Kevin Hewgley Podcast Transcript
Kevin Hewgley joins host Brian Thomas on The Digital Executive Podcast.
Welcome to Coruzant Technologies, Home of The Digital Executive podcast.
Brian Thomas: Welcome to The Digital Executive. Today’s guest is Kevin Hewgley. Kevin Hewgley is the Senior Vice President, National Director of Financial Services, healthcare and higher education, and practice leader, Midwest healthcare and education at the Lockton Companies.
Kevin serves as the national resource in management and professional liabilities with the Lockton companies, a former executive risk senior underwriter with Chubb. Kevin’s background coupled with over 30 years of health care and education, risk identification and mitigation allows him to represent his clients from multiple points of view while at Chubb, Kevin worked as an underwriter in the specialty risk space, including cyber and management liability and has underwritten risks.
Manage complex claims and advise clients globally on this rapidly evolving environment is experience around crafting policy wording, serving as a claims and litigation advisor and working with carriers on product development. I’ve given him keen insight into the overall marketplace. Kevin has extensive knowledge and experience around emerging risks, enterprise risk management programs, and corporate board advising.
Kevin joined the Lockton companies over 16 years ago and became their first national director of financial services, where he oversees healthcare and higher education practice.
Well, good afternoon, Kevin. Welcome to the show!
Kevin Hewgley: Thank you for having me!
Brian Thomas: Absolutely. So fun to jump on a podcast here today at the end of the day, but we do appreciate it.
Love traversing the globe and meeting new people. And Kevin, let’s just jump right into your first question here. Can you share with us what initially drew, drew you into the fields of healthcare and education risk management, and how your early experiences at Chubb shaped your approach to risk identification and mitigation?
Kevin Hewgley: Absolutely. And I appreciate the, the opportunity to be with you and your audience. I actually fell into this non intentionally, which I think a lot of people in this industry would say, but both my parents were educators and after college, I actually started working in higher education assistant dean of admissions at one college and the development director at a large university.
And it was at that time that I actually fell in love with the mission and the work around and the support and the advancement of education in particular. And healthcare that kind of wraps around that in particular academic medical centers. But once I started working in higher education, I actually came to realize that I enjoyed board meetings in corporate governance.
Some people might say it’s an illness, but it’s actually something I enjoy. I love planning, preparing, attending, participating in and presenting to boards of all shapes and sizes. It was from there that I kind of expanded my relationship when I worked at Westminster College I actually got to plan and participate in several heads of state visits from visiting dignitaries from across the globe, and part of that process included risk management.
And I was shocked at the kind of the scope and level. Of risk management preparation strategic thinking engagement, the number of critical participants that were involved and just the start to finish process around risk management. And that’s really kind of what spawned me in that direction.
And so, when I finally made the decision to leave the nonprofit world and in higher education. I actually had some important guys, some support and some guidance from a man who would become my father-in-law who said if you actually like board meetings, you should become a DNO underwriter.
And I didn’t know what that stood for eventually learned directors and officers and at the time, There were only really two carriers actively in this space, Chubb and AIG. And so, I found out that Chubb probably had the most extensive training background program in underwriting and that’s The route I decided to take and so I became a junior underwriter and then an underwriter and senior underwriter and then at the time we actually did everything we did healthcare education, nonprofit, public, private, financial institutions, and everything in between.
Back in the very early days of it all, and, and actually DNO and employment practices liability were both kind of emerging risks at the time. And I think a lot of people are shocked to hear that cyber liability was around that long ago. It was in a completely different form, but it, it, it does go far that far back for sure.
So that’s kind of the background of what got me into the space.
Brian Thomas: Thank you. And I can see through your story there, which really did love is. The fact that you had, you know, coaches, mentors, or in your case, maybe the form of a parent that helped you kind of make those decisions and guide you along the way.
And, you know, sometimes in life, those are some of the best things you can have to help guide your career. So, I appreciate the story and Kevin, you have a strong background in specialty risks, including cyber and management liability. Given the rapid evolution of these areas. How have the challenges and strategies in managing these risks changed over the past decade?
Kevin Hewgley: That’s a great question, and it’s kind of hard to answer in a short amount of time, but I will do my best. So, when I first started out, risks seemed to change by the year. And then as the kind of world progressed and evolved, it seemed like they started changing by the month. And, and now I would clearly say sometimes they Change by the day and almost to the hour.
A really good example is, you know, ransomware events in cyberspace really weren’t a known commodity a few years ago that became commonplace three, four or five years ago. But just to give you a really fresh example of one of the largest ransomware events in us history that we’ve been kind of working through.
The last couple of weeks just kind of changed on a dime when it was disclosed just in the last 48 hours that the incident, the entity that was doing the extortion was actually the subject to social engineering fraud and the ransom payment was routed. to another organization, to another threat actor.
And so, it’s the first time where an extorter was extorted against in the process. And that was something that nobody had ever contemplated 72 hours ago. So, it is rapidly changing. And like I said, almost on a daily basis, which While it’s challenging at the same time, it can be exciting. So, you know, I’d say the, the key is staying educated.
I find a lot of prospects, clients, or, or people in the industry that try and sit back and wait for trends to come across to them are the ones that are the most caught off guard, and those are the ones that are. All of a sudden in a defensive posture, which is never what you really want to be.
And you certainly don’t want to be in front of your board or in front of your customers or constituents in the defensive posture. So, I really say stay educated you know, be involved in conferences and white papers and reading materials, online news and simply. When you get an article of interest or you see something of interest, just flip the story and say, what would that look like?
Or how would that apply to us if that were to happen for us? And part of that is focusing on emerging risks and really anticipating the next round of what the trends are going to be and being able to ask the difficult questions. You know, a great example is artificial intelligence and A lot of organizations don’t even know where to begin or, or kind of how to get their arms around it.
And if you’re not willing to ask the difficult questions, it’s kind of the ostrich in the, in the sand where they’re putting their head in the sand and just kind of ignoring everything that’s going around them. It’s dangerous to be in that, and it catches a lot of organizations off guard. And so.
You know, I mentioned earlier when I started in cyber underwriting at the time, a lot of CISOs and I.T. directors and InfoSec directors and CEOs, board chairs and CFOs are all surprised that cyber was around that long ago. When we were underwriting at the time, we were focused solely on 2 things meta tags and deep linking.
And today, those are kind of foregone conclusions that nobody is concerned about underwriters don’t even spend 2 seconds on. And I can, I can remember spending months and days working around those 2 aspects. And today it’s. Artificial intelligence and the implication and what are your vendor controls and what are the security profiles of your downstream users?
And it’s just something that’s rapidly evolving. And I think that’s what makes it the most challenging is a lot of organizations have so many different hats to wear for key executives in particular that are doing so many jobs that risk and risk identification and trying to stay on top of this is, is sometimes difficult.
Too daunting for them or they just don’t even know where to begin. But I think if you keep it simple and you try and stay as educated as you possibly can, and you’re willing to ask those difficult questions, it’s not something that you can’t overcome.
Brian Thomas: Thank you. I love that. And interesting about that recent story you shared about that latest ransomware attack.
I had not thought about that either and didn’t know that until you told us this evening. So, I appreciate that. And I like the fact that you. You’re absolutely right. You know, the best defense is, is the best having a good offense in this space. You really do. You just can’t sit back and wait. So, appreciate the share.
Kevin, as someone who advises corporate boards, what common challenges do boards face today in financial services for health care and education and how do you help them navigate these challenges?
Kevin Hewgley: Another great question. First, I would say I practice what I preach. And what I mean by that is I think it’s important to stay involved and committed in particular to the nonprofit boards.
If you’re in an industry and you’re not serving on a nonprofit board outside of your job. Or outside of your career, you’re really missing out on a tremendous, tremendous learning experience. And what I mean by that is you can be exposed to so many things that you may never even contemplate. And, and yes, it’s a fantastic way to give back to your community and to support different charitable organizations.
But at a minimum, it is, for me for the non-profit boards that I serve on and that I advise and I assist. I learned something new from them and from the individuals I interact with. And, and a lot of times what I’ll encourage younger individuals to do is, is to even step and serve on a board that might be a little bit outside your comfort zone again, because you might see or learn things that you had never contemplated.
But that’s my first approach. The second one is, I’d say is, Around board perspectives, board members will tell me off the record. They don’t know what they don’t know, and they cannot be experts on all things, which I appreciate it. Candidly, when my board members or the directors and officers that I’m advising are that candidate up front with me, because That helps give me a level setting field when I’m working with them, and I’m trying to educate them on either emerging risks or specific exposures or even dealing with very sensitive issues.
So, just that understanding and that agreement that they don’t have to know what I say is you don’t have to be the expert of all things, but if you can surround yourself with, with experts in this space, you’ll be far better for it. The, the third advice and all of my board members and. Employees I work with on my nonprofit boards have heard me say this a thousand times.
Be clear, be concise, be consistent on all information, whether it’s internal communication or external, if you’re not clear, concise, and consistent, my kind of three rules of C you’re really missing out because that is what really assist you in establishing what the message is around what it is you’re doing and most importantly supporting your mission.
I think if there’s a fourth, it’s I like to keep all of my opinions out of all guidance. I got that really, that advice really on in my career from a publicly traded board that said, we don’t hire you to bring your opinions to us. We hire you to bring your expertise. So, keep your opinions out of everything that we do outside of the room.
And just keep it to the facts. I’ve had some board members use the KISS principle. Keep It Simple. Keep It Simple. Stupid. Some will add the extra “S” on there, which I always find humorous. But I think if you can keep your opinions out of out of your guidance and support, it just makes the better the organization better and stronger.
Then I’d say kind of my final, or my, my fifth point would be try and support the organization, understand the mission at all times, and really seek the concerns before they arise. So, if you can help them stay in front of emerging risks or issues or advise them when they find themselves in the crosshairs.
Both you and they will be better off for it.
Brian Thomas: Thank you. Appreciate that. Kevin. There’s quite a few nuggets that we’ve extracted, excuse me, extracted out of your answer there this evening. And I really do appreciate that. There’s a lot that can be said with your breadth of experience. I’m very glad that we’ve had that.
Conversation on this tonight. So, I appreciate that. And Kevin, the last question of the evening, looking ahead, what major trends do you foresee impacting risk management in healthcare and education over the next few years?
Kevin Hewgley: This one can be challenging. I love being put on the spot on this and, and my answer is never the same.
I will say that I think right now, Without exception, and I’m starting to see it accelerated at a tremendous pace is artificial intelligence. I think that’s the leading cause for both health care and education. Ironically, health care has been dealing with artificial intelligence in some cases up to 2 decades.
But what I’m seeing is the speed and the complexity around the use and integration of artificial intelligence is I don’t want to say it’s the biggest concern. I think it’s the biggest opportunity, but I’ll tell you, the majority of organizations either really They really don’t understand the downstream implications or they get caught up in, you know, whether it’s the, the potential to reduce costs or the potential to reduce risk or the potential to reduce harm or damage to patients or customers they get excited and they tend to jump on the bandwagon of that and, and not really understanding what I would, would say is the downstream implications can be imperative.
And I don’t want to see them lose the ability to find those at fault, but you’ve got to understand where all those actions originate from and where the liability falls. And what I mean by that is, in particular, like in healthcare, it’s the, it’s a change in the standard of care. And if you’re in the healthcare industry, you understand that you live, breathe and die by it.
It’s the, the care delivery method that’s provided to all patients. And as soon as that care model steps away from human-to-human interaction and becomes artificial to human, it disrupts everything, including insurance, including risk, including operations, including liability and safeguards and protections.
And so that delivery mode and that method is something that that’s imperative. And I, and I think AI is only going to push that and accelerate that at a higher speed. Clearly, cyber and privacy liability continues to be, I think it’s, has maintained the top one or two risks of CEOs for the last five consecutive years.
And rightfully so, I have yet to come across a board that doesn’t say if when we get hit, it’s when we get hit by an event and are we ready? And again, it kind of goes back to that. We don’t know what we don’t know mentality. I’d say the rise of regulatory actions and antitrust activity is only going to continue in particular, as you have government agencies that become more emboldened is issues become more politicized.
I think that’s a significant concern of mine. We’ve seen that in particular play out. In areas of health care and education that nobody ever would have thought of a year or two ago, in particular, in a couple of states, Florida, Texas, some of the Carolinas, a lot of people tend to point fingers at California and New York and say, they’re the cause of a lot of the angst and concern and risk, but that’s just not the case anymore.
And the rise of political action in political. Ideology kind of encroaching in the education and health care models is concerning. I’d say global interconnectedness and mass aggravation. Aggregation events are a huge concern for me. You know, we saw that with some significant cyber events where it’s no longer a concern if you take down 1 company, but what happens when you now have, I don’t know, 50,000 companies that are in the cloud with 1 cloud provider.
You now have a significant concern. If that 1 cloud provider goes down, it’s not just that 1 cloud providers event. It’s now 50,000 companies events. And that’s what we’re seeing play out on a national model. You know, this year is also intriguing to me. I may sound like I’m geeking out on this, but the, the election cycle of 2024, it’s been a long time since, I think the last time we came around to, this was the early nineties over 64 countries.
on the planet have significant presidential or prime minister elections this year that affect over 40 billion users. Those numbers are just staggering. And in particular, I think it ties into my last point of concern, which would be the role of disinformation. What does that look like? We now have, you know, rogue nations and threat actors that are actively involved in not just U.
S. politics but Western style politics and politics of different ideologies across the globe, and we’re seeing that disinformation play out and have material impacts, not just on elections. I think that’s an easy 1 to point a finger to, but really, and candidly on the day to day lives that most Americans are leading and whether it’s products, whether it’s news, whether it’s politics, whether it’s culture, disinformation is a is a huge concern of mine.
And a lot of the boards that I work with because nobody seems to know how to kind of get their arms around it around that concern and get in front of it. So, I know those are few. Those are probably the most salient points. I don’t want to say these are the ones that keep me up at night, but these are the ones that certainly keep me moving at a rapid pace and trying to actively seek and educate and be involved with the boards I serve on and the clients I interact with.
Brian Thomas: Thank you. Thank you again, there seems to be quite a bit of activity and you touched several items from artificial intelligence to voting this year. And obviously, ransomware or cyber-attacks at the cloud level. There’s just a lot to, to really juggle and think about and, and, and really be proactive with all this stuff.
So, you’ve got certainly a tough job on your shoulders as well as many other executives. But I do appreciate it. Your thoughts on it, your opinion, your expertise. And where we might head in the future. So, thank you again, Kevin. And it was certainly a pleasure having you on today and I look forward to speaking with you real soon.
Kevin Hewgley: Thank you. Have a wonderful evening.
Brian Thomas: Bye for now.
Kevin Hewgley Podcast Transcript. Listen to the audio on the guest’s podcast page.