It may be surprising to some that a former governor and head of National Security started an insurance company focused on cyber risk, but Tom Ridge, president and CEO of Ridge Global says it shouldn’t be.
“While the world is focused on physical security, even at an early stage in the security space we saw the internet being used for economic and radical espionage,” Ridge said.
Cyber security vulnerability has only grown since Ridge left his job with the U.S. government in 2005. Ridge said that fact and his experience motivated him to start a managing general agent that offers services around cyber response, cyber education and yes, cyber insurance. The company launched in 2014 and in January added three new cyber insurance products designed to integrate with the cyber resiliency services offered by Ridge Global.
“Everyone realizes they are vulnerable – but I think there should be a greater sense of urgency with companies. Our job is to help them with that,” Ridge said.
Ridge served as governor of Pennsylvania from 1995-2001. After the Sept. 11, 2001 attacks, President George Bush tapped him to be the first-ever assistant to the president for Homeland Security. In 2003 Ridge became the first Secretary of the U.S. Department of Homeland Security and served in this role until 2005.
He says his experience working for the federal government and in general consulting roles has shown him that companies are looking for an “integrated solution to the problems they have” around cyber security.
“Risk officers large and small all realize they have a problem and are still trying to figure out what their solution should be,” he said. “I really wanted to build something that I thought had value not only for my team but to add to the safety and security of other companies. I saw insurance as a gateway to these other services.”
Ridge Global created the new cyber insurance products and services to be tailored to those in state and local government, energy and healthcare companies, as well as professional organizations. The coverage is broken down by size of the organization: Enterprise Plus for those with revenue greater than $2.5 billion; Enterprise for those with revenue between $50 million and $2.5 billion; and Professional for those with revenue less than $50 million.
The coverage is available through Lloyd’s of London Syndicates with limits up to $50 million for large organizations, and up to $10 million for the smaller risks.
Ridge says insurance coverage is just one aspect of how his company is working with clients – Ridge Global also offers educational and risk assessment tools. He said he wanted to build a company that can handle “integrated risk.”
“The ultimate goal for me was to become a trusted advisor for companies in certain areas where there is a high-value risk,” Ridge said. “We are doing it in a way that will establish the relationship with insurance and then offer the other tools that reduce risk.”
To aid him in those efforts, Ridge hired a team of insurance professionals with experience in internet security, insurance, and risk management.
“One of the things I learned from my career in government is to understand what you know and what you need to know and learn, and fill the gap with really talented people,” he said.
One such person on the insurance side includes Adrian Scott, who joined the company as executive vice president and chief underwriting officer. He is responsible for leading the development of Ridge Global’s underwriting protocols and heads the day-to-day operations of the Ridge Global insurance underwriting teams. Scott’s career with insurance spans 25 years, including positions with QBE, Valiant, Aon and Marsh.
Scott says Ridge Global is more than just an MGA offering cyber risk insurance and utilizes its other services to establish clients’ cyber risk and educate them on how to address that risk.
“In this world we are in now with cyber, all the aspects that have to come together haven’t been fully integrated or embedded into the normal course of buying insurance, and it has to all come together,” Scott said.
Ridge said clients don’t fully appreciate that their connection to the internet is vulnerable, and that education piece is crucial to risk management. Ridge Global partnered with NAVEX Global, which offers software, content and services such as online training and educational tools for organizations and their employees to reduce their cyber risk.
Ridge said the company will expand its cyber education portfolio and is working with a major university on that effort, as well as offering new technology tools to customers and clients.
“We are always looking for other resiliency tools to offer clients as to try to reduce their risk exposure and expand our platform. We are not standing still,” Ridge said.