I’m still in my early days of collecting materials to read, think about, and make notes for my next book which will focus on insurance and cyber. I don’t plan to begin drafting my book until 2024.
However, the following visual captures my initial perspective of the high-level participants who do or could assist corporations before, during, and/or after they are cyber-attacked.
I plan to create a similar visual for “individual people / consumers as cyber targets” over the next week or so.
My pre-beta taxonomy visual has three categories – financial, services, and corporate retention (e.g. what each corporation should do for themselves) – but I intend to add a fourth category capturing “government / industry regulations” in my next version of this visual.
Your eyes are correct: I show A.R.T. in both the Financial and Corporate “Retention” columns – purposely because entities in both columns are required. Moreover, I have “buried” brokers, MGA, and Lloyd’s Syndicates (and other types of insurance channels) in the “concomitant channels” phrase. Let me know if and why I should capture them separately in the Financial column.
In the 3Q23 and 4Q23, I’m planning to reach out to firms in the Financial and Services columns to request briefings about their cyber offerings.
I have no doubt that in the “Services” column I have some overlaps, missing types of firms, and other mistakes.
I would appreciate hearing what overlaps I have made, what types of firms I have missed, and what mistakes I have made – whether in the Services, Financial, or Corporate “Retention” columns.