Cyber Education at Its Best
A preview of Claims College’s School of Cyber Claims
By Eric Gilkey
CLM’s Claims College is back in session beginning on Sept. 4, 2019, in Baltimore. With 10 schools spanning most business lines and education areas—seven of which require three years of attendance to earn the Certified Claims Professional (CCP) designation—Claims College continues to push its higher education goals. This month, we spoke with Dean Beth Fitch to find out what students can expect from this year’s School of Cyber Claims.
Cyber claims is an evolving area. How does this affect the development of the School’s curriculum across all three levels?
The three-year curriculum very much like peeling layers of the onion. Level One is designed to be an introduction to the basics, providing students with a strong foundational understanding of data privacy and cyber security. The Level Two curriculum evolves every year to reflect emerging trends. Unlike many other types of claims, cyber risks and exposures are rapidly evolving and changing because of the ever-growing sophistication of threat actors and their exploit tactics. Therefore, it’s important that Level Two adapts to the changing nature of the risk. Level Three is more focused on a practicum supported by current scenarios, which are updated every year. The faculty includes technical vendors who provide live demonstrations. Again, this means Level Three looks very different every year because cyber exploits and risks are always evolving.
What kinds of scenarios are we talking about?
Technical vendors bring in laptops and actually demonstrate how easy it is to hack them and show the various methods for doing so. It’s an eye-opening, 90-minute demonstration of how hackers act and behave and what they do and how easy it is. It’s especially relevant with the Russian-based hacking group Ryuk. This group is very active right now, shutting down municipalities and extorting what is probably billions of dollars at this point.
Another interesting scenario that we’ll be discussing is what are the far-reaching implications when a cloud service provider is attacked and the different types of first- and third-party claims and the layers of coverage that can come into play when this happens.
What are you hoping your students will learn this year?
We are hoping that the students will be provided with the education and tools to critically think through cyber risks and coverages and make good decisions in highly pressurized and time-sensitive contexts. One of the things that is unusual and unique to cyber claims is that, very often, claims decisions need to be made as part of crisis management. When faced with cyber breaches or ransomware attacks, most insureds are panicking and in crisis. Those insureds in turn expect their insurers to provide immediate assistance. Most carriers that underwrite cyber risks have an emergency response team available because they recognize the importance of responsiveness to mitigate potential financial harm to their insureds. The school is designed with this in mind so that once students graduate, they will be well equipped to handle claims in an emergency.
Toward that end, we will teach the students how to be good crisis managers—that’s why the Level Three practicum is so important. We’re going to provide students with the foundational data, but we really want them to leave knowing how to think and act creatively in a crisis in order to help the insured make good decisions and mitigate financial harm.