Article
Middle Market Spotlight: Meet Brian Mihich, VP, Middle Market Underwriting
Behind the scenes with one of At-Bay’s middle market underwriting leaders
In this edition of our Underwriter Spotlight Series, we’re featuring Brian Mihich, At-Bay’s Vice President of Middle Market Underwriting.
Brian’s insurance journey began with a role as a property claims adjuster at Travelers, which had him literally chasing storms and climbing onto roofs to assess hail damage. After five years of that, Brian joined AIG as a cyber underwriter when the field was still in its relative infancy. He spent more than a decade there, eventually coming to manage AIG’s middle market cyber team, gaining valuable experience in both retail and wholesale channels along the way.
After over 10 years in cyber underwriting, Brian joined At-Bay* seeking a new experience with a growing organization where he could work with an internal security team, providing clients with solutions and guidance to help them become better risks and secure more favorable terms. Here’s what he has to say about underwriting complex risks, the power of InsurSec, and more.
1. What do you find most rewarding about underwriting?
I find the most rewarding aspect of underwriting is solving the puzzle — finding the best possible solution given the circumstances I’m dealt. The challenges vary depending on the market cycle we’re in, but regardless of whether I’m navigating a soft or hard market, I always enjoy the collaborative process with brokers.
Each time brokers send a submission, they provide selective information, and it’s my job to find what I need to quote the business competitively. This often involves building relationships with those brokers and working together to create solutions.
Often, the first quote I provide isn’t what’s ultimately bound. The key is getting my foot in the door, then digging in to understand what’s most important to that broker or client to land on the right coverage at the right price for everyone involved.
2. What security controls do you recommend to provide more favorable terms and coverage?
When discussing security controls with brokers, I focus on a key reality that At-Bay sees repeatedly in our claims data: Ransomware attacks are fairly agnostic.
While certain industries and revenue bands may experience higher frequencies of attacks, ransomware attacks can truly happen to any organization. The better monitoring solutions clients have in place for all their various security tools, the better position they’ll be in to prevent or mitigate losses.
Multi-factor authentication (MFA), managed detection and response (MDR), and strong patching cadence form the foundation of a solid security posture, but there’s no one-size-fits-all. The most effective approach is to identify specific vulnerabilities in a client’s security infrastructure and explain how implementing certain controls could not only improve their terms and coverage but also genuinely strengthen their security posture against evolving threats.
3. How do brokers benefit from At-Bay’s InsurSec approach?
I view InsurSec as the future of underwriting. Instead of just responding after incidents occur, At-Bay is taking a proactive approach to help clients identify and address vulnerabilities before they become problems. When there’s a mass vulnerability with a particular security tool, At-Bay is much quicker to respond than most carriers, providing our broad insured base with guidance on what we know and recommendations for patches or other remediation steps.
Cyber risk isn’t going away. The more value an insurance provider can offer through recommendations, data insights, and loss services available to insureds through their policy, the better positioned that provider will be to mitigate their risk. It’s better for the insured, better for the insurer, and better for the sustainability of the market as a whole.
4. What’s one of the most interesting deals you’ve closed recently?
I recently worked on a deal with a unique subsidiary structure that presented an interesting challenge. The parent company had solid security controls in place, but we had limited information about one of its subsidiaries.
Rather than automatically restricting coverage or creating complex sublimits, I took a step back and applied a common-sense approach. I evaluated what we did know about the parent company’s overall security posture and made an assessment based on the whole picture provided by the available information.
Although the broker had multiple options, they ultimately chose At-Bay’s solution, which didn’t include any special carve-outs or exceptions. This reinforced my belief that sometimes, straightforward underwriting that applies common sense rather than rigid rules can win the day.
5. How do you ensure the right coverage is provided for complex middle-market risks?
Getting the right coverage for middle-market clients has a lot to do with direct communication with the broker. In conversations with brokers, I often find out what matters most to the client — information that can be difficult to parse out in an on-the-page application, especially for complex risks. After a conversation, I find that I often need to refine the terms and conditions in my original quote.
As an underwriter, I also need to analyze the risk profile of the company up front. For instance, if I’m quoting a healthcare organization, I know that claims frequently arise in tracking technology and data protection. These areas will likely become focal points in the negotiation and ultimately determine the terms that win the deal.
About At-Bay
At-Bay is the InsurSec provider for the digital age. By combining world-class technology with industry-leading insurance, At-Bay was designed from the ground up to empower businesses of every size to meet cyber risk head on. At-Bay Insurance Services, LLC provides insurance protection and security prevention solutions to close to 40,000 businesses in the US, safeguarding up to $800B in collective business revenue, and offers coverage by non-admitted insurers for Cyber, Technology Errors & Omissions (Tech E&O), and Miscellaneous Professional Liability (MPL). The At-Bay Group also includes an active full-stack insurance company and a cybersecurity company. At-Bay Security offers proprietary cybersecurity solutions including At-Bay Stance Managed Detection & Response (MDR).
*At-Bay Insurance Services LLC is a wholly owned subsidiary of At-Bay, Inc.
