A woman smiles at the camera in an office setting. She is Marie-Louise de Smit, a cyber insurance specialist at Aon.
Marie-Louise de Smit. Image: Aon

‘Cybersecurity is like a race between the threat actors and those trying to prevent attacks’

11 May 2023

Aon’s Marie-Louise de Smit discusses her role as a cyber insurance specialist and how the cyber insurance market has changed as the sector has evolved.

Marie-Louise de Smit is a cyber broking manager at Aon. Prior to her current role as a cyber insurance specialist, de Smit worked in IT sales and spent time as a lawyer for IT companies. She feels that cybersecurity is a positive industry to work in “for individuals, companies and society”.

“We are trying to make the world safer by helping clients protect themselves from the financial consequences of cyber incidents.”

‘When it comes to cyber risk, there isn’t a crystal ball’

If there is such a thing, can you describe a typical day in the job?

The world of cyber is a fast-moving one, so every day I work to stay engaged and learn the latest about what is happening. I do this with usual tools like email communication with other experts and following news feeds about cyber insurance. These help me prepare for and prioritise the most important tasks in my day.

I spend a bulk of my day advising clients about their cyber risk profile, based on data they have shared and information I have about their organisations. I also attend meetings most days and I take all of them seriously – the risk of cyberattacks and data breaches is considered the number one threat facing companies today and what we do to help them makes a difference for our clients.

What types of cybersecurity projects do you work on?

One of the projects I’m working on that the team is proud of is our recent webinar about NIS2: stricter requirements for cyber resilience. The European Parliament is seeking a higher level of cybersecurity within the European Union and set a new directive of stricter requirements for the cyber resilience of “essential” and “important” organisations. We explained in a webinar what this means and how Aon can help clients meet these important requirements. More than 500 people joined the webinar in real time and another 1,500 people have logged in to listen to the recording. We received lots of positive feedback from C-suite attendees.

What skills do you use on a daily basis that are specifically helpful in cybersecurity?

As I advise clients on cyber risk management and cyber insurance, my cybersecurity skills need constant development. In such a fast-moving field, it’s key to keep an open mind and not be afraid to ask questions. We always advise that a cyber insurance policy be complementary to the overarching cybersecurity strategy, not the other way around. A crucial first step is to make sure the policy is relevant for the client’s organisation. And with our clients, I never stop asking questions so I can better advise them about their cyber risk.

What are the biggest challenges when working in cybersecurity, and how do you navigate them?

Cybersecurity is like a race between the threat actors and those trying to prevent attacks. The threat landscape evolves so quickly and each change has far-reaching consequences for the cyber insurance market. I try to navigate it by keeping up with cybersecurity news and to ensure I have a variety of sources from both colleagues and other business leaders. As attackers refine their methods and find new ways to exploit vulnerable systems, cybersecurity professionals have to stay one step ahead to effectively control and neutralise the threat.

Do you have any productivity tips that help you through the day?

Something that is key for me is effective prioritisation. I tackle the most important things first each day. It’s the only way to stay ahead and not get distracted with an overload of information or other less-urgent requests and work-related tasks.

What skills and tools are you using to communicate daily with your colleagues?

Chat (WebEx), phone and e-mail.

I try to be as personal as possible although I am focused on what I aim to do or gather from interactions I have with others. We expanded our team recently and it’s extra important for me to engage with my colleagues in real life. I feel privileged that we’ve been able to grow the team and it’s made us more effective. Especially when you keep in mind that 66pc of organisations say they struggle to recruit cybersecurity talent.

How has this role changed as the cybersecurity sector has grown and evolved?

When it comes to cyber risk, there isn’t a crystal ball. The cyber insurance market changed significantly in the last couple of years as cyberthreats evolved and our purpose is to understand and provide solutions to help our clients make better decisions. At the same time, we continuously update them on actions needed to mitigate risk and support a rapid recovery in the case of an attack. With many cybersecurity issues showing up in the news, in this role you really feel that you’re contributing to help companies recover faster, financially speaking, and protect themselves and their future.

What advice would you give to someone who wants to work in cybersecurity?

If it’s something you are interested in, I’d say to go for it. It’s a career that can be enjoyable and there is the opportunity to learn something every day. It’s rarely dull. And cyber risk is a rapidly growing threat that will continue to evolve over the coming decades. In fact, cybersecurity has risen to the top of the agenda for organisations around the globe and is expected to remain so in the coming years. It is, and will continue to be, a very interesting field.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Loading now, one moment please! Loading