Speakers
Chair
Kelly Malynn
Senior Risk Manager, Beazley
Kelly is a Senior Risk Manager at Beazley and for the last five years has had a specialist focus on cyber risk and innovation across all classes of business, most recently developing Beazley affirmative physical damage marine hull product.
She is responsible for providing cyber risk assurance to the board on the systemic aggregation potential, emerging risks, exposure management and capital provisions. She is also responsible for the implementation of the Beazley strategic initiative on client experience and chair of the environmental working group under the responsible business committee.
She has been at Beazley since 2009, has 20 years of London Market experience and is a member of the LMA’s Cyber Strategy Group which operates under the LMA Board.
Presentations
Sarah Stephens
FINPRO Cyber, Media & Technology Practice Leader
As part of Marsh JLT Specialty’s London-based FINPRO, Sarah and her team, based in London and throughout Europe, work directly with our clients and network colleagues to make sense of cyber, technology, and media E&O (PI) risks, and create leading edge bespoke insurance solutions in the London and European market.
Prior to joining pre-acquisition JLT in 2015, Sarah spent 12 years with Aon in a variety of roles. Most recently, Sarah was Aon’s Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business groups and clients in the region to identify, analyse, and drive awareness of cyber risks, exposures, and both insurance and non-insurance solutions. Previously, Sarah spent seven years with Aon’s US cyber and errors & omissions practice group thinking nonstop about cyber insurance way before it was cool. Her first four years at Aon were spent in the account management group working with large clients and developing a keen eye for excellent client service.
Sarah received a Bachelor of Arts with Distinction from Duke University in Durham, North Carolina in 2002, and earned an Associate in Risk Management (ARM) Certification in 2005. She is a member of the Professional Liability Underwriting Society, and formerly part of the Northern California Chapter Steering Committee and chair of the Europe Chapter Steering Committee. She currently serves on the Cyber Insurance Curriculum Advisory Board.
Cyber Insurance in 2025
Eric Durand
Swiss Re
Eric Durand joined Swiss Re in 1990 as a research scientist in the Natural Perils team, developing new analysis and simulation models for European storms and their effect to insured portfolios. He then worked for Swiss Re Australia as a cat specialist and underwriter for a period of two years before returning to Zurich to take over the leadership of a group of Property/Casualty treaty underwriters.
In 2002 he was appointed to SR-Iberica in Madrid as Chief Underwriting Officer for the Iberian Peninsula, before returning three years later to Zurich as Underwriting Manager Treaty Property. In 2014 Eric transitioned to Swiss Re’s Group Underwriting to lead the newly created Cyber Center of Competence and to coordinate the company’s efforts with regards to Cyber activities. He also leads SwissRe’s project on Solar Storms and their effect to the bulk power grid.
Eric Durand grew up in Neuchatel (Switzerland) and after spending a senior high school year in Michigan (USA) graduated in Electrical Engineering at the ETH in Zürich. He holds a PhD from the same institution in Biomedical Engineering.
The Cyber Market’s Present and Future Challenges; the Reinsurers’ View and Expectations
There is both a clear need for corporates of all sizes and an obvious interest by the insurance industry to develop a sustainable cyber market. Such a development goes hand in hand with managing the cyber risk and developing a profitable book of cyber insurance products and services.
In this context, the question of the “insurability of cyber” immediately emerges, which can only be answered by decomposing the issue into solvable parts. To understand the magnitude and complexity of the problem it helps to first define four pillars consisting of IT-Security breaches, IT-System failures, (IT)-Human errors and Algorithmic Risk, all of them accompanied by an inherent Human Factor. Then, workable challenges are specified. The presentation goes through these main challenges, from a proper definition of what is really “cyber” to the difficulties of the development of coherent accumulation models and tools, passing by the often cited lack of data and the almost unsolvable issue of the lack of fortuitousness.
Looking into the future, the presentation discusses developments needed to harness some of the coming changes in the cyber insurance environment, considering the varied needs and possibilities of players of very different sizes and exposures and suggesting a proper sharing of responsibilities.
Dr Christos Mitas
Vice President of Model Development, Risk Management Solutions
Based in London, Christos leads RMS’ Climate Hazards-Dry and Cyber Risk modelling teams researching and developing modelling frameworks and solutions for the reinsurance industry.
He has worked at RMS since 2006 developing mathematical models of catastrophic risk from natural and man-made perils, including the Cyber Accumulation Management System (2016, 2017), Cyber Solutions (2018), typhoon models for South Korea and Taiwan (2016), probabilistic flood maps for Taiwan (2015) and South Korea (2014), the European wind storm model (2011), and the North America winter storm model (2008). He has also researched and developed efficient and scalable computational modelling frameworks.
Before joining RMS, Christos worked as a post-doctoral Associate and an Assistant Scientist at the University of Miami’s Rosenstiel School of Marine and Atmospheric Science (RSMAS) from 2003 to 2006. He holds a PhD in Atmospheric Sciences from the Department of Atmospheric Sciences of the University of Illinois at Urbana-Champaign. He earned an MSc degree from the Department of Atmospheric Sciences of the University of Wyoming. Christos’ bachelors degree in Mathematics is from the Aristotle University of Thessaloniki, Greece.
Future Analytics of Cyber Risk Quantification
Cyber risk is changing all the time. Recent years have seen shifts in the business models and techniques of cyber criminals – putting more of their efforts into ransomware attacks than stealing personal data – as well as changes in the security technology available, a growing political dimension to cyber attacks by one country on another, and legal and regulatory framework changes that make it more expensive for organisations to deal with their cyber events.
To help organisations manage their risk in this changing landscape, RMS updates its cyber risk model each year, with reparameterisations to incorporate new trends.
Business executives however need to plan for multiyear investments, returns on capital, and longer-term assessments of risks to their business strategies. Assessing how cyber risk will change over the next five to ten years is a challenge, but one that can be planned for and that should underpin enterprise risk management. A strategy that plans for a continuation of the current trends is likely to experience strategic surprise – a sudden change in the risk landscape for which the business will be unprepared.
Strategic surprise in cyber risk could occur with a sudden increase in the number of threat actors, or a rapid advance in their capabilities. It could occur with major technology advances such as artificial intelligence or quantum computing, rendering encryption obsolete. New methods of monetising information could be discovered by hackers, just as new businesses are trying to do in the legitimate economy. State-sponsored cyber teams could change their rules of engagement to focus on commercial targets. A range of different possibilities needs to be considered to enable organisations to manage their cyber risk in a changing threat environment over the next decade.