costs associated with that, right?
And then if there's an extortion itself, do we have to pay that?
Do we not, right?
Like we saw in the colonial pipeline attack,
I believe it was negotiated down from 10 million
and they ended up paying 5 million on that ransom.
But a lot of times these ransomware hackers literally have call centers.
It's a business where they're like, okay, you know, they're communicating with the forensics firms.
The forensics firms are like the ransomware negotiators come in and talk about, you know, this is how it typically works.
This is what you need to be prepared for. And kind of talking about the major you know, whatever, lunch, walk out the door like, bye, honey.
You know, have a nice day.
And like you show up to like hackers, you know, whatever.
And like that's what you do today.
Like today I'm going to send out like 10 million emails hopefully
one of them will hook someone and then i'm gonna start talking to them on the phone and negotiating
you know their ransom and that's and you come home and like how's your day well i got like
i got 25 000 out of this business in maine and you know i mean like right i mean that's
it's just crazy that's like what their day is, it's just crazy. That's like what their day is like. It's just like,
and then, you know, you throw a big like champagne party on the pipeline one or whatever, you know,
it's, yeah, it's, it's wild. And frankly, you don't even have technical expertise. Like, you know, a lot of people have that image of that hacker in the basement, you know, eating chips,
but you can literally buy ransomware on the dark web and then you just get a bunch of
email addresses and send it out to them like that that's how simple it is so it's not as complex as
people might think that's actually would be a good sass company like you take like five percent of
all your ransomware hits and you just sell ransomware as a service.
And, you know, you just sell it to hackers.
They put the emails through and you get 5% to 10% of whatever ransomware they get.
Right.
We've seen that.
We've seen that exact thing.
There's literally taking commissions from the software that they are, the malware that they are putting out there on the
dark web yeah so uh well hey everybody's got to make a buck you know but it's our job to make
sure that buck doesn't come from our clients or easily if it does we can uh we can get it back so
yeah dude i i appreciate you spending this time i'm a big fan of what you're doing um where can
people learn one more about
Evolve and two about the conference that you're putting on if they're super interested in cyber
and up in their cyber game? Yeah. So to learn more about Evolve, you can go to evolvemga.com.
And we work with retail brokers across the US. And if someone's looking to get a quote or get appointed,
if you just go to our website,
evolvemga.com and click the get a quote,
you fill out your insurance information,
the agency's information,
we can get folks appointed.
The other area is going to underwriting
at evolvemga.com,
emailing underwriting at evolvemga.com
with anything they would like,
any questions that they have,
we're happy to act as an educational resource and then i'd say for the upcoming sales academy i'm super excited about it it's going to be the first week of november november 2nd and 3rd
and it's going to be in dallas just a couple highlights but we're going to have
the whole purpose of the
conference is any agent that attends, they should be able to leave that conference being able to
explain cyber exposure and quality cyber coverage to any one of their clients in under two minutes.
And we're going to have the best of the best in the industry from forensic professionals to Frank
Abagnale from Catch Me If You Can to,
you know, one of the number one cyber producers at Hub to talk about his sales process.
And then you're going to have access to all of our underwriting team to ask them questions. And so,
and I think at the end, we're going to give our like kind of like sales playbook for cyber
to anyone that attends. So I'm very excited,
especially because it's really our first conference coming out of COVID as well. So it's going to be
great to see people face to face. Yeah, that's awesome. Where can people get more info on that?
Is it on the website as well? Or where do they sign up if they're interested? You know, we are
creating a webpage for people to register. It is not up and official yet. So if there are folks
that are interested, just emailing underwriting at evolvemj.com saying I'm interested in attending
the Cyber Sales Academy. We're probably going to reserve it to about a hundred seats. So I know we
have a lot of folks in Texas alone, a lot of folks that attended our last one in Chicago. So the seats will fill up quick,
but emailing underwriting and evolvemj.com is the best way for us to make
sure people get reserved.
Awesome, man. Well, Hey, I appreciate you.
I appreciate you coming on the show and sharing.
And I've been following you guys for a while.
We're an appointed evolve MGA.
And as we start to have more policies roll in, you guys are,
you guys are in the mix and we look forward to writing more business with you.
And hopefully some of the listeners here, we'll, we'll get on the train too.
You know, and just speaking to the agents before we sign off guys, I mean,
I've said this a bunch on the show dropped a lot.
I wanted to do this episode specifically because cyber is one,
it's a great way to add more value to your customers.
It's a great way to put money into your bottom line, but you are providing, I mean,
this is really what we do is getting out ahead
of these things and getting coverage in our clients' hands.
And I just, to me, cyber is an absolute no brainer.
Like we have to get this in our clients' hands
for commercial clients.
So appreciate you, man.
Of course, Ryan.
Thank you so much for having me on.
I love what you're doing and love the energy, love the entrepreneurial spirit. So if there's anything you ever need, anytime, man.
Thank you. Close twice as many deals by this time next week.
Sound impossible? It's not.
With the OneCall Close system, you'll stop chasing leads and start closing deals in one call.
This is the exact method we use to close 1,200 clients in under three years during the pandemic.
No fluff, no endless follow-ups, just results fast.
Based in behavioral psychology and battle-tested,
the one-call closed system eliminates excuses and gets the prospect saying yes
more than you ever thought possible.
If you're ready to stop losing opportunities and start winning,
visit masteroftheclosed.com.
That's masteroftheclosed.com.
Do it today.