If you’re seeking a stronger, simpler way to secure cyber insurance, don’t miss this opportunity to learn from the experts. Join us for this conversation to learn how the HITRUST Shared Risk Facility empowers organizations with: streamlined coverage application, shorter underwriting timelines, and consistent renewals and competitive premiums.
The HITRUST CyberInsurance Webinar unveiled an innovative approach to acquiring cyber insurance, highlighting a streamlined process designed to benefit organizations of all sizes and sectors. Gathering insights from industry leaders including Sean Martin, Josh Ladeau, Sidney Prasse, Robert Booker, and Blake Sutherland, the discussion centered around the HITRUST Shared Risk Facility and its value proposition for organizations seeking robust cyber insurance coverage.
Josh Ladeau, CEO of Trium, emphasized the importance of reducing volatility in the insurance market. He pointed out the challenges organizations face with traditional insurance processes, including cumbersome questionnaires and inconsistent underwriting requirements. By leveraging HITRUST certifications, the Shared Risk Facility offers a consistent, transparent, and efficient pathway for obtaining coverage, ensuring organizations can focus more on their core operations rather than administrative burdens.
Sidney Prasse, a cyber specialist at McGill and Partners, highlighted the comprehensive nature of HITRUST certifications, which provide a high level of assurance and a robust framework for organizations. Prasse elaborated on the return on investment (ROI) that organizations gain from this streamlined approach, not only in terms of competitive premiums but also through time and resource efficiencies.
Robert Booker, Chief Strategy Officer at HITRUST, elaborated on the rigorous processes involved in HITRUST certifications. He explained that these certifications require organizations to demonstrate their security maturity comprehensively, which in turn provides insurers with verified, reliable data. This reliability and transparency in security posture are critical, as they enhance the trust between insurers and insureds, making the underwriting process smoother and more accurate.
Blake Sutherland, EVP of Market Engagement at HITRUST, emphasized the importance of proactive engagement between IT security teams and finance or risk management teams within organizations. He noted that the HITRUST approach helps bridge gaps between these departments, ensuring a unified and effective strategy towards obtaining and maintaining cyber insurance coverage.
The webinar underscored that the HITRUST Shared Risk Facility is not just about easier and more efficient insurance processes; it also represents a strategic advantage in the market. Organizations that are HITRUST certified can differentiate themselves, demonstrating a high level of security and compliance that can be pivotal in securing business contracts. This differentiation is particularly crucial as businesses increasingly rely on third-party attestation to verify their security measures.
Ultimately, the HITRUST CyberInsurance Webinar showcased how strategic partnerships and innovative approaches can transform the traditional cyber insurance landscape, providing organizations with the tools they need to effectively manage risk and achieve better overall security.
Learn more about HITRUST: https://itspm.ag/itsphitweb
Note: This story contains promotional content. Learn more.
Guests:
Blake Sutherland, EVP Market Adoption, HITRUST [@HITRUST]
On LinkedIn | https://www.linkedin.com/in/blake-sutherland-38854a/
Robert Booker, Chief Strategy Officer, HITRUST [@HITRUST]
On LinkedIn | https://www.linkedin.com/in/robertbooker/
Sidney Prasse, Partner, McGill & Partners
On LinkedIn | https://www.linkedin.com/in/sidney-prasse-297894aa/
Josh Ladeau, CEO, Trium Cyber
Resources
Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships (Session): https://hitrustalliance.net/webinars/cyber-insurance
Learn more and catch more stories from HITRUST: https://www.itspmagazine.com/directory/hitrust
View all of our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texas
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Enhancing Cyber Insurance with HITRUST: Streamlining Coverage through Strategic Partnerships | A Brand Story Conversation From HITRUST Collaborate 2024 | A HITRUST Brand Story with Robert Booker, Blake Sutherland, Sidney Prasse, Josh Ladeau
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] I'm thrilled to be joined by an esteemed panel who have put together a pretty powerful and impactful solution to help organizations, um, acquire cyber insurance in a meaningful way, not just for the business, but for the larger community. So I'd like to welcome Josh, Sydney, Robert, and Blake. To the, uh, to the conversation.
Thank you all for joining. Thank you, Sean. Thank you. And I'm going to do a quick round of introductions. If you can all, uh, just state who you are and your role with the organization you represent today, and, uh, then we'll get into the conversation. Uh, Sydney, we'll start with you.
Sidney Prasse: Hi everyone. Thanks for being here.
I'm Sydney Perasi with McGill and Partners. We are a boutique insurance broker. I specialize on the cyber side of the house. I'm thrilled to be here and chat with you guys about this amazing product that we can't wait to see you guys utilize. [00:01:00]
Sean Martin: Josh, you're up.
Josh Ladeau: Josh Ledua, I'm CEO for Trium. Uh, very excited to, uh, put together the HITRUST shared risk facility and, uh, talk a little bit more about that today.
Thank you.
Robert Booker: Robert. Hi, everyone. Robert Booker. I'm the chief strategy officer of HITRUST and a person who has lived in the space of obtaining cyber insurance with a large company for quite some time. Glad to be with you all.
Sean Martin: I'm
Robert Booker: sure you had an easy, smooth
Sean Martin: process, Robert. Easy and smooth. Said nobody.
Exactly. And Blake.
Blake Sutherland: Yes. Blake Sutherland, EVP of Market Engagement, which is inclusive of customer success. And of course our partner ecosystem,
Sean Martin: which is a fantastic ecosystem. I've had the chance to Speaking with all of you individually and, uh, and this, it's great to have us all together now to, uh, to have this conversation where everybody can hear it and, uh, and hopefully grab a few nuggets to help them with their processes.
Um, I've been following the [00:02:00] space for a while, well, well over a decade. I've written on it, uh, Back in the day, I've seen a lot of growth and change, um, in terms of how we look at the space, how we understand it and how, how it's matured both from, uh, offering products and then acquiring products. I'd like to get each of your perspectives on kind of the current state of cyber insurance and how it affects, uh, what we do with our businesses.
So I'm going to kick it over to, uh, to Sydney to start and then each of you can kind of chime in.
Sidney Prasse: Thanks, John. Yes, I think it's really important to kind of touch on at a high level where we are in the cyber insurance marketplace. Um, as you guys all may know, um, it is a newer line of coverage. Um, cyber has not been around all that long when we compare it to traditional.
Property and casualty lines of coverage. So it's a very cyclical market as technology has completely expanded in the [00:03:00] last, what, 30, 30 years or so. We've seen new risks come about and that is really what this. Insurance coverage is, is created to defend against. Um, I wanted to give Josh also a little bit of time to talk on this too, because he's lived in the space for a very long time as well, and seen the different types of cyclical renewal cycles and where the market stands currently.
So I'll, I'll ask his opinion too on it.
Josh Ladeau: Appreciate it, Sydney. Yeah. Quick thoughts on it. I guess if I had to sum it up in a word would be volatile. Um, and the reality is right. It is an industry. We we base our sort of pricing and approach to risk on data. And the reality is This is a space that despite the fact we've maybe now been around in its current form about 15 years, uh, the data behind everything that we do is really changing rapidly.
The nature of networks, the nature of computing, moving from on prem to cloud, uh, and just, you know, host of new [00:04:00] technologies, either technology solve or security technologies. How's our layer? So everything has changed sort of dramatically in terms of the underlying data and what we would typically used to price ourselves.
And so what you have is a mix of the insurance industry being very hungry for growth and excited about the line of business. Uh, and that's on Monday. And then on Tuesday, it is an industry that is terrified of the risk, and it is a is a very tough sort of systemic aggregate exposure, as well as the individual risk.
So that creates that volatility we were talking about. Uh, and obviously what we're trying to do here is reduce or eliminate if possible, that volatility, um, with more thoughtful underwriting and approach.
Sean Martin: And Blake or Robert, then I don't know if you can touch on this, but I've heard a few times that.
Early days, the products were offered. It was relatively easy to acquire coverage. Um, and then we saw some, a number of claims, a lot of ransomware claims, uh, perhaps as well, that's changed [00:05:00] how everybody looks at this, which now has shifted to what I've seen and heard is difficult to actually get coverage.
And if you do get coverage, oftentimes the limits on it are, are stringent and the. The costs are high. I don't, does that match what you are seeing and hearing as you speak? Yeah,
Robert Booker: I can start Blake. I think, I think, uh, I love Josh's use of the word volatile because I think that's a really good descriptor of it.
Uh, as a consumer of these products, uh, I would describe it as very confusing. And what I mean by that is that every, every year, every renewal cycle has been, uh, I think almost universally for some period of time now has been a, a. Slightly different to a very different process, uh, uh, lack of clarity on whether or not coverage, uh, would be readily available, uh, whether or not coverage would be easy or hard to achieve and to your larger point, uh, [00:06:00] about, you know, is the coverage easy to obtain?
Well, then the question would always become is the coverage. Likely to give me the protections I want. And I really think in working with, uh, with Josh and with Sydney, what I can appreciate so much now is the complexity of the insurance industry has in wanting to do this with quality and distinction, make sure that they're, you know, providing the right products for the right companies at the right time.
And I think, I think actually it's really a kind of a shared responsibility between the industry and between those of us that consume such products to, and help people, you know, demonstrate their cyber maturity to, you know. Find a way to work through that volatility and that confusion that exists in the market.
So, um, each year it's different. Uh, I think if we can make it consistent, we've done a great service to the industry.
Blake Sutherland: The only thing I'd add to volatile is unpredictable for our community from process to coverage to premium. It seems to change every year.
Sean Martin: And on those, [00:07:00] uh, points there, and then more, uh, specifically to what you spoke to, Robert, is the shared responsibility that I can recall this being a topic of how do we come together to not just submit questionnaires and hopefully get coverage, but actually understand what's going on.
What the coverage looks like. What the risk posture actually looks like. Do we do we have a better, more secure business because of the collaboration we have with brokers and providers of coverage? And so I want to talk to point. And this is not Yeah. Anything new for HITRUST. I've heard this from HITRUST for a number of years as well.
To me, it seems like all about timing, right? So the the right timing for this group to come together, the right timing for the data to be available, the right timing for a better understanding, and the need to collaborate. So, I don't know, maybe Robert, can you kind of speak to the evolution of of this from the HITRUST perspective, and then we can [00:08:00] pass it to Sidney and Josh for their role in bringing this together.
Robert Booker: Yeah, I, certainly Sean, I think, um, so we've had, we've had an appetite for quite some time, even before me joining HITRUST as a, as an employee. I was on the board of HITRUST, and we've recognized for a long time that organizations invest significantly in proving their security maturity using Using high trust assurances and the, um, the high trust CSF.
And we've, we've known, it's suspected that that would be a great tool for the end of insurance industry to use, to understand how organizations are performing, you know, are their programs mature? Are they, are they consistent? And do they have a high level of transparency and integrity? And, um, You know, we've been looking for the right partners in the right engagement for quite some time.
And I think, you know, what we are are so delighted about is the, um, to find progressive leaders in the cyber insurance side of the business to say, you know, this is something the insurance industry wants to do better and will do better at. And, you know, eliminating that complication and that duplication that [00:09:00] exists between organizations having an insurance program and organizations having an Insurance program and finding that those are very different pathways to different forms of risk management.
So I think by bringing this together and taking, taking the assurances that we collect and we measure and we issue alongside the need for insurance to have very solid understanding of risk and having good objective data, you know, if we could find a way to bring those paths together, I think we create something really, really very amazing for the market.
And I, uh, I would argue that I think we have done that. And I think it's a really compelling need that we can solve for the industry.
Sean Martin: Yeah. And for me, and maybe Josh can jump in here, but this is the ultimate in risk management where I see, I see this group coming together to be super innovative, changing, changing business models, bringing new products to market, taking on what might be a lot of risk in many ways, but doing it mindfully and meaningfully.
Um, so Josh and Sydney, how, how did [00:10:00] you approach this in terms of changing how, how you bring products to market, how you collaborate with others? Cause now we're talking about third party, right? Collaboration and risk here as well. So maybe some thoughts on, uh, that in terms of bringing this to market.
Sidney Prasse: Yeah, I would say to Robert's point on, Just the marriage of kind of our introduction to high trust. We were incredibly moved by the need and want for a progressive product. We went out to market to the insurance markets, um, trium kind of far and away stood out. They're also very familiar with the high trust CSF already.
So that was kind of check the box. Number one, um, Josh has been a great partner. We've learned so much through the process. The cyber market is very ripe for a product like this. The kind of, uh, issue with the underwriting and assurance assurance process right [00:11:00] now is very manual. It's duplicative. And we found kind of all between all three of us, we were all able to kind of come together and create something that we find.
We'll deliver an incredible value for you all. Um, and just keeping that progressive nature creative and, and growing this product is really what we're excited about, but I'll let, I'll let Josh from try and also chime in on how he got interested in working with high trust too.
Josh Ladeau: Thanks, Sydney. And actually, you know, really excited about this, this whole partnership.
I've actually been engaged in one way or another for about a decade with the high trust group and, you know, always been really enthusiastic about what they can deliver. What has really changed over the last kind of this most recent iteration of engagement, from my view, is just the ease of that partnership.
Um, the idea of the collection around the certification process of all that evidence within my CSF and the ability to deliver that to [00:12:00] us via the RDS virtually, you know, seamlessly in the background that dramatically changes the way that we engage with our clients. The efficiency of the underwriting process, the renewal process really takes us away from relying on a very wide variety of applications that are of varying quality.
A lot of times we have to, you know, follow up with the client multiple times to really get to the data that we want to. I think, you know, this partnership and process, uh, obviously the quality of, of the potential insurance is there, but that ease and process is one of the biggest changes and, and sort of coupled with that.
And it's always been a case, but the insurance industry has really struggled with third party attestation, right? Knowing that the, the client responses on those. Differentiating confusing applications within the industry, actually knowing what that response means on a consistent basis and making sure the insurer knows what it means.
When you add that element of third party attestation and the sort of quality to the data, it's that much better. So on a couple of levels, super exciting in terms of the way this changes the dynamics [00:13:00] of the underwriting process itself, uh, nevermind, obviously the, the access to a great pool of clientele, et cetera.
Sean Martin: And I want to, I want to go to Blake here. Uh, Quickly to speak to kind of the feedback from the high trust customers. I know it's assess once report many is the mantra, right? Um, and that's from a compliance perspective, but it certainly aligns very well with, uh, seeking out cyber insurance where oftentimes it's submit a questionnaire who knows how, how that is received on the, on the broker side and what they do with it.
Can they really assess. The posture of the organization and the culture of the organization, where through high trust, you get the assurance, you get the reliability, you get the transparency, the consistency, and that's all through the high trust CSF. So talk to me about the conversations with high trust customers and their, I don't know, their requests, perhaps to say, we do all this work, we present ourselves and we can demonstrate, uh, [00:14:00] this, how can, how can we do that with?
With our cyber insurance program.
Blake Sutherland: Sure. Many aspects of that question. So, uh, let me dig in a little bit on it. That's my, that's
Sean Martin: my mo.
Blake Sutherland: Certainly. I'm sorry. The lights, uh, uh, coming in from the side. But, um, so certainly our community has been asking for this for a long time. And to your point about a sense, assess once.
Comply or report against many. This is one. Another thing that our constituents need to report against, right? Our primary champions in the organization are usually supporting the other areas of the business that are the ones applying for insurance and trying to get insurability, right? So they're often getting yet another set of questionnaires from that group in order to maintain this process.
So the whole high trust concept of assess once, report many. It's in here. And really, we needed, you know, some of the technology. Josh mentioned the results distribution [00:15:00] system. Rds. This is our mechanism for making what is collected and independently, you know, verified available in other forms, whether it's for a strong assurance.
on our own control selections, our certifications, whether it's insights reports into other compliance vehicles, or in this case, you know, uh, responding to, uh, information needed for processing or ensuring an organization. We've been, we've been getting this request for years, and certainly to chime in on Robert's point, um, our community, Because they go the extra mile to have a mature program, have been wanting to get recognized for that program and having, you know, progressive partners like this, it really makes that a lot easier.
Sean Martin: So I'm going to shift gears a little bit here and kind of speak to the process and maybe, uh, even more pointedly to the kind of the stakeholder community in this space. Um, when we speak to [00:16:00] security and even. Compliance, uh, the CISO tends to, to bear the brunt on their shoulders for a lot of that work, uh, and they contribute to the process of, of getting insurance, but maybe in some cases actually own that process as well.
Um, Robert, can you kind of talk through some of the other stakeholders involved and how, what, what we're talking about today actually helps them achieve their objectives, uh, where you're, as a CISO, you're, you're. Contributing to the process with meaningful information and perhaps even streamlining the process, which is the whole thing we're talking about today, right?
Yeah,
Robert Booker: I think it's a great question, Sean. And I think, um, you know, I think security leaders and C. I. S. O. Specifically organizations that have those roles, um, you know, are typically focused on the point of execution in terms of the security program and compliance. And I'd say I'd say that traditionally You know, [00:17:00] insurance and the area of obtaining insurances has rest more with, uh, depending on the company is rested more with the finance or treasury function, and, uh, it might rest sometimes security from a cyber part of that team.
It might not. Looking to obtain these products. And, um, my background was a very large company where those roles were very distinct and there was a very large management team focused on such problems. But oftentimes in, in mid market companies, it's, it's maybe the CFO and the CSO is just kind of the two people at the table on the problem.
And irregardless of that, I think traditionally the CSO, as your question sort of suggests, might be a contributor to the insurance underwriting process, but until probably recent cycles, uh, has not been quite, uh, quite as directly engaged in that. And I think organizations are learning, and certainly the insurance industry has been seeking a direct conversation with the people that [00:18:00] actually manage.
the maturity of the program and are responsible for the risk management execution of the company. Underwriters want to understand that they can have transparency with the people actually operating the system. It's not being proxied for them. They know that they're talking to the person that actually knows what happens in the system operationally and they can have some confidence that that person is credible and understands the problem and has invested in solutions that.
That solved that problem. Uh, and I think as underwriters have scratched deeper and deeper into the technical fabric to qualify the management of the system, the treasurers and risk managers are probably not well equipped to have that in depth technical conversation with underwriters to really understand, um, you know, how the systems operate and whether they're operating effectively.
And then you couple that with the significant number of claims that have been made specifically ransomware or extortion oriented types of attacks where there's a specific type [00:19:00] of solution that can be put in place to mitigate much of that risk. And it's, uh, It's sometimes a real credibility gain to have that technology leader say, yeah, we have, we are aware of this.
We know how these attacks operate. We know what they could do to attack us. We know where our data lies and we've secured that system. So I think it's a very, very long winded way, Sean, to answer your question to say that before it was distinct. And now I think most every process I've seen in probably the last four or five cycles, it's really involved the, um, Treasury or risk function alongside the technology management and security management functions, you know, working together to get the best product at the best underwriting and the best premium for the company.
Sidney Prasse: Yep. I would just jump into, we are, the whole goal here is to create synergies. As Robert mentioned, there may be very dedicated roles within organizations depending on the culture and or size. So. Keeping that white space, but [00:20:00] making sure that you are communicating with those kind of finance function stakeholders.
Because for our purpose of having conversations with you, typically, you know, you kind of may fall in more the technical field and they sit in more of the risk management field. They may not even know this exists. So getting the word out there, Hey, this is. Amazing facility through high trust is available.
So just bridging that gap internally, it's kind of a call to just be more proactive and help, um, communicate that throughout the organizations.
Josh Ladeau: Yeah. Just real quick. If we think about it also from a bit of a continuity perspective, you know, organizations roles change hands over a policy period or over a given year, um, sort of the continuity of having this as the central funnel for that data and this process being connected to the underwriting eliminates some of that year over year of, you know, Joe or Susan was handling that last year.
They're [00:21:00] gone. Who's picking up and running with that by connecting it to sort of the, the, the, the The high trust certification process and that annual engagement, you sort of have that built in continuity year over year, regardless of personnel, because of the grounding of the high trust framework and the reporting system.
Sean Martin: So I don't want to belabor this next point, but I think everybody listening and by the way, those listening live and watching live, if you have questions for the, for this amazing panel, please Go ahead and put those questions in. We'll, we'll take some of those toward the end here. Um, I, I want to maybe want to highlight a few of the key pain points that organizations face, individuals face as they, uh, as they work with you, uh, to obtain insurance and then to demonstrate that they have a good posture to do so.
Um, I can, I highlighted the, the, uh, Spreadsheet submission, right? I have to submit a spreadsheet. How do I answer that? Am I answering it in the [00:22:00] right way? Is it, are my answers going to get me better coverage? Am I hurting myself there? Does it really reflect my posture? Am I doing stuff in line with what matters for the business, not just to get insurance?
So, who can speak to some of the pain points and challenges, both in trying to achieve? Uh, coverage and then from the other side, um, the, the information, lack of information, misinformation that, that comes through that makes it difficult to actually provide good coverage. So maybe the, maybe the, the attempting to get coverage first, uh, Blake and Robert, you want to touch on that and then we'll cover the other side after.
Robert Booker: Yeah, I think, um, I think to the points I've maybe already made a little bit, Sean, I think, uh, you know, we, um, we know that the questionnaires that have traditionally been asked for from the underwriting community, uh, are quite deep and they've become deeper and deeper year over year as losses have mounted and, uh, insurance companies are well informed now [00:23:00] about the types of mitigations that, uh, could help companies avoid these claims.
So we're, um, just from a process perspective and. Cindy kind of hit on this already about creating efficiencies and connectivity. You know, we are, we are filling out a very significant volume of information, uh, almost all of which is data that we've already been through. And not only, not only have had to produce, but I've had to have validated.
For the purpose of obtaining a high trust certification. So it's kind of duplicate questions asked from a different voice. And oftentimes maybe not even requesting the same level of evidence that we've already had to produce. So it's not it's not impossible to complete that questionnaire because we know our programs and we know how to do it.
But it's a, it's superfluous in terms of just the amount of time it takes us to do it. And I would argue the fact that every moment spent doing those types of things is one moment less spent on the security itself. So we want to minimize that level of duplication to the degree possible, uh, while being consistent with the spirit of why it's being asked that [00:24:00] organizations do have a need for transparency and for completeness and understanding that.
So I would say from a obtaining of insurance perspective, Uh, it's not as efficient as it could be. And we think progressive approaches like this make it much, much more efficient.
Sidney Prasse: Josh from Triumph probably knows this better than anyone too, but just being in the space, there are so many different questionnaires out there.
Every insurance company has their own spin on how they word a question. So depending on who's filling it out, it could be interpreted one way or another. And then to his point earlier, year over year, you may have to complete a different questionnaire that's slightly worded differently than the first one.
So just creating more of a synergy and, and consensus around how we get this information and ingest it in a standardized way is going to be so key. And it's already there. It's in that high trust CSF. Um, one thing I would say on, um, obtaining coverage [00:25:00] too. So we saw it, especially during the hard market.
Incredibly challenging, depending on, you know, your risk profile and kind of your industry class. Although we would say those are kind of 2 things that are really. A little bit out of your control, specifically your industry class, like what your bread and butter as a business is, we, we can't change that all that much, what we can show and demonstrate is, you know, extreme maturity, rigorous controls in place, and a lot of that is taken care of in just going through this high trust certification.
So the ability to kind of leverage what you already have done. All of the ongoing work that it takes to maintain your certification with HITRUST is incredibly valuable.
Josh Ladeau: Just to jump in on that, there's a couple of bullets. And I think, you know, one of the, one of the funny items is, uh, as we think about what does the insured mean or the applicant mean on that question, I often find [00:26:00] myself going, what does the insurance company mean?
What is the person asking that question on that application? And it's not like I can call up a competing insurer and say, well, you What was your intention with this question versus with high trust? And in this process, we are, we are very deep in the weeds of what does this question mean? What are we looking for?
What does that mean when they respond in this way? And really understanding the nature of of the R2 certification process, what the response is. Also, and those are attested to, but what is the question itself? What are you getting at in that question? That's not always obvious. So we can understand why insureds aren't always answering appropriately with the spirit of the question, because we're not really sure what the spirit is.
And then one other thing I want to note is, uh, insureds love it at renewal time when they get to fill out that, that renewal application, if they stay with the same market, and it's just like. Three or four year over year questions. The problem for that insured is when that application, that renewal application with four questions goes out to market, um, all of the, uh, underwriters [00:27:00] that are seeing it, except for the, the original, you know, the incumbent market are seeing four questions and it's hard to give somebody credit or really understand what you're underwriting to when you're seeing those renewal applications.
That said, filling out a new business application each year seems like a big pain in the butt. And so you see really that efficiency play again. I don't want to. Beat a dead horse here, but it really is incredible. The efficiency of the process utilizing my RDS reporting on the other side. Um, you know, that that really is a separating factor beyond the attestation.
All those other elements. Just that ease of process really is critical. Making sure you're getting the kind of best deal. With the widest amount of sort of information available to market with doing the least amount of work,
Robert Booker: you know, I have a just a follow up to that, please, Sean, I think, first of all, I think, to the point of knowing what the question means, I just am so delighted to get that on the table.
Because, um, you know, we, we are very transparent about our, uh, our assessment protocols and our assessor handbook is public data. [00:28:00] Anybody can look and understand exactly what we're seeking and the CSF is public as well. So it's not a secret. In fact, we think the transparency is really key to understanding what are the, what are the requirement statements and what are the illustrated procedures necessary to prove those requirements.
So I think that's, uh, that's really important. But to your point about, uh, renewal, um, which I think is really key, you know, the high trust star two, which is a two year forward looking certification has a requirement for a recertification period, um, after the first year. And so if I'm a, if I'm a, uh, underwriter, my, my suspicion would be that I might've seen them a year ago.
I might've looked at it and done a high level of due diligence and validation. But I'm always going to ask the question in the back of my mind. Like, is that system still operating and is it still mature? And is it still, is it still representing 12 months or 13 months later? What it was when I looked at it the first time, and we think that level of transparency and not just an understanding of it's a certification, but how the certification works and how the re recertification [00:29:00] and the, the, you know, The sort of check in process, like for example, the requirement that corrective actions be mitigated, and the data that shows that the vast majority of those are mitigated in the first year.
That's not something most other systems provide, so that level of not only transparency on what the maturity is, but confidence that the maturity is forward looking and has the ability to be sustained, I think is really an important point for anybody that needs to rely upon that certification to make sure the system is actually operating.
Sidney Prasse: One thing really quick, Sean, at a high level to what we're talking about, all these efficiencies and time management items really goes back to what is our ROI? Like, there's a premium ROI, which I'm sure Josh will be happy to touch on in a second, but I do want to just reinforce this point around a return on investment goes just beyond.
You know, premium year over year, it goes into how do I free up time [00:30:00] for my CISO, my executive team to leverage this big R2 or E1 or I1 that we're already working through and kind of make that insurance process that much easier, that renewal. So I wanted to call that out too.
Sean Martin: Excellent point. There's actually a question here that I wanted to touch on, um, funny enough as it came in that, uh, I trust is typically known for doing great things, super innovative in the healthcare space, but the work we're talking about here and the benefits apply to pretty much any industry, financial services, marketing, um, Insurance, pharma, you name it, any organization that has internal policies or regulatory policies and the need to have a high level of security in their posture, um, can benefit from high trust the R2 certification.
And then, and then this, uh, And this new [00:31:00] facility that's being offered and as I'm going to use this opportunity to kind of shift into what, what is this product? What is the shared risk facility for cyber insurance that we're talking about? Um, is it? Yeah, I guess it's the first of its kind. So who wants to maybe take a stab at describing the big picture of What we're offering here.
I do feel, Sean, like I have a
Josh Ladeau: decent sense of what it is. Um, so, uh, I would hope so. ,
Sean Martin: hope so.
Josh Ladeau: Yeah. Uh, obviously I've been excited to jump in this. We, we've put a lot of work into creating this and it is, it is a first of its kind. Um, so the high trust shared risk facility, uh, in shorthand is a London consortium.
Um, and the way that. Uh, a consortium works is basically, uh, additional capital can come join our process, meaning that, uh, as insureds get larger or they have bigger contracts that require more insurance coverage, [00:32:00] um, they never have to necessarily leave the, leave the family, if you will. And that's because while right now we're offering, you know, 10 million with an additional five, we can stack on.
So up to 15 million, we can produce through this. We grow the capacity in the consortium. By by more insurance companies coming in and saying, Hey, we like this process. We like what Trium has built. We want to, uh, effectively piggyback on that relationship. And so each year we're trying to, and going to bring more capital into this.
So meaning, well, you know, maximum limit in year one, maybe 10 next year, that could be 20 or 25. And over time we continue to, uh, we plan to grow that continuously. Uh, really as large as we can get it. And the idea is that a single point of shopping. Uh, it diversifies the risk for insured. So meaning if you do all of your business with one insurance company, they have a tough run of it.
Um, that that product to that company might disappear in a consortium model. You've got a bunch of insurance companies coming together and they're sharing that risk. Hence the high trust shared risk facility. They're sharing [00:33:00] the risk for each individual client according to the contract. So out of the gate, we have another partner that will share 50 percent of every risk with us.
And as that grows, you get a small percentage of E from each insurance company supporting the clients. And so there's rest, less risk on an individual basis, meaning, uh, less volatility for the insurers, less volatility for the insurers means less volatility. For the client, when it comes to pricing terms and conditions.
So that's kind of how all that ties together and how it's structured. Um, they get the benefit of working with many carriers through the lens of one, though. And so Triumph leads that. We lead the underwriting process. We singularly collect the data on behalf of clients. And so there's a ton of efficiency relative, uh, and really security to that relative to the standard application process within the industry.
Blake Sutherland: And maybe I'll just chime in for our community. Uh, this initial offer is based on the R2 certification, so our highest level of certification. As our community knows, we have a traversable portfolio, the [00:34:00] E1 is the essentials, the I1 is sort of our intermediate level, and then the R2. So um, while if you have an R2, it's great to apply, even if you have an E1 or an I1, you should be asking about this facility because, uh, We are looking to offer, uh, insurance based on the E1 and the I1 as well, and also maybe on your journey across all those different levels.
Sean Martin: So what does it mean to have an R2? How does that help you, Josh, and maybe even Sydney, um,
do better with the underwriting process and actually deliver this product?
Sidney Prasse: Yeah, I it, this was such a fun part of getting to know the High-Trust team is learning the three different tiers of the certifications that they offer. I think we landed really on the R two to start, um, because it is, we would deem the R two as the most robust.
[00:35:00] It's takes two years. Recertification process is every other or every year, like Robert mentioned. So we see it as kind of, uh, a group of the risk pool being more mature than anyone outside of the risk pool or anyone outside of that. So we started with the R2, but we're, of course, open to expanding and into the I1 and E1, and I'll let Josh talk too.
But I think on that front, as he mentioned, up to 10 million with an additional five available. The E 1 and I 1 might be a good kind of test pilot with maybe smaller limits, you know, if you only need a certain, a certain amount to, um, to get by with contracts, like 2. 5 million or 5 million, those kind of one off scenarios would, Triumph would be happy to take a look at, but, um, we did kind of focus it initially on the R 2 because we deem you all to be the most mature [00:36:00] organizations from a risk standpoint.
You
Josh Ladeau: know, we have faith in that sort of the robust nature of the R2 process and what folks really had to go through. And it's not just the controls in place, but simply the ability to evidence and work your way through that process demonstrates a level of maturity and sophistication within an organization.
So that alone, um, Tells us something. Obviously, you've got a pretty significant number of controls and sort of coming into the individual elements of that. I don't think we have time for on this call, but we'll just say sort of the holistic nature of the of the framework that it touches everywhere. And obviously, this is a game of weakest link, right?
Wait, you pay a lot of attention to one area of security. And if you ignore another area, somebody just goes around your, you know, your giant wall and walks through the open door on the other side of that wall or, uh, to the side of that wall. And so, uh, that holistic nature of the process is important. But what I would want to add to this is I already believed, uh, in the sort of robustness of high trust based on my [00:37:00] engagement over the years here.
We knew what an R two did. I'm newer to the E one and I one. Uh, and in particular, the one I will just share, you know, we are organizationally meaning triumph is working our way through our E one certification and I have a lot of Faith and sort of the robustness right from the ground up. So when I say that as sort of a tiered certification process with E1 as the quote, unquote entry level, it is a robust certification and demonstration of, of real commitment to compliance and security posture.
So we look at that as a, you know, sort of great, uh, stepping stone. We absolutely plan on having a E1 and I1 specific products available in 2025. Uh, and I would say even the funnel system, folks looking to join there. And where we're really excited is we've really developed, uh, certainly the insurance product itself is important, but we have high trust, dedicated high trust, certified resources that are dedicated to our clients, um, that are working with our clients through that process.
So we have internal folks that. Have have obtained high trust certifications that are there [00:38:00] to work with our policy holders as they either try to enter that that E one or move from E one to I one to R two, et cetera, we really want to be partners and share our experience and progress through that with those clients and helping them work through.
So, uh, just, uh, just a very neat sort of continuum of the certifications there. And it's really a, there's that consistency of robust process. Holistic approach, regardless of E1 versus I1 versus R2, we have a lot of confidence in the overall process. And again, that attestation along with it.
Sean Martin: So I'm going to, I'm going to assume that there are a number of high trust customers listening and watching our conversation today and are familiar with E1, I1 and R2, um, I want us to Josh's point, this is probably a series of, of webinars of what, what the R2 can do in an art, a high trust certification can provide.
But maybe Robert, if you can highlight, uh, just the, the short overview of what it does, how it helps organizations [00:39:00] achieve compliance with the things they need to be compliant with, and then the outcome of that in a, in a meaningful way, um, not, not like some other certifications we hear of in the market.
Um, and then obviously we're speaking to, once you do that to Sydney's point on a return on investment, once you do that work, there are a lot of things you can do with it, including. Obtain insurance, cyber insurance. So kind of walk through what the R2 is, or generally a high trust certification. Uh, things that come to mind are the reliability demonstration of, of, uh, what you've done, the third party, third party attestation and certification.
So some of those things that help paint a picture for what's possible and what comes out of an R2 and others.
Robert Booker: Yeah, I can, I can start and then Blake may want to add, add as well because he's, uh, he's living every day alongside me with a lot of our customers in this journey. But, um, I think, you know, I think we, we really look at it as a compliment of, uh, you know, having, having the, the right and the relevant controls be [00:40:00] validated.
And what I mean by relevant controls is they have to be the controls that actually mitigate the risk and the threats that are actually being played. In the wild today. So we, our entire system's built upon something we call cyber threat adaptive is the controls that you earn today will likely evolve as threats evolve and as new risks come online, you know, we did not know that things like solar winds would happen two years ago, and now we know solar winds was a big issue.
So zero day type of technical vulnerability is even more important than they've been in the past. Uh, those types of things require a continue. It was, you know, reexamination of the controls that are being tested. So, uh, the customers that we have today, uh, well, we'll know that they've, you know, they've done a great job proving themselves, uh, with the controls that we test, uh, in the current, the current time, but, um, as new regulations, new threats and, and other.
Other requirements come on board. Uh, they can rest assured that, uh, the relevant controls that they test will be the relevant controls for the day of the test and the validation. And that's certainly something that's really [00:41:00] comforting, uh, not only to people that are working to make sure their program is the best it can be, but to the people that rely upon those, um, certifications like underwriters.
So that's, that's kind of the first thing. Um, the second thing is that there's a level of reliability in the process we go through, and, uh, you kind of touched on this a little bit, Sean, is that, um, Many times questionnaire oriented validations are a matter of self attestation. An organization says, I think I understand the question you're asking me, Josh, and I think I know that you want to know whether I have two factor authentication and I choose to define two factor authentication this way.
And I'll say, based on my definition, I'll say, yes, I have two factor authentication, but that may or may not actually demonstrate what, uh, what Josh was looking for as the underwriter, that it's the kind of two factor authentication that, uh, you know, the, uh, the insurance industry and others are worried about with regard to mitigating the risk.
So you have to have a level of transparency and, um, and integrity and how the questions are asked and how they're answered and the level of evidence that's [00:42:00] produced. Uh, In our case, we, we require validation and verification using a trained and certified assessor, an organization that's objective and separate from the company that is very experienced at helping companies walk through their controls, understand whether they exist and how they're demonstrated, how mature they are, and then how to collect the evidence of that.
And all that is scored on in a model that says, you know, you may, you may have a policy that says you have this control. But your procedure is a little bit shaky. You don't really have something in place that proves the control will operate effectively or that proves that the control will remain in effect.
And so you want to make sure that that is the, uh, excitement at that level. We are a verification that people have to achieve a certain. Soar for all the controls within their certification across many different parts of the security and domains. So not just physical security or logical security [00:43:00] or firewalls or all the things people care about, you know, all those things have to be good at a certain level of goodness.
So once you take that relevance of the controls and the reliability of testing and validation, you know, you get to something that approaches certification. And the certification is only issued following a second quality analysis that's done by high trust personnel that have looked at literally thousands of certifications across, you know, thousands of companies and have seen a lot of people answer these questions in a lot of different ways.
And lastly, we're very confident that the scope that is represented as being certified as the scope that was tested. Sometimes, unfortunately, organizations might say, well, I, I obtained a sock to certification on this part of my company. And you say, well, do you have a SOC 2? Well, yes, I have a SOC 2. Here it is.
And it's about something else. So, you know, I really want to make sure that when I validate a system, I know the system is validated for the scope that I care about. So, very long answer, Sean, but it's such an important part of this. And, you know, that's, that's describing not just the R2. But also the E 1, which is the essential [00:44:00] controls necessary to mitigate the most prevalent threats in the wild today.
Things like ransomware and then our leading practices for I 1 certification, which is really all the things that most mature companies need to accomplish across a comprehensive and full spectrum security program with the R 2 really being focused on risk based. So some of those very high level risks that organizations need to mitigate against.
Sean Martin: I want to, I want to turn it to you, Blake, but I want to remind everybody that the goal is to produce an organization or create an organization that's safe from breach, right? That's the ultimate, not just to be compliant. The compliance is the means to an end of, of being, uh, operating a secure organization.
And yeah, I guess the, the, the point is. The R2 and the E1 and I1 as well, help organizations reach that level of maturity to not just be compliant, but to actually have a more secure posture, which then helps, um, the insurance or, uh, industry, uh, provide this [00:45:00] type of coverage.
Blake Sutherland: I think the simple way to say that is we believe for a long time that if you do information security risk management well, you will get compliance by default.
Yeah. Right? Um, so it's sort of a secondary outcome from managing risk properly. I think also to reinforce a point that Robert made is we're constantly looking through cyber threat adaptive of what's changing in the world, and it's not just threats. It's technology. Josh brought this up earlier with cloud.
And we did a lot of innovative stuff around inheritance and working with the cloud providers for shared responsibility. And we're just launching our A. I. cybersecurity certification, which is again, looking at the changes in the world and how A. I. may now represent unique cybersecurity risks, and we need to put the appropriate controls in there as well.
So we're always searching. We're always. Interpreting what we're seeing in [00:46:00] the ecosystem, uh, and adjusting to make sure that you manage your risk.
Sean Martin: And Josh, I want to, I want to turn it to you because at the collaborative conference, um, I think, I think it was you that made the statement on the premiums. that are available. So kind of round out the description of the product and actually what, what you can get, uh, when you have the R2 and work with, with Trium.
Josh Ladeau: That's great. And I think this is all, you know, kind of on that ROI, uh, question. I, and I do want to maybe make one side comment on that, but yeah, let me talk a little bit more about sort of the product. So as we've talked about, you know, an expedited, uh, underwriting process, which really is important, you know, new renewal.
That's an annual benefit. Um, and obviously that efficiency you enjoy organizationally from not having to fill out one or more industry applications. Uh, we do have a leading policy form. It is very short and straightforward form, which [00:47:00] I say with some pride. It takes some effort to, uh, Cut out a lot of that legalese within the policy and really just get down to the core of what we're talking about.
And a lot of policies have inherited sort of language from other lines. We've eliminated that. We have a single page of exclusions versus many pages in a lot of policies. Um, and they are limited in breadth. The point for us organizationally is, and it's I guess kind of novel, we want to underwrite high quality risk.
We want to pay claims when they happen for those risks and we want to make our money. By those folks not having claims. And that really is a pretty simple model. We think by being thoughtful and targeted in that, um, giving that quality policy form, if you've got the right clientele is justified, right?
Because it's avoiding those incidents that is the best way, as opposed to excluding our way out of paying for those incidents when they happen. Obviously, it's not good for the client, not good for us. Um, so leading policy form, uh, and coverage built in there, very competitive rates. And so, uh, what I will do is say is we saw the same organization.[00:48:00]
With a high trust certification without we saw an application that said, Hey, this non high trust this this organization that does not have high trust certified systems or applications, um, does have good controls from what we can see in the application. And then we get the same exact risk through high trust.
The difference between those two for us is that third party attestation, knowing that somebody has vetted and verified the quality of those responses is night and day different from what we have today. And so all else aside, I would give the same credits for controls, but then we apply a 25 percent credit.
That really relates to that attestation in that third party. That's something we don't get anywhere else really in the industry at all. And so the value in that to me is, is monumental. Um, and we pass that benefit of assurance onto our clients, uh, onto our high trust clients. Uh, the risk management services I meant, uh, mentioned, those are white glove services.
We invest heavily in our, uh, risk management protect [00:49:00] practitioners. And these are folks who help clients with various, uh, Technology or security implementations that we offer or other services, but we've also trained our risk management professionals specific to HITRUST and they are certified by HITRUST within that.
And so really gearing the services that we offer in partnership with HITRUST, that's something that they get benefit of. And then that, I think I mentioned that built in capacity growth capability. So you're not having to shop for new partners year over year, but we will grow the availability of capacity for you.
Um, but if I could just. Maybe you mentioned one other item here when we think ROI, and I think it's it's it's steps outside of insurance a little bit, but certainly is something I think about a lot. I've written about a little bit, and that's really monetizing investment in in cyber security, right? And this is, uh, this is something that obviously it's You know, in going through the process, you are going to be hopefully more resistant, more resilient to events that happen to your organization, right?
That that should definitely be a benefit. Um, you know, so overall reduction in risk. [00:50:00] There should be an efficiency play that we already talked about and accuracy in the data that third party attestation. You're getting a lot of those elements within the ROI. But beyond that, yeah. This whole process and hopefully with a policy like ours, very high quality, a premium policy and market, um, you're really getting the ability to set yourself apart and, and by that, I mean, all else equal.
If I'm an employing entity and I have two vendors in front of me, If one can demonstrate a high trust certification on their systems or applications, along with a high quality insurance product that I can know what it does, because there's a consistency with high trust versus somebody who has none of that all else equal every single time, I think that employing vendor vendor is going to select the select the entity that they know they have that third party verification of who am I partnering with?
It's just that much more important. Everybody has seen it in terms of what happened with, uh, sort of. Change health and some of the impact broadly your partnerships matter very much and it's becoming [00:51:00] more and more clear that continuum of partnerships matters just as much as your internal security and so that that value creation in terms of we have achieved this and our peers have not.
I think that will set folks apart. I think it will allow them to get contracts that others won't. I think it will allow them to get enhanced value for that for those services. Again, all else equal. Um, this is, you know, just my personal opinions, but it's certainly how. We're building our business and thinking about it.
There's a reason we're going through the certification ourselves. And I do subscribe to that. I think it is valuable. We want to be unique in terms of our ability to service the clients and be in that continuum with them. So I just I love the idea of the investment and security. Yeah, it's great to reduce risk and all of that side of it.
The efficiency. It's all great. Well, what about that access to business you wouldn't otherwise get or better rates for that, uh, that you wouldn't get. That's where I see the real value of these types of this type of partnership. Uh, so I'll leave it at that.
Sean Martin: I'm going to, I'm going to ask you to take a drink of water.
It sounds like somebody else wants to chime in here as well.
Sidney Prasse: Josh, [00:52:00] I love that point at more of a basic level. It's kind of like you are who you surround yourself with. So make it a very enticing offer for anyone that you're kind of pitching to in the industry. Whether it be vendors. Um, and
Sean Martin: I'm going to make you speak some more, Josh, because I'm hoping you can share a few case studies where those are customer stories with us.
And there's a question here, and for those listening and watching, if you have questions, do drop them in, we'll, we'll answer as more as we go in at the end, uh, but there, The question is, are there any tips, so this is in the context of streamline and partnerships, I think, uh, are there any tips for how to get our finance and risk teams to come together and leverage what we already do in security so we don't have to get buried in questionnaires as we seek out quote.
Josh Ladeau: So I specifically deal less directly with the clients. I won't necessarily, uh, I'm not necessarily the best person to give that response, although I would [00:53:00] say. A lot of times the best way to get folks to come together is when you can point to the value of it. And a lot of what we were just talking about, uh, if that value can be understood and shared internally to an organization, that probably helps, but maybe I'll, I'll kick that one over to Sydney as the.
Sidney Prasse: Yeah. Yeah. So the, the broker is really going to be kind of key in that position. And while McGill and partners may not be your direct broker, we are intending to be a full advisory extension of high trust. So if you have a contact at high trust, And you're very curious about learning more and passing on quality information to your risk team, who, or your finance function, who handles the insurance renewals, happy to.
chime in, happy to jump on a call, happy to coordinate with high trust on, on who the best person is for that. And we also have, um, I'll, I don't want to jump the gun, but a great, um, kind of one pager placemat that will show at the end of our presentation as well, which can be very helpful, um, at a baseline level to educate [00:54:00] internally.
Sean Martin: Nice. We're coming up on the end here. So I'm gonna I'll do around a quick round of one sentence from each of your one final point for me too. But there's one more question here. I want to want to tackle before we wrap up. And like I said, keep keep submitting questions if you have them. Um, So this speaks to high trust customers, uh, who have a security program, perhaps are on their journey to achieve a certification or have there are two, perhaps even doesn't say, but how can I determine whether or not my existing program will meet the requirements to obtain, obtain coverage with this?
Offering wants to tackle that one.
Sidney Prasse: I can jump in on the E1, I1, R2 piece. Um, Robert Blake and I have always talked about kind of whether it's a journey or a destination, like, where are you trying to reside? And then where do you want to go in the future? If it means exploring an R2, that's great. Um, I think.
Josh can, [00:55:00] of course, look at, and I don't want to speak for him, but look at any of the E1, I1, and R2 on where you are. Objectively, that's his role as an underwriter, even outside of the HITRUST facility, is to just assess risk, where you are, and potentially evaluate, you know, a roadmap of where you're going.
Super valuable. Um, I would say absolutely reach out. If you're exploring E1 and I1, um, it, this is not kind of precluded strictly to, to R2 certified companies. Although that is kind of where we intended to start this, but ultimately want everyone to feel like they can tap into this space. does value add with High Trust?
Sean Martin: There's value in your High Trust journey regardless of where you are. In this step I love it. All right quick round of final thoughts from each of you and then I'll wrap things up here. Cynthia, I'll start with you.
Sidney Prasse: I would just kind of say I really, really want to empower everyone on this phone call regardless of kind of where you [00:56:00] sit within your, um, pecking order on the it team or cybersecurity team, or even if you are kind of in touch already with your risk management or finance function.
Um, I would just empower, uh, we want to empower you to feel more involved in this process. At the end of the day, the CIO, the CISO are the ones making the calls on the security program at hand and the compliance framework that you utilize. We do believe firmly that you should feel like you have a say in who you partner with on an insurance front.
Trium already mentioned they have, they're pursuing their E 1 certification. That is excellent and should be viewed as, um, you know, a differentiator in the insurance market. So happy to, to help reach out to us if you need. Um, we're really excited to be on this journey and partner with HITRUST.
Sean Martin: Fantastic.
Robert.[00:57:00]
The
Robert Booker: shared facility and the aspect that it provides allows for really any, any, any broker that, uh, is, is, uh, appropriately qualified to reach out and to, you know, seek insights through the program. And so I would really invite people that already have coverage, but have an R2 or in the high trust journey that just want to understand and more at renewal time to, you know, Give us give us a try.
Give us a try. I think it will provide great insights to your organization about the capabilities. And in a number of cases, it might offer a offering that is, uh, is more competitive and perhaps even fits a better need for you or can be part of your overall program. So we really do invite people just to join and engage with us.
Sean Martin: Like
Blake Sutherland: I would throw out be proactive. Um, a lot of these renewal timeframes are like [00:58:00] 120 days, 90 days and that sort of timeline. So because it's such an easier process, engage early, share that information with the risk management, the finance treasury side of your business, it may help you avoid some questionnaires that you would otherwise have to fill out.
If you get what you're looking for,
Sean Martin: I love it
Josh Ladeau: from my side, Sean, sorry to jump the gun, but I, yeah, I, I think the key is excitement for the, uh, the partnership, um, you know, talked about, uh, return on investment. And I think that's something we really, uh, can demonstrate with this overall, uh, partnership and approach, um, reducing volatility for clients and really, uh, helping them on their insurance and, uh, compliance journey over, over time.
So very excited for it.
Sean Martin: This is fantastic. I want to, uh, Thank everybody for joining us. I wanted to thank this panel for, uh, Well, first creating this, uh, amazing, amazing offering. It's innovative streamlines [00:59:00] of process. I think we spoke to, uh, the fantastic ROI that we get out of this easier to obtain superior terms, competitive premium, the list can go on and on and on.
Um, if you're working toward creating a better security posture and you're working with high trust to make that happen through an E1, I1, R2, um, connect with this team and, uh, I'm going to turn it over to Sydney to help Guide us through what that looks like. How do you connect with folks in here?
Sidney Prasse: Yep, of course.
Uh, so on the next slide, um, we have a handy dandy QR code that we'll, um, throw on the screen, which includes a placemat. Yep.
Sean Martin: Absolutely. We'll stick around for questions here and, uh, Josh, Sydney, Robert and Blake, thank you very much for your time here. Thanks everybody for listening and watching enhancing cyber insurance with high trust streamlining coverage through strategic partnerships, uh, take advantage of the work you're already doing and, [01:00:00] uh, get that insurance coverage that your organization deserves because you've done the hard work.
Thanks everybody.