I work in insurance: Tom Bennett, cyber incident specialist, CFC
Working as cyber incident specialist at CFC Underwriting, Tom Bennett ensures he stays abreast of recent developments in both hacker methodologies and cyber defence strategies
What is your role?
I work as part of the in-house incident response team, serving as the first point of call for customers who are experiencing a cyber attack. I utilise my training and experience in digital forensics to suggest a course of action, working alongside cyber claims adjusters from CFC as well as our global partner network.
I also assist with the risk management offerings, which aim to provide tools for customers to prevent cyber attacks and be better prepared in case one does occur. This includes carrying out research and development into emerging cyber threats, so that we can stay ahead of new causes of cyber claims as they emerge.
How did you get into this?
Getting into insurance was a bit of an accident – the recruiter who sent me the incident response job advert I applied for did not mention the nature of the business. Before working at CFC, I had worked for a few years in UK law enforcement as a digital forensic examiner in a regional organised crime unit, on their cybercrime team.
What does an average day look like?
As incident response is an inherently reactive field an average day is hard to pin down. Some days involve numerous clients notifying significant data breaches and other suspected cyber attacks, while some involve no new hotline calls at all.
When not responding to new incidents as part of CFC hotline, I work on existing investigations, working with partners around the world to ensure clients get the support they need so that their business can be up and running again as soon as possible.
My day also tends to include a significant period of research and development. In the fast-moving world of cyber attacks, knowledge can quickly become outdated, so I put my ‘white hat’ on and dedicate the hours needed to stay abreast of recent developments in both hacker methodologies and cyber defence strategies.
What have some of the highlights of the role been?
I enjoy the human aspect of helping people who are often in a period of crisis. Through the experience that CFC’s claim team has of dealing with literally thousands of cyber incidents, we can ensure that any initial fears are allayed as we walk a client through the incident response process.
Any challenges you have faced in the role?
Dealing with the cyber criminals who cause many of our customers’ claims can be challenging due to its inherently adversarial nature: defender vs attacker, or investigator vs those trying to remain undetected. However, this just brings out my competitive nature and I enjoy this cat-and-mouse game.
What response do you usually get when you say you work in insurance?
In some of the nerdier circles I frequent it can come as a surprise, until they learn it’s cyber insurance and then it makes a lot more sense.
Insurance POST staff