EP 188 – Jennifer Tiang – Regional Cyber Lead – Asia at Willis Towers Watson – Fighting Fires Alongside the Clients

• Born and raised in New Zealand, based in Singapore
• Studied law and moved into the insurance broking business
• Studied Mandarin in Shanghai
• The macro change of insuring digital and non-tangible assets
• How risk is constantly being reassessed
• The importance of the data behind the risk analysis
• The significance of asking clients the wrong questions
• It is not just about insurance, it is about minimizing cybersecurity risk
• The need to consider financial, legal, and business interruption risks
• Having an advantage coming from a legal background
• Insurance for NFTs?

1. Navigating Into Asia from the Bottom of the World
2. If You Know, You Know
3. It Is Not Binary Anymore
4. As Amorphous as Cybersecurity
5. Insuring Your Lifeblood, Your Data
6. You Can’t Build Buildings That Are Not to Spec

Read the best-effort transcript below (This technology is still not as good as they say it is…):

Michael Waitze 0:16
Are you ready? Hi, this is Michael Waitze. And welcome back to the Asia Tech Podcast. Today we are joined by Jennifer Tiang, the Regional Cyber Lead for Asia at WT W. I love the initials by the way. I’ll get to that in a second. Jennifer, thank you so much for joining us today. How are you doing?

Jennifer Tiang 0:32
Really well. Thanks. Thanks for having me on.

Michael Waitze 0:35
It’s my pleasure. I love the purple. In my calendar. Whenever I have a recording I coded purple and anything with multiple W’s in it is good for me. My last name is Waitze . My logo has w I love it. Yeah, I love it. Yeah, it’s great to have Yeah,

Jennifer Tiang 0:48
no, I like the rebrand. It’s actually ultraviolet. Oh, even better, not just purple. Yeah,

Michael Waitze 0:54
that’s one of my favorite U2 songs, by the way. Oh, yeah. Yeah, that’s a good one. Really one of my favorites. Anyway, before we get into the main part of this conversation, if there even is, can we get a little bit of your background for some context?

Jennifer Tiang 1:09
Yes, um, gosh, so I’m based in Singapore. But I’m not Singaporean. Contrary to what lots of people think I’m not not a Singaporean with a strange accent. So I was born and raised in New Zealand. And studied law, there was a lawyer for four years, moved into insurance broking, and financial lines breaking, which is an insurance, a set of insurance insurances that probably not many people know about. But if you’re in corporate insurance, procurement, you’ll know about it. And loved it. Weirdly, my parents were like, We don’t know what you do. How did you leave law as a profession? Well, what are you doing with your life, but I just really, I really took to it. I think I loved the client advisory side of it. I loved being on, you know, right, right, in the, you know, fighting fires alongside the clients. And then after that, I took a two year break in Shanghai and attempted to study Mandarin. Mandarin is now basic conversational, probably the the standard of maybe, I don’t know, intermediate school age that will like, be an advanced teenager. Awesome. And then there was a Moute job available at an insurance firm in Singapore underwriting and financial lines, and took that. And after almost three years, moved across to WT wt, head of the cyber practice. So that’s, that’s me in a nutshell, my how I’ve navigated my way into Asia from the bottom of the world.

Michael Waitze 2:48
It’s really interesting to me, I talked to tons of people, right. So I’ve done 1000 recordings in the last three or so years. And at some point, everybody always brings up this idea of I was doing this and I moved to that, and my parents thought this. Yeah, it just, it’s really interesting to me, I’m 56 years old, and it still doesn’t matter, right? Like how old you are, how far along you are, it’s always like, your parents are still kind of they’re looking down going. Okay, now it’s okay. Yeah. Is that fair when

Jennifer Tiang 3:17
they see that you can provide for yourself like, oh, okay, we don’t have to worry. But

Michael Waitze 3:21
it’s a really interesting point, right? Because when you’re little they’re thinking our daughter is studying law. She’s going to be a lawyer. That’s okay. We can stop worrying about that thing. We can put that in the not to worry box. Wait, what did she just do? She switched. Okay, now we have to worry again kind of thing. It’s weird, right?

Jennifer Tiang 3:37
Yeah. I actually don’t think they they really understand what I do now. But that’s okay.

Michael Waitze 3:41
Yeah, it’s okay. Most people don’t understand what I do either. What do you explain to me? What financial lines you said people that know it? Know it, but people that don’t? Don’t? And I don’t? So what does that mean? Yeah, it

Jennifer Tiang 3:53
is one of those if you know, you know, kind of thing. So financial lines, insurance. It’s a set of insurances. That is about corporate liability. So organizational corporate liability. The key ones the key insurance classes that would sit within that directors and officers insurance. professional indemnity. Oh, you know, Oh, great. Yeah. cyber insurance sits within that. Crime insurance. So the ones that where there is liability facing the organization related to the actions they take and so it’s it’s tricky because it’s intangible it’s not you know, insuring the company property or headquarters, it’s insuring your against your liability from being sued.

Michael Waitze 4:32
So here’s the other thing that’s happening and you tell me if I’m wrong with this, but I think there’s a big sort of macro change taking place globally, not just insurance, where there’s this like there’s this limited amount of physical plant on the earth right like we can build more we see it happen in Hong Kong all the time. My favorite harbor in the world is like slowly but surely going away right where gyms come becoming part of yond anyway, we can talk about that. But these non tangible assets are just it’s infinite, right? The potential Infinite. So as you move away from ensuring plant and equipment, which people completely understand, right, like I have a building, if the building burns down, I’m insured. But the technical stuff, the digital assets can also and I’m putting in quotes burned down, but you can have as many of these as possible, and it’s infinite, the amount that you can have. Do you feel like people are now starting to think about, okay, we’ve already insured all the physical assets. And we know how to do that. Now we have to think about insuring these digital assets that maybe most people don’t even understand what those assets are. But then how do we insure them? Does that make sense?

Jennifer Tiang 5:35
Yeah, yeah. I mean, you’re exactly right. I think there has been a huge groundswell of thinking about this in a more cohesive way, like really kind of sitting out to think logically about it. You know, the first thing is measuring it, a lot of companies are now like, you know, we need to classify categorize, what are digital assets there, think things are sort of scaled so quickly. And it is time for companies to take stock and really, you know, have digital asset register and understand, what are they dealing with? It’s hard when you’re dealing with multinationals as well, you know, they’ve constantly acquiring different offshore premises. And so things, it’s just like a patchwork of networks. And so, I mean, to have a single pane of glass to understand what your full landscape is, that would be difficult. But this is the key priority for a lot of organizations has to be,

Michael Waitze 6:28
but again, a really great point, right? Like, if I have a building in New York and a building in Tokyo, I have to add on the earthquake risk to the building in Tokyo, maybe, but it’s still a physical building. Right? And it takes a while, let’s just say it takes two or three years to build like a corporate headquarters in any particular city. But I mean, I can throw up a machine room, right? Or get assets to cloud computing in a moment. How do you how do we help people? And we can understand the risk assessment for physical building really well, right, like, does it meet earthquake standards? How easy is it to burn it down? Right. And it’s pretty fixed. And it’s binary. But in the digital world, binary May was the wrong choice. But it’s not so binary, right? In other words, it’s this constant idea of how do we manage the risk around those assets? Do you is there a consulting part of what you do as well, that says, I can look at all your assets, and then figure out how they need to be insured and help you measure it on an ongoing basis? Again, does that makes sense?

Jennifer Tiang 7:24
Yeah, we do have a consulting, and it’s separate to our insurance and broking. Um, so they are definitely the ones that I mean, our team of guys, they’re a global team. And they’re from like, ex military defense backgrounds, or like, six CISOs. Yeah, they, they’re really sharp, and they just know how to advise our clients, you know, this is what you want to look for, or just even frameworks to understand better what their whole outlay is, how to understand their environments, then, once you understand what you’re dealing with, like understanding the quantification of the risk, and so that’s relating to like, what’s the cost impact of these things burning down? Because that’s what companies want to know. Right? Like, they want to know the dollars and figures sitting behind the risk?

Michael Waitze 8:06
Absolutely. What are these conversations like, though? In other words, when you go into a big company, small and medium sized enterprise, and you sit down with them and have a conversation about digital risk? Is there an already an existing understanding about what these things are? Or do they mean? Are they kind of surprised by like, Oh, God, do we really have to figure this out as well? Kind of thing?

Jennifer Tiang 8:28
Oh, it is quite a mixed bag, because every company is just so different parts of, of their maturity. So yeah, I think, in Asia, if I take a snapshot of say, like the companies that are sitting in what we would call like a middle market, so maybe revenues of under a billion, and maybe employees of like a few 100, let’s say, they’re all on this journey of they know, they need to know more. They know that what the current status quo is, it’s not optimum, right? So they’re all on a journey of discovery, measurement awareness. Like knowing how to invest and the protection. So yeah, I’d say where we’re all probably around, like, the toddler phase, the toddler. Yeah, yeah.

Michael Waitze 9:19
I have a buddy that I do another show with. And he’s French. And he tells me that when I speak French, I sound like a five year old. So I guess what I’m saying is, that’s the way most enterprises feel like when they’re doing this because it’s still really early. Right. And I That’s why I talked about this macro change. But here’s the other thing, if I’m starting a company today from scratch, right, because I like to say, in a lot of different ways. Diversity is just a good example because it’s something that people can see and they can feel if you want to have a diverse workforce. You have to do it from the beginning. You can bolt it on later, right? Because if you try to do it later, it’s just so hard to find a place to put that diversity, but I feel like security and cybersecurity and the insurance around it is also the same thing. Write? In other words, if I know when I start what I need to do, do you feel like it’s easier than to build it in? And if it is, what should I do? Right? So like, I have a company as well, and all of its remote all of its computers and microphones and technology. And I worry sometimes about my own stuff. I’m not at a billion dollars of revenue yet, but you know, we’re getting there. But what should I do?

Jennifer Tiang 10:21
Yeah, it’s interesting, you say that, because the client, our tech client, the large tech clients were, you know, the digital native, cloud native, you know, pure play tech, they are the ones that, you know, have security cybersecurity, baked in, because they’ve started life in this era, where cybersecurity is the number one priority, whereas older clients, you know, perhaps manufacturing clients where, you know, they aren’t at the cutting edge of technology, and their priorities are just different, you know, the KPIs for the organization is just to really maintain these bottom lines, and it is quite a thin margin that they’re having to deal with. So, cybersecurity, unfortunately, hasn’t been as highly ranked. And these are the ones that are getting attacked, because they haven’t had that, that priority and investment. But at the same time, these are the clients that are coming to us, and probably need a bit more steer or direction. And wanting to know, you know, what can we do to improve our risk posture?

Michael Waitze 11:18
So people are actually coming to you? Yeah,

Jennifer Tiang 11:21
it’s great. So we depending on what their needs are, or what their priorities are, either it’s our cyber risk consultants that assist them. Or if they, they’re saying, Yep, we’ve undertaken a study already, and we have a workshop with them to understand what investment they’ve really made into this cybersecurity, we’ve gathered a lot of information from insurers as to like baseline security controls that companies need. So we can run through what they’re looking like against these baseline points. And then we can say, Yes, you are like a candidate for cyber insurance. Because it’s some it’s actually hard to get, you know, obviously possible to get but it’s, it’s harder to get now the standards you have to meet are higher than in the past,

Michael Waitze 12:04
what is what does that mean, the standards are higher than they are in the past.

Jennifer Tiang 12:08
I would say it’s maybe a change of over the last two, three years, and I’m speaking about Asia. So that’s, you know, my experience, there’s been a number of times where clients have come to us, and we’ve presented their risk information to the whole market. And insurers have come back and said, No, we cannot quit. We’re not, we’re not closing for this. And that’s almost unheard of, you know, you’d think all insurers are vying for business, right? They’re all like hungry to quote. So it just shows a huge shift in the strategies of cyber insurance, they’re willing to say, No, we’re not even going to put down terms for this. Because the risk information has, you know, get sore, you’re not meeting what our underwriting guidelines are specifying. So it’s a more involved process for sure to get the cyber insurance.

Michael Waitze 12:54
So I think there’s an external impression about the insurance industry that it’s all sort of data driven, right? I have all this historical data, I have real time data, and then I can make an underwriting or capacity allocation decision based on that. Are we saying that there’s not necessarily enough information in specific cases about the cybersecurity risks, right? Because, again, to me, in a way, it all looks like an illiquid stock. Right? If I don’t have enough information about your balance sheet about your income statement, I don’t know what your earnings are specifically, I don’t know what they’ve been historically, I can’t price your stock properly, right? Because I don’t know what the price earnings ratio is. I don’t know what any of this stuff is. Right. is So is there a data gap? Is that where you’re saying in the cybersecurity thing? Is it possible to fill it? Or is there some other thing that’s out?

Jennifer Tiang 13:39
I would say it’s a bit of a data gap. And also, because from the insurance side, they might not, they might be asking the wrong questions as well. So our role is really to try to facilitate and be that bridge between the insured or the organization that wants cyber insurance. And they’re able to say, look, we do XYZ, to put it in really simple terms, we’ve got all the locks or the sprinkler systems, you know, where we’ve got everything we need, where our houses in order based on what our objective or subjective view of our own risk exposure is, you know, we’ve undertaken the assessment. And this is all the information we have to produce evidencing this present that to the cyber insurer, the cyber insurer might have a set of questions that just aren’t relevant to that particular organization’s environment or risk exposure. So, of course, there has to be some some kind of standard, but I do struggle sometimes with insurers that ask questions that are perhaps not exactly pertinent, but because of, you know, their guidelines. They’re saying this has to be answered in this particular way. So there is it is a bit of a data issue a bit of a understanding issue, because you’re trying to wrap your arms around something as amorphous that’s gonna

Michael Waitze 14:51
say that was a word actually. Yeah, it is real nice. But don’t isn’t it’s kind of fun and exciting for you, right? Because again, unless I have this wrong, it just me that it’s not this issue is not settled yet, right? Like the math around it’s not settled yet so far from, right. But that’s the point. So you’re in the process of kind of setting up the guidelines and guiding that. And that’s got to be fascinating on a day to day basis. Right? In other words, you’re not coming into work every day and doing what I did, which is like, press the same buttons over and over again.

Jennifer Tiang 15:18
No, I’m sure. Your days are much, just now. They’re

Michael Waitze 15:22
amazing, but I’m talking about was it Goldman Sachs just come in every day? Oh, okay. You don’t I mean, that’s gonna be fun. No,

Jennifer Tiang 15:29
it is fun. It is really fun. Um, and I know, this word has really heavily used but it is such an ecosystem. And I love learning all that I can from the other, you know, people that are in the ecosystem with us together, you know, cybersecurity firm, you know, one of our friendly partners is CrowdStrike. So they’re leading, you know, cybersecurity technology firm. There’s so much information that they share or crawl is like an incident response, Cyber Incident Response firm, they’re all really willing to share information with us that we can share to our client, this services that they offer that are very, that’s very complimentary to the journey of getting cyber insurance, because ultimately, your end goal isn’t to get cyber insurance, your end goal is to minimize your cyber risk. Right? Yeah. And having a cyber insurance policy is just part of that, in part, the final piece of the puzzle of that. And so we’ll do these parties are all aligned in that interest. And yeah, it is cool. It’s, you know, technology’s evolving so quickly, you know, a lot of these defensive technologies that’s all AI driven. And, yeah, it’s super cool. Fascinating.

Michael Waitze 16:33
I think a lot of people perceive cybersecurity as just protecting themselves against hacking, right? In other words, like you said, My door’s locked, my windows are closed, I pull down the shade at the at the end of the day, and I’m safe. But is there more to it than just that type of what people traditionally think of as hacking, and I’ll give you an example. I had a conversation with Lloyds lab and gays and the woman who runs their business in Europe called Merkel science. And there’s all this because Bitcoin and blockchain and all this stuff is happening there as well. There’s all this cyber risk around who you’re dealing with on the other side. Right. So are there things around cybersecurity that people aren’t thinking about? That? Maybe you’re exposed to that we’re not?

Jennifer Tiang 17:19
Yeah, I would view cyber risk when I’m, I feel a bit different to maybe from the point of view as the kind of risk and insurance broker on the cyber risk insurance side, because cybersecurity experts or cybersecurity engineers, they see a completely different world, or they see a different, you know, pane of glass, right when they think of cyber risk. When I’m seeing when I think of cyber risk, I’m thinking of the financial impact, that’s gonna hit you, if there is a cyber event. And and because this is what the cyber insurance covers, that’s what they respond to. And so hacking, yes, is a big part of it. But it’s all the ancillary costs relating to the cyber event, the legal costs to protect you to make sure that you’re a bit you’re advised to respond to regulators, if there’s, you know, mandatory notifications, the business interruption losses, if you know, you’re suffering downtime of let’s say, three weeks putting you at a show stop. So, yeah, that other realms I think resonates with Ford’s because they’re thinking, Okay, this is the dollars attention to

Michael Waitze 18:29
what can I do share responsibility, right, it’s to make sure that the financial impact of bad things don’t happen to them? Um, do you find in most cases that people worry about this after something bad has happened? You know what I mean? Like nobody worries about insurance until they break their leg, and then they think, oh, gosh, I should have had insurance for that, or are people just so knowledgeable about this now that they go forward? First, at least they try to think about it, you know what I mean?

Jennifer Tiang 18:52
Yeah, interestingly, we’ve had a huge increase in the inquiries, the cyber risk insurance. And a lot of these inquiries are stemming from us, because we got hit. And you just think all I really, you know, I wish, you know, you would have had insurance when when that took place, but I guess, you know, being through it, and they see the dollars that they paid out. They’re like, Oh, it’s sensible to have an insurance policy for it. Yeah, I think people are getting more realization that, oh, this is something that exists. And it’s from a point of view, it’s well, yeah,

Michael Waitze 19:28
we should definitely be involved. Do you see the growth of parametric insurance and measurement of cyber risks or cyber events as something that is becoming more and more relevant?

Jennifer Tiang 19:43
Yeah, good question. There is a parent I know there’s a parametric insurance solution related to cloud downtime. I’ve seen some some write ups about it, and placed it for any clients yet. We’re still trying to find out a little bit more about it, but I yeah, that’s an interesting direction that we could be moving into.

Michael Waitze 20:02
Yeah, I find the parametric place really like when somebody first introduced it to me. I didn’t know what it was right but parametrics does this out of Israel or risk wolf does this out of Europe, a guy I can’t remember name his company, but you go whale does this also out of France, there is a big shift. Again, I have a big inshore tech podcast. And we see this massive shift in the way people like you said earlier, right? Like they want to be able to measure things. Yeah. And in the cyberspace. And so all this digital information is kind of swarming around the internet. They’re creating indices around outages around internet downtime, missing flights, all this kind of stuff. And then they’re building insurance products around it, which I find fascinating, but particularly in cyber, right, because it can be measured. Your door was locked. It’s now unlocked. How long was it unlocked? How much was taken from you? And I think a lot about parrot indemnity. Do you know what I mean? In other words, okay, so something got stolen from you. And if we don’t give you some kind of automatic payout, you’re gonna your business is going to go out of business. So here’s, I’m gonna make up numbers, right, here’s $400. But now we can negotiate around the indemnity part of it right.

Jennifer Tiang 21:08
I’ve never come across parrot indemnity.

Michael Waitze 21:10
I made it up. Oh, I mean, I didn’t actually make it up. But I had a conversation with somebody about this. And it doesn’t exist yet. But this idea that you can use parametric insurance is kind of just like, okay, maybe you need open heart surgery. But first, you need a band aid kind of thing. Yeah. It’s just an interesting concept. No, yeah.

Jennifer Tiang 21:29
Yeah. I like the in terms of the parametric, this parametric, you know, business interruption. Insurance. I like the fact that it’s clear cut. So it’s just you know, this happens. event X happens, you get paid why? And I like how straightforward that is. But yeah, introducing it, like an indemnity aspect to it that that’s interesting.

Michael Waitze 21:52
I like it a lot. Yeah. Yes, we can talk about that offline. But I’m not starting a company to do that. Do you feel like? Do you feel like your legal background and your legal training gives you a different perspective? You know, it means that when you walk into a room and you hear all this stuff, if everyone’s looking at it from I hate this, all these words are getting co opted, but like an MBA is no don’t say embedded, Michael. But everyone’s looking at it from sort of a historical insurance perspective, you get to bring this other thing into the room as well. And then you can think about the legal implications, which you mentioned, as well, later.

Jennifer Tiang 22:27
Yeah. I really, I mean, I’m really glad that I’ve got that background. I like I feel very, because insurance policies are just contracts, right? Yeah. And so I feel very comfortable reading contracts, with cyber risk insurance, contracts, policies, a lot turns on a single word. And, you know, this could be the difference of a $2 million payout versus nothing like, it’s because we’re dealing with such quite novel concepts. You know, this is an insurance that’s been around for hundreds and hundreds of years that’s been tested, and has a stack of case law sitting behind it. And so I feel really fortunate that I can really dig into the policy wordings and, and challenge them. Ensures, must really appreciate me. But, um, I think you’re probably Yeah. But you have to get really technical, with cyber risk insurance policies. And I think it’s, it’s something that it isn’t a general insurance, that’s just, you know, kind of set and forget it is, you do have to get into the weeds of it. So, yeah, it is something that should be you should receive advice on, you know, proper advice, because you, you know, you don’t want to be getting a policy that that actually means nothing or doesn’t provide what you think it’s providing and a lot is, you know, hidden within these terms and phrases that’s

Michael Waitze 23:53
exclusions. Do you

Jennifer Tiang 23:54
feel Yeah, add exclusions, yeah.

Michael Waitze 23:56
Do you feel in a way that cyber insurance for organizations is almost like life insurance for humans?

Jennifer Tiang 24:04
Yeah, yeah, I really do. It’s funny that you know, companies today, they don’t blink an eye, you know, the property insurances because they’ve been paying these, you know, aeons it’s just you know, it’s a cost that we’ve we’ve always had. And then cyber insurance seems to be luxury spend or discretionary spend yet it’s insuring your ability to survive in the event of your lifeblood, your data, your systems going down, you know, everyone moving to this remote working environment. That was a huge, huge change. And I think it made us realize what do we need to work what what do companies need to be operational network systems working properly and securely that’s that’s all we need. We don’t need like that corporate headquarters necessarily housing our 200 employees as long as I’ve got that, that set up.

Michael Waitze 24:57
I feel sometimes like there’s a little bit of if I don’t See it? I don’t need to think about it. But once I do see it, I can’t unsee it. Right. And that’s why that’s why I asked you earlier, like, are companies really waiting and not waiting on purpose? But once they get cyber attacked, and they see the financial implications of it, they think, okay, we probably should have had insurance for this. Yeah. Is that fair?

Jennifer Tiang 25:21
Yeah. And and I do feel like I’m on a bit of a campaign, you know, getting insurance is always going to be a risk management decision for the company, you know, whether you do we self insure, or do we transfer it to the insurer, I’m probably not a very good broker, like, I’m not going to sell you something that, you know, you you don’t need or you don’t, if it doesn’t make sense, if you’re not investing already, in your cyber risk controls, you probably shouldn’t be getting cyber insurance policy, you should invest in your controls first. But if they do see the value, I think I mean, it’s a no brainer, really to transfer the risk out to the insurer. Yeah.

Michael Waitze 25:56
I mean, that’s why I asked the question earlier, right in that is, does something need to happen first, they do, right? Because until they have to make a payout themselves to go build the infrastructure to protect themselves from attack, right? Like, you can’t build a building that’s not to spec in Tokyo for earthquakes, you can’t do it, they won’t let you. And in a way, I think what’s going to happen over time, is that companies are going to have to meet certain specifications on the cyber side, like, no one’s going to go up to the 35th floor of a building, if they feel like in an earthquake, it’s gonna fall down. Right? So I think it’s the same thing is going to happen in the cyberspace is like, I’m not going to deal with a company unless it’s past some sort of certification for all of these, let’s just call data protections. Because if I give you my data, which in most cases I do, at some level, I want to make sure that it’s protected. And if it’s not with you, it will be with somebody else. Yeah. Right. And once I think that gets figured out, it’s no longer going to be a luxury item to have cyberinsurance. It’s just going to be a line item item, just like it is for your physical plant. And this is why I don’t want to go too deep into the rabbit hole of the metaverse either, right? But at some point, the metaverse is going to become the universe. We talked about this before, right? There’s a limited amount of physical plant we can create. But there’s not a limited amount of digital assets and digital sort of interactions that we can create. That’s infinite. And when that takes over, that’s going to have to we’re going to have to figure out how to ensure that because we’re going to finish insuring the physical plant and equipment at some point. Is that does that make sense?

Jennifer Tiang 27:28
Yeah. Where we start to get to get a few more inquiries about insurance, the NF T’s. That’s an interesting conversation. And, you know, insurers are scratching their heads trying to figure out, you know, what’s the insurance solution for this? Yeah, we’re moving into pretty exciting new territories.

Michael Waitze 27:49
Yeah. And again, most people think and I was having this conversation yesterday with somebody, I’m curious what you think about this, but most people think of NF T’s is just like a monkey with a hat on backwards, right. But the reality is that the token I can’t remember if it’s ERC 721 I can’t remember, right, but the Etherium protocol that manages the the NFT, is really just a proof of digital ownership. Right? So in the same way that I can insure the deed to the house that your parents bought, when they when you were in New Zealand, right, because that’s all an NFT is non fungible token, it’s just here’s the digital proof of your ownership of this asset, which is now tradable, not just locally, originally, but globally. That’s the that’s the real difference in the real innovation here is the ownership. And you can ensure that offline, for sure. And you’re gonna have to be able to ensure it online to write and, and actually offline inside online, sorry, it’s easier to prove ownership because the digital footprint can be non fungible. Whereas I could forge your signature on a piece of paper that has the same documentation. It’s hard to forge an FTDI. Anyway, so that’s an interesting space for you as well. Go ahead.

Jennifer Tiang 28:57
Yeah. Yeah, no, exactly. And I think it’ll be some time before we get to the point where I have insurance for NF T’s being widespread. I think it’s still Yeah, I wonder if they’re going to if it’s going to be more like a CPC insurance, like Fiat, you know, to try and kind of solution?

Michael Waitze 29:18
Yeah, I think it’s, I think it’s actually going to be way better than that. Because it’s going to be the owning that the digital ownership. And the representation of that ownership is really what the NFT is today, it looks like art, because that’s it always starts somewhere. But at some point, everything we own, and everything we buy is going to be purchased digitally. And that digital ownership right is what that NFT is that’s the non fungibility of it right? Like, those are your headphones. I can’t just take them. They’re yours. Yeah. Yeah. They don’t fund you into mine. Yeah. And I think because of that, once that thing gets better understood. that’s then going to turn into insurance, but you’re right. From a cyber insurance perspective and a digital insurance perspective, all of the play to earn all of Learn to earn, all of these things are gonna have insurance components to them. And it opens up an entire new distribution mechanism. Yeah. Who you like oh, no, don’t get that big. What else did we miss? Is there anything you have any like, not funny, but you have any examples of some cyber stuff that’s gone bad. Maybe you’re that you can share that people will understand.

Jennifer Tiang 30:24
Yeah, well, I can. I can share it some no names.

Michael Waitze 30:29
Yeah, sure. Sure. Sure. Just anonymously, but just examples of stuff that can go bad. Yeah.

Jennifer Tiang 30:33
Yeah. Um, I mean, Cyber Games typically always going to happen on a Friday night, or like a Saturday, early morning before a public holiday. And I think typically, what trips an organization up is, is the lack of understanding. So if they’ve got the cyber insurance policy, the right people at the helm, not knowing of the existence of the policy, or not knowing what to do so not knowing like which number to call or who to contact. So and then we’ll get a call a panic call at 3am on a Saturday, and you’re not, you know, the broker is not necessarily going to be able to do much for you at that point. And so, just some tips for those that do have cyber insurance policies, just make sure that you know, which number to call and what the protocol is to activate everything. I think it’s such a godsend having that policy there, because they’re basically you’re there like your what’s your emergency number in Bangkok? Is it triple zero? Or I don’t mean here, it’s,

Michael Waitze 31:36
that is that I was just trying to figure it out. You’ve never had to call it but it’s like 911 in America, right? You just dial

Jennifer Tiang 31:42
911 Yeah, and and so it’s having that peace of mind that you’ve got that nine, one number to call if things have gone bad, I think is the hugest benefit, and having the policy there, but yeah, so some bad tales of clients, either not knowing not knowing what to do, going off and engaging their own vendors and and racking up the bills. And then after the fact coming to the insurance and trying to get these covered. That can put them in a bit of a problem. But then on the flip side, we’ve had many, many good tales where it’s been hundreds of 1000s million dollar claims paid out in Asia. And and that’s yeah, that’s been really happening. I think when you’re placing the insurance policy for the client, you’re just it’s a promise to pay and when that comes through, you just feel really good. You know that the clients been able to get the value of the purchase.

Michael Waitze 32:37
I think that is the perfect way to end…on a great client story. Jennifer Tiang, the Regional Cyber Lead Asia WT W. That was awesome. Thank you so much for doing that today.

Jennifer Tiang 32:46
Thanks.