Podcast: Play in new window | Download (Duration: 17:46 — 24.4MB)
Subscribe: RSS
Summary
On this episode of Chattinn Cyber, Marc is chattin’ with Mike Maletsky, Vice President and Practice Leader for Tech, Cyber, and Crime at Hiscox. Mike begins by discussing his career journey into the insurance industry, explaining that he “fell into” insurance after studying finance but stayed because he found the work intellectually engaging and people-focused. He emphasizes that cyber insurance is about much more than selling policies—it’s about understanding complex risks and helping businesses mitigate them. He also introduces Hiscox’s long-standing focus on serving small businesses, a segment that is often overlooked despite its critical role in the U.S. economy.
The conversation then shifts to the cyber threats currently facing small businesses in 2026. Maletsky explains that cyberattacks are no longer isolated incidents affecting only large corporations. According to Hiscox’s Cyber Readiness Report, more than half of small businesses experienced some form of cyberattack within the past year. He discusses how ransomware, phishing campaigns, and cyber extortion continue to evolve, with artificial intelligence dramatically increasing both the sophistication and scale of attacks. Traditional warning signs such as poor grammar and obvious spelling mistakes have largely disappeared, making fraudulent communications increasingly difficult to detect.
Looking ahead, Maletsky explores how AI and emerging technologies will reshape cyber risk over the next decade. In the near term, AI is making phishing emails nearly indistinguishable from legitimate communications. In the medium term, increasingly convincing deepfake audio and video could enable highly sophisticated fraud schemes, including executive impersonation. Longer term, developments such as autonomous AI agents and quantum computing could fundamentally alter internet security by challenging today’s encryption standards. At the same time, he notes that cybersecurity professionals are leveraging many of these same technologies to build stronger defenses, creating an ongoing technological arms race between attackers and defenders.
The discussion also highlights the wide-ranging impact of cyber incidents beyond financial losses. Maletsky explains that a cyberattack can trigger cascading operational disruptions, including business interruption, regulatory notifications, reputational damage, and customer distrust. Perhaps most importantly, he argues that cyber incidents are fundamentally human events rather than purely technical ones. Employees often experience intense stress during an incident, particularly those responsible for responding to attacks or those who inadvertently initiated a breach through a phishing click. Organizations can suffer from burnout, blame, and deteriorating workplace culture long after technical recovery has been completed.
Finally, Maletsky outlines practical steps small businesses can take to improve their cyber resilience. He stresses the importance of ongoing employee awareness training, implementing basic security controls such as multi-factor authentication and reliable backups, and viewing cyber insurance as more than financial protection. Modern cyber insurance increasingly includes preventative services such as phishing simulations, breach coaching, employee education, and risk management resources. He closes by noting that 77% of U.S. small businesses remain underinsured against cyber risk, emphasizing that many companies mistakenly assume cyber insurance is prohibitively expensive when, in reality, coverage is often affordable for even very small organizations.
5 Key Points
- AI is making cybercrime significantly more effective, especially through highly convincing phishing emails, ransomware operations, and deepfake impersonation attacks.
- Small businesses are increasingly targeted, with 56% experiencing some form of cyberattack in the previous 12 months according to Hiscox research.
- The consequences of cyber incidents extend beyond financial losses to include operational disruption, reputational harm, customer notification costs, and employee stress.
- Employee education, basic cybersecurity controls, and proactive cyber insurance services are among the most effective defenses for smaller organizations.
- Roughly 77% of U.S. small businesses remain underinsured against cyber threats, representing one of the largest gaps in cyber risk management today.
5 Key Quotes
- “Cyber is such a unique risk… it’s never one thing.”
- “A cyber attack is a human event. It’s not a technical one.”
- “The company’s weakest point is that least-trained employee.”
- “I don’t need to compete against my competitors. I need to compete against the non-buyers.”
- “The good news is the good guys also have this technology.”
About Our Guest
Mike Maletsky is Vice President of Technology E&O/Cyber at Hiscox USA, with more than 18 years of insurance industry experience. He brings a strong technical foundation in underwriting management and professional liability, including cyber insurance, and has deep expertise across both manual and digital distribution channels. Mike has a proven track record of building full-stack new products through digital distribution, with a focus on technology errors and omissions (E&O), excess coverage, and cyber liability. Known for serving as a key bridge in product development workstreams, he effectively connects business and underwriting priorities with technology implementation to drive aligned, successful outcomes. Throughout his career, Mike has demonstrated a commitment to innovation and to delivering forward-looking insurance solutions informed by emerging technologies and industry best practices.
Follow Our Guest
About Our Host
National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.
Follow Our Host
