In the third installment of this Shoptalk series, host David Carothers and guest Zane Goldthorp of ProWriters shift the focus to proactive risk management for cyber insurance. They make the case that even in a soft market, a responsible business owner's focus should be on security, not just on meeting minimum carrier requirements. The conversation covers the essential security controls every business should have, including MFA, MDR, and employee training. They also dive into a real-world claim scenario that highlights a critical coverage gray area—the "Bring Your Own Device" (BYOD) issue—and discuss the potential conflicts between carrier-provided security services and an agent's referral relationships with Managed Service Providers (MSPs).

Key Highlights:

Essential Risk Management Controls

Zane Goldthorp outlines the foundational security measures agents should be discussing with their clients. While carriers may have relaxed some requirements, essentials like MFA (Multi-Factor Authentication), regular backups, and email security are non-negotiable. He also notes the industry's shift from EDR (Endpoint Detection and Response) to the more proactive MDR (Managed Detection and Response).

The Human Element: Employee Training

The conversation stresses that one of the most effective and overlooked risk management tools is consistent employee training. With phishing and business email compromise being the source of most breaches, training employees to spot increasingly sophisticated attacks can be the make-or-break difference in preventing a major claim.

A Critical Coverage Lesson: The BYOD Problem

David shares a story from a real claim that exposed a major potential coverage gap: whether a breach is covered if it originates on a personal device not owned by the company. This "Bring Your Own Device" (BYOD) issue highlights the critical importance of understanding policy nuances and working with an expert wholesaler who knows the forms inside and out.

Navigating Carrier Services and MSP Relationships

Many cyber carriers now offer security services as part of their policies. While valuable, David cautions agents to be mindful of their referral relationships with MSPs (Managed Service Providers). An MSP may view these carrier offerings as direct competition, potentially damaging a crucial referral source. The key is clear communication to ensure all parties are aligned.

Connect with:

• Zane Goldthorp LinkedIn


• David Carothers LinkedIn


• Kyle Houck LinkedIn

Visit Websites:

• Power Producer Base Camp


• ProWriters


• Killing Commercial


• Crushing Content


• Power Producers Podcast


• Policytee


• The Dirty 130


• The Extra 2 Minutes