I’m thrilled to sit down with Simon Glairy, a trailblazer in the insurance and Insurtech space, whose expertise in risk management and AI-driven risk assessment has shaped innovative approaches in the industry. Today, we’re diving into the evolving world of cyber risk analytics, focusing on groundbreaking tools that are transforming how reinsurance brokers assess and manage cyber portfolios. Our conversation explores the adoption of cutting-edge technology, the importance of data-driven insights, and the future of transparency in the cyber risk market. Simon shares his unique perspective on how these advancements are reshaping strategic decision-making and client advisory in an increasingly complex landscape.
Can you tell us what sparked the interest in adopting a pioneering tool like Exposure Manager (XM) for cyber risk assessment at a reinsurance brokerage?
Absolutely, Abigail. The cyber risk market has been a challenging space for quite some time, with threats evolving faster than traditional tools can keep up. We saw a real need for something that could give us deeper, more actionable insights into portfolio risks. XM caught our attention because it promised a level of clarity we hadn’t seen before. It wasn’t just about identifying risks but understanding them at a granular level and translating that into strategic decisions. Honestly, the potential to lead the market with this kind of innovation was a huge motivator for us.
What specific gaps or frustrations in the cyber risk landscape made a tool like XM so appealing to your team?
One of the biggest frustrations has been the lack of transparency in cyber portfolios. Before XM, we often dealt with fragmented data or overly broad assessments that didn’t tell the full story. Cyber risks are so nuanced—think ransomware, data breaches, or supply chain vulnerabilities—that a one-size-fits-all approach just doesn’t cut it. XM appealed to us because it digs into the specifics, helping us pinpoint vulnerabilities and assess the overall health of a portfolio with precision. It’s like going from a blurry snapshot to a high-definition image.
How does XM stand out compared to the traditional methods or tools you’ve relied on in the past for evaluating cyber portfolio risks?
Traditional methods often leaned heavily on qualitative assessments or historical data that couldn’t keep pace with today’s threats. We’d use broad models that gave us a general sense of risk but lacked depth. XM flips that on its head with a data-driven, quantitative approach. It aggregates detailed metrics from individual risks and rolls them up into portfolio-level insights. That shift alone has been a game-changer—it’s not just about guessing where the problems might be; it’s about knowing with confidence.
Can you share an example of a limitation in older approaches that XM has helped your team overcome?
Sure. One major limitation with older approaches was the inability to benchmark client portfolios against market standards effectively. We’d often have to rely on gut instinct or incomplete data to advise clients on their risk posture. With XM, we can now compare specific elements of a portfolio—like exposure to certain types of cyber threats—against industry benchmarks in real time. For instance, we recently identified a client with unusually high exposure to phishing-related risks compared to peers, which allowed us to recommend targeted mitigation strategies before it became a bigger issue.
There’s been talk of ‘cyber hygiene’ when discussing XM’s capabilities. Can you explain what that term means in the context of managing client portfolios?
Cyber hygiene, in this sense, refers to the fundamental practices and controls that organizations have in place to protect against cyber threats. Think of it as the digital equivalent of washing your hands to prevent illness—it’s about the basics like strong passwords, regular software updates, employee training, and robust firewalls. When we talk about portfolios, we’re looking at how well the companies within that portfolio maintain these practices collectively. Poor cyber hygiene in even a few entities can drag down the overall risk profile, and that’s something we’re now able to analyze in detail with XM.
How does XM help uncover hidden vulnerabilities or blind spots related to cyber hygiene in a client’s portfolio?
XM pulls in vast amounts of data and uses analytics to highlight areas where cyber hygiene might be lacking across a portfolio. For example, it can flag if a significant number of companies within a portfolio are running outdated software or have weak authentication protocols. These are often blind spots because they’re not immediately obvious without deep diving into each entity. XM automates that process, giving us a clear picture of where the weak links are so we can address them proactively. It’s like having a diagnostic tool that spots issues before they turn into full-blown problems.
In what ways does XM enhance your ability to advise clients and position them more effectively during reinsurance transactions?
XM gives us a unified, detailed view of a client’s portfolio, which is incredibly powerful during transactions. We can benchmark their risk profile against market standards and provide concrete data to back up our recommendations. This means we’re not just saying, ‘Your portfolio looks risky.’ We’re showing exactly why and offering actionable steps to improve. It builds trust with clients and reinsurers alike because our advice is rooted in hard numbers. Ultimately, it helps position clients as more attractive partners in transactions by demonstrating control over their cyber exposures.
Can you walk us through a real-world scenario where XM’s insights might have a tangible impact on a reinsurance deal?
Let’s say we’re working with a client who wants to secure reinsurance for their cyber portfolio. Without XM, we might present a general overview of their risks based on past claims or industry trends. But with XM, we can drill down and show that, for instance, 15% of their portfolio has high exposure to ransomware due to specific hygiene issues. We can then work with them to address those vulnerabilities before the transaction, or at least price the risk accurately. This level of detail reassures reinsurers that we’ve done our homework, often leading to better terms for our client. It’s a win-win.
XM is described as bringing a quantitative approach to cyber risk quality. Can you break down what that means for someone who might not be familiar with the concept?
Of course. A quantitative approach means we’re using numbers and measurable data to evaluate the quality of cyber risk in a portfolio, rather than relying on subjective opinions or rough estimates. With XM, we’re looking at specific metrics—like the frequency of certain vulnerabilities or the financial impact of potential breaches—and using those to build a clear picture of risk. It’s about turning something as complex as cyber threats into concrete figures that we can analyze and act on. For someone outside the industry, it’s like using a thermometer to measure a fever instead of just feeling someone’s forehead.
What do you see as the biggest advantage of this numbers-driven approach when it comes to making decisions in the reinsurance space?
The biggest advantage is confidence. When decisions are backed by solid data, there’s less guesswork involved. For reinsurers and insurers, this means we can underwrite policies with a clearer understanding of the risks we’re taking on. It also helps in setting premiums that are fair and reflective of the actual exposure, rather than being overly conservative or speculative. Over time, this kind of precision fosters a more stable and sustainable cyber insurance market, which benefits everyone involved.
Looking ahead, what is your forecast for the role of tools like XM in shaping the future of cyber risk management?
I believe tools like XM are just the beginning of a major shift in how we manage cyber risk. As cyber threats continue to grow in sophistication, the demand for data-driven, transparent solutions will only increase. I foresee these tools becoming standard in the industry, not just for brokers like us, but for insurers, reinsurers, and even regulators. They’ll likely evolve to integrate even more real-time data, perhaps incorporating AI to predict emerging threats before they hit. My forecast is that within the next five to ten years, managing cyber risk without a tool like XM will be seen as outdated, almost like trying to navigate without a map in today’s world.
