For our last personal story of National Cybersecurity Awareness Month we’re speaking with Killian Brady, Resilience’s Vice President of Insurance, who reminds us that it always comes down to people, process, and technology (people first!).
What brought you to cybersecurity/cyber insurance?
I studied political science in college and had plans to go to law school but wanted to get some real-life work experience first. Insurance seemed like an amazing opportunity because it presented a chance to work at the intersection of law and business and would give me a good foundation on which to start a career in either field.
Specializing in cyber insurance and the technology side of insurance meant that I was able to focus on how underwriting is tasked with navigating emerging trends and never-before seen risks. When I started out as an underwriter, cyber insurance was positioned as a subset of professional liability. It was really considered a niche product and we were focused on raising awareness of cyber and helping companies understand what the risk could look like. But as cyber events have gotten more coverage in the press and organizations have seen the impact of cyber risk, it has certainly evolved. It’s been a really interesting field to work in.
What do you enjoy about working in cybersecurity/cyber insurance?
As I mentioned, cyber insurance has evolved quite a bit while I’ve been involved in the field. The challenges that organizations face have changed drastically. We, as an industry, have been able to manage or mitigate some of those challenges, but we’re always faced with new threats and tasked with developing new solutions for our customers.
Here at Resilience, we’re focused on combining security and insurance in an effective solution to help with the overall risk problem. While we’ve been focused on the core problem of exposure, there needs to be a more collaborative approach between the two sides of the world to truly move us forward. Working on innovative solutions and a team approach is what keeps me passionate about cyber insurance and helping organizations keep their data and networks secure.
What advice do you have for companies out there who are overwhelmed by the idea of cybersecurity but know they need to do something to start protecting themselves and their data?
It’s easy to be overwhelmed or confused by the idea of cybersecurity. There will always be reports out there that paint a really scary picture of the threat landscape and a crowded marketplace of solutions that offer no silver bullet.
Before you start spending money or making decisions for your organization, consider what cyber risk means to you specifically. Think about your business model and the risk vectors that align with your business model specifically. Certain events will have a larger impact for your industry and your business model. Prioritize those events first when building your strategy. Develop a process that helps you set protocols to address these threat vectors, re-evaluate regularly, and work the risks to avoid paralysis.
Why do you think promoting awareness of cybersecurity is important?
Raising awareness of cybersecurity, cyber risks, and cyber insurance is paramount because helping folks understand how they can protect their own data, as well as company data, helps to better prevent issues related to security. When you think about cyber risk, it always comes down to people, process, and technology. People come first in that order because we all play a role in cybersecurity—there’s always a human element to threats and breaches. Awareness can help prevent both and lessen their impact.