Let’s be honest for a second. When you think of an insurance professional, what comes to mind? Maybe a friendly agent in a polo shirt, or a sharp-suited underwriter crunching numbers. You probably don't picture a former ethical hacker or a network security engineer, right?
Well, that’s changing. And it has to.
The world of cybercrime is exploding. Just last year, ransomware attacks shot up by a staggering 32% worldwide. We’re talking about a projected $10.5 trillion price tag for cybercrime. It’s a number so big it’s hard to even wrap your head around.
As Siobhan O’Brien, the global head of cyber at MSIG USA, puts it, “We’re living in a very technology-driven world, and therefore, every company has some type of cyber exposure. No matter whether you’re one of the largest billion-dollar companies or you’re a small mom-and-pop, you have a cyber exposure.”
Because of this, cyber insurance has gone from a "nice-to-have" to an absolute necessity. But here’s the catch, and it’s a big one: the demand for real cybersecurity expertise is completely outpacing the supply. Patrick Thielen from Liberty Mutual nailed it when he said the demand “certainly outweighs the supply.”
So, what does that mean for you and your business? It means the future of cyber insurance—and how well it actually protects you—depends entirely on the people behind the policy.
It’s More Than Just a Policy, It’s a Partnership
Think of it this way: a traditional insurance policy is like a fire extinguisher. It’s a fantastic tool to have, but you only really use it after the fire has started. Modern cyber insurance can't work that way. It needs to be more like a fire marshal who helps you install smoke detectors, create an escape plan, and remove fire hazards before anything bad happens.
To do that, you need people who have actually been in the digital trenches.
“As far as cybersecurity goes, there is a ton of talent out there, and it’s really more about how do we get those individuals into the insurance industry?” asks Jamie Schibuk, an EVP at Arch Insurance. It’s a great question. You can’t build a top-tier cyber offering without the right minds behind it.
A good cyber policy today is a living, breathing thing. It comes with a team that can help you get your digital house in order. John Butler, a cyber product leader at Nationwide’s E-Risk, says it perfectly: “We want to be able to partner and be able to provide risk management solutions to the policyholder.”
This isn’t just about cutting a check if you get breached. It’s about giving you access to experts who can help you develop an incident response plan or strengthen your company’s overall cyber resilience. It’s proactive, not just reactive.
And that means hiring a completely different kind of professional. “We need security engineers, people who are ultra familiar and have a depth of understanding of software, various hardware components and things our insureds might be using,” explains Dan Law, head of cyber practice at HSB. You need a team built from a dozen different tech disciplines to really tackle today’s risks.
So, Where Do We Find These Cyber Whizzes?
If the talent pool isn't in the traditional insurance world, where do you look? Smart insurance companies are realizing they need to fish in different ponds.
1. Hire Tech Experts and Teach Them Insurance
One of the most effective strategies is to bring in people who already have a deep security background and then teach them the insurance side of the business.
“We definitely want to bring in people with more of that traditional security background,” Schibuk says. This creates an amazing opportunity for everyone to learn from each other. At Arch, she explains, they run weekly training sessions that bring together everyone—underwriters, risk engineers, claims folks, and product developers. It gets everyone speaking the same language and understanding the full picture.
2. Grow Your Own Talent from the Ground Up
The other approach is to get in on the ground floor and cultivate talent early. You can't just wait for experts to appear; you have to help create them.
Siobhan O’Brien from MSIG USA shared a brilliant example from the UK: apprenticeships. “This helps them to join the industry at an entry level, by gaining valuable hands-on experience while they also gain a qualification,” she says. It’s a fantastic way to open doors for young adults who might not go the traditional university route.
Here in the U.S., her team focuses on internships. They bring in university students and give them a real taste of the industry. “We introduce them to, what is insurance? What is cyber insurance? What could it look like as a potential career for them?” It’s about planting a seed and showing the next generation that insurance can be a dynamic, tech-focused career.
How to Keep the Best People from Walking Out the Door
Okay, so you’ve managed to hire some incredible cyber talent. Now for the hard part: keeping them.
Tech experts are driven by learning and solving complex problems. If you want them to stick around, you have to invest in them. Continuous, on-the-job training is non-negotiable.
“It’s about always having the sense that you’re learning,” O’Brien notes. “We all want to continue to round out our capabilities.”
This also means supporting them in getting professional designations, like the Associate in Cyber Risk Management or the Certified Cyber Insurance Specialist. It shows you’re serious about their growth.
But ultimately, it comes down to opportunity. The world of cyber is constantly changing, and that’s what makes it exciting. Patrick Thielen from Liberty Mutual sums up the appeal perfectly.
“Anytime you have a rapidly growing industry, there’s going to be a huge demand for talent, and there’s going to be new pockets of opportunity continuously opening,” he says.
Think about it. You get to work in a rapidly innovating space that’s also incredibly stable. As Thielen points out, insurance is economically resilient. People always need it. What a combination for a career: incredible stability, constant challenges, and the chance to always be learning something new.
So next time you review your cyber insurance policy, don't just look at the coverage limits. Ask about the team behind it. Because in the fight against cybercrime, the policy is only as good as the people who have your back.
