xixi

Blog

  • My Biggest Investing Mistake and How You Can Avoid It

    My Biggest Investing Mistake and How You Can Avoid It


    It’s easy to tell people that they shouldn’t react emotionally when they’re investing. Don’t sell when you’re scared and don’t buy when you’re excited. Leave the emotion out of it.

    And I’ve written those same things over and over again because it’s good advice.

    But knowing not to do something logically is not the same as knowing it when you’re in the emotional soup that is daily life.

    One of my biggest investing mistakes was doing just that – reacting emotionally.

    During the pandemic, with all of our kids home, I sold some of our stock investments because I was scared. I did it in a way that resulted in no tax impact, I sold some winners and offset the capital gains by selling losers as well.

    I told myself I was taking money out of the volatile markets and making sure we had a cash cushion. That was accurate. As a small business owner with uncertain cash flows, it was true.

    But what prompted the move was fear. I justified it with a logical explanation.

    That’s the challenge with any type of decision making, it’s rarely done when things are normal and you’ve had a good night sleep.

    It’s hard to catch yourself making a mistake in the moment.

    It was a freaking pandemic.

    I kept my cool during financial meltdowns. I didn’t make the same mistake during the Great Recession as major financial institutions went under and the federal government had to step in with a Trouble Asset Relief Program. At the time, we thought the entire financial system was going to collapse.

    The difference was that my life was not being upended at the same time.

    The pandemic meant all four of our kids were home. It was also an airborne disease that had us wiping down our groceries and having little outside contact. We were worried for the health of our parents, who were more susceptible and unlikely to get treatment at packed hospitals.

    The hospitals starting putting beds in the parking lots. And I had friends who lost their parents to COVID-19.

    And on top of that, the markets were cratering as everything shut down and commerce stopped.

    So yeah, don’t make emotional decisions when you’re investing but good luck given those situations.

    You can justify your decision later using logic.

    It was easy to justify my decision logically. I run a business and it’s likely business revenue would go down, so I wanted to extract some cash from the only source I had – our investments. I sold winners and losers to limit the tax impact and build up a cash cushion.

    But what prompted the decision was fear. I was fearful because my kids were home and people were dying. Hospitals were at above maximum capacity.

    In the end, the mistake will only cost us capital gains that we’ve missed out on. We ended up needing some of the cash but we never put the money back in as a lump sum later on. I did continue are regularly monthly contributions (I never touched that automated transfer) so the damage was limited, but still there.

    It’s easy to do the right thing when times are good.

    I consider myself financially savvy. I even have proof that this type of emotional reaction isn’t common. I’ve lived through the housing bubble, the Great Recession, and even this latest round of tariff induced volatility.

    But I also know that I’m susceptible.

    Which means I need to put systems in place to avoid this and other similar errors.

    Here’s what I have in place to avoid this in the future

    I automate our investments. We have regularly scheduled contributions into our investment accounts for both our 401(k) as well as a taxable brokerage account. This system has been in place for nearly twenty years and acts as a floor for how much we invest each year.

    Something that is automated means it will not get forgotten. I try to automate as much as I can.

    I need to talk to someone before I make major changes. I always discuss major decisions with my lovely wife but I know for certain in this case she would’ve trusted my judgment. She’s savvy but it was a difficult time for everyone and I don’t think she would’ve been fully invested in thinking through the decision anyway.

    This is one of the reasons why people use a financial advisor that manages their investments for them. It’s an intermediary that you have to discuss decisions with before making them. It also adds an extra step, which in this case is a benefit.

    Gain a better understanding of actual needs. I predicted a future with lower income and then sought to draw on sources of cash. I should’ve looked at our spending using a budgeting tool, reviewed our emergency fund, and realized that we had at least a year of cushion already.

    The S&P recovered from the pandemic’s fall within months. We remember the pandemic as a multi-year situation but the impact on the stock market was only a few months. If I had done this careful analysis, the market would’ve recovered before we would’ve needed the cash.

    While there is no guarantee that the recovery was going to be that fast, I should’ve waited until we needed the funds to start selling.

    Review my risk tolerance. I’m in my mid-forties, which the “120 minus age” says I should have 75% of our investments in equities. I know our blend is still closer to 85% and perhaps I’m unable to stomach that volatility in times of turmoil and personal stress.

    That, of course, that portfolio allocation is just what I have in our portfolio and doesn’t consider our cash, so I have to look at our Empower Dashboard with our Net Worth to really see the breakdown. That’s not something I did.

    As my dad and other mentors have told me for ages, “slow down.”

    When I feel panic and pressure, the takeaway is that I should slow down and start writing and thinking rather than doing.

    Measure twice and cut once. Or in this case, don’t cut.

    What was your biggest investing mistake?

  • The Top Cyber Insurance Companies in the USA | 5-Star Cyber

    The Top Cyber Insurance Companies in the USA | 5-Star Cyber


    Jump to winners Jump to methodology

    Virtual defenders

    Cybercriminals work around the clock, but so do America’s top cyber insurance companies – and their efforts haven’t gone unnoticed.

    In a landscape of relentless digital threats, Insurance Business America recognizes the nation’s leading cyber insurance providers. Thousands of brokers from across the country offered candid assessments of insurers’ performance in areas including coverage, adaptability, and claims handling. Only the best of the best were then awarded 5-Star status.

     

    “What resonates with brokers is that we’re more than an insurance carrier to their clients; we’re a full-service partner”

    Jacob IngerslevTokio Marine HCC – Cyber & Professional Lines Group

     

    Industry expert Michael Lieberman, co-founder and CTO of software firm Kusari, shares his thoughts on what a leading policy looks like in 2025.

    “It is something that is future proof at some level, that is evolving with the times as different types of cyberattacks become more sophisticated. What’s also very important is being crystal clear about what is covered and what is not,” he says.

    Fellow cyber insider Kelly O’Brien, senior cybersecurity practitioner at Compass IT Compliance, also defines what is market leading.

    “It should be broad, adaptive coverage including specific considerations for AI usage both internally and across third-party vendors,” she says. “It also goes beyond basic coverage by including proactive services like threat intelligence, security posture assessments, third-party risk tools, and workforce awareness training.”

    Other key differentiators include:


    Ransomware has become an even bigger threat for cyber insurers in 2025 as they react to an uptick in attacks. Part of the increase is down to the rise of ransomware-as-a-service (RaaS) and AI-powered variants.

    The most common is by a VPN compromise as threat actors scan Secure Sockets Layers (SSL), commonly a web page log-in. From there, they use brute force and try thousands of password combinations a minute until they gain entry.

    “Upwards of 40 percent to 50 percent of ransomware attacks right now take place that way and it’s quite a simple technique. You don’t really need a lot of sophistication,” says Jacob Ingerslev, head of cyber and tech underwriting at 5-Star 2025 insurer Tokio Marine HCC – Cyber & Professional Lines Group.

    The other way ransomware is used by threat actors is to target a big vendor, knowing they can have a large impact if they can exfiltrate data.

    “If the vendor doesn’t pay up, then they can start extorting the individual customers,” adds Ingerslev.

    Deloitte’s annual Cyberthreat Trends Report observed a 17 percent increase in ransomware attack claims in 2024, peaking in the fourth quarter with 57 percent more claims compared to the fourth quarter of 2023.

    This jump is partly explained by the emergence of new ransomware groups such as:

    • ALPHV

       

    • El Dorado/BlackLock

       

    • Lynx

       

    • Fog

       

    • APT73/BASHE

    Some are judged to be nation state-sponsored cyber espionage, while others are financially motivated, which is another area where the best insurers have a role to play.

    For example, reports suggest that CDK Global paid a $25-million ransom after a cyberattack in 2024 and edtech provider PowerSchool confirmed it also paid out.

    Tokio Marine HCC – Cyber & Professional Lines Group’s data shows a drop in ransomware attacks in 2022, but that has rebounded and then some.

    “We saw a big increase year over year in Q1 of 2025. We look at these so-called leak sites, or the ‘wall of shame,’ which is, if you pay the ransom, you don’t end up on the ‘wall of shame.’ If you look at that in Q1 in 2025, there was an 86 percent increase year over year,” Ingerslev says. 

    “We can help with the negotiation if a ransom payment must take place. Typically, when all backups have been destroyed, that’s when you start considering [whether] it is better to pay the ransom, versus spending an exorbitant amount of money to rebuild the data from scratch.”

    Particular industries that fellow IBA’s 5-Star Cyber winner Arch Insurance has detected activity in are healthcare and manufacturing.

    “In healthcare, there’s technology dependency on operations, as well as a lot of sensitive data and information,” says Jamie Schibuk, executive vice president, professional liability and cyber. “We continue to see attacks on the operational technology that manufacturing companies rely upon, which often tends to be more legacy-type technology, which can create issues if those networks are compromised.”

    How America’s top cyber insurance companies navigate AI


    Lieberman sheds light on how some threat actors take advantage of AI hallucinations or how they seed the internet with bad data to convince new AI models to give misleading answers. 

    He says, “You could ask ChatGPT something, and it gives you an answer which seems reasonable to say, ‘Install this software’. It turns out that software was written by malicious actors, but you download it thinking, ‘I should get this software tool.’”

    However, the main danger from AI is refining and improving existing threats, as insurers are mainly seeing it deployed in social engineering attacks, as the tech enables threat actors to perfect emails. Often, criminals use AI to mimic the tone and style of emails between two parties using a large language model (LLM), which highly increases the chance of their email being taken at face value.

    “It’s very easy to spin up a natural-sounding email, particularly if they have already breached the customer’s inbox,” says Michael Drummond, chief underwriting officer cyber/tech at At-Bay. “Each new LLM model that comes out, you see an uptick in financial fraud because it’s making it easier to pull those things off, as it’s a lot harder to differentiate between what’s a legitimate email and a fraudulent one.”

    At-Bay, another of IBA’s 5-Star insurers of 2025, combats this by combing through all the claims that have resulted from these types of emails and using their system to pinpoint indicators that suggest fraudulent activity.

    “We know that 80 percent of our financial fraud claims arise from email attacks, so earlier this year, we launched a new email security solution that’s available to every insured in our portfolio,” says Drummond.

     

    “We’ve built all of our technology in-house from the ground up. So, not only are we a full-stack insurance company but have a separate security division that provides all of the security services to our insureds”

    Michael DrummondAt-Bay

     

    Due to At-Bay’s scale of having 40,000 business clients, from startups to those with $5 billion in revenue, the tool is powered by real-life claims data that mirrors the threats companies are facing. The firm believes so deeply in its solution that it’s willing to double or even quadruple the typical amount of coverage if clients adopt it.

    “We have access to information that traditional security providers and companies don’t, as we can actually see what really drives these types of claims and what causes them,” adds Drummond. “We have designed our security solution specifically to identify those characteristics.”

    Arch Insurance is even detecting the use of deepfakes to facilitate bank transfers.

    “The technology is advanced enough to fool people into thinking that they’re talking to the CFO of their company, when they’re really not,” says Schibuk.

    His other concern with AI is that threat actors can leverage it to increase the scale of their attacks. Remaining vigilant across this landscape is a daily concern for Arch. The firm has a 30-person underwriting team, but in addition also has a team of four cybersecurity risk engineers.

    “They all have a background working within security operation centers of companies, so they’re approaching it more from the client side. That’s really helpful in both the risk evaluation as well as helping us to vet a lot of third-party tools and risk management services, because they have actual implementation experience in using a lot of those tools,” says Schibuk.

    And he adds that high-quality professionals are still the difference makers.

    “There’s a lot of technology and process that we can leverage and implement, but at the end of the day, so much of it comes down to our approach to the business and the people that work on it every day.”

    Standout features of America’s top cyber insurance companies


    Tokio Marine HCC – Cyber & Professional Lines Group’s threat awareness and remaining in step with all the latest developments relies on its Cyber Threat Intelligence team, which has the tools to monitor clients’ networks on an ongoing basis. 

    The team has delivered for clients who have fallen victim to wire fraud transfer, as over the last year, it has recovered over $30 million by working with law enforcement and acting fast. It is also plugged into forums where tool kits are for sale that grant access to systems.

    This learning mindset is a competitive advantage to the firm, as it continually explores and discovers what threat actors are planning and then informs their insureds. One such way is via honeypots – fake machines on the internet that look like an actual company with an actual server but are just there to pick up activity and learn what threat actors are doing.

    Ingerslev says, “That’s one way to learn, and the other way is to collaborate with people who operate in the dark web forums. One company we work with intercepts attacks by purchasing access to customers from threat actors.”

    There is also great benefit from Tokio Marine HCC – Cyber & Professional Lines Group’s in-house Incident Response Management team that gathers forensic reports from all the claims. 

    “We can determine what are the most common causes of loss, and what are the most common ways threat actors get into a network, and also address these. That feedback loop is so important,” says Ingerslev.

    Highlighting just how powerful this is, Tokio Marine HCC – Cyber & Professional Lines Group often discovers software vulnerabilities before even the vendors of the technology do.

    Ingerslev adds, “In some cases, we’re faster and it’s because we have the claims. That’s why we see it quickly and we have a very strong incentive to help the clients, because it helps us, too.”

    Enabling brokers to deliver


    Arch prioritizes awareness and ensures it puts brokers in the best possible positions with its clients.

    Schibuk appreciates that brokers’ role has become harder in cyber due to the risk factors and advancing technology.

    “With all the value-added services, they’re helping to facilitate that conversation, so they’re a really key part of the process and enable us to roll out a lot of the risk management services.”

    The industry has become more technical over the past five years and Arch’s Integrated Risk engineering team has become more sophisticated around the questions it asks and the tools it utilizes to evaluate.

    “We’re definitely a very entrepreneurial type of company. We take pride in being creative on how we approach risk,” says Schibuk. “We have a more flexible approach than a lot of others in the marketplace, along with the ability to customize coverage for individual insureds.”

     

    “There’s no standard cyber policy. Every single one is different, and we work really closely with our brokers to customize coverage, relative to what an insured’s individual risk profile is”

    Jamie SchibukArch Insurance

     

    This mentality extends to At-Bay, where the team is focused on enabling brokers to understand the security posture of clients. The team ensures that brokers understand its products and what puts companies at risk from cyber threats.

    The At-Bay team views itself as a resource for brokers to lean on.

    “We’re happy to engage at whatever level they want, from very deep technical conversations to just making sure who are the right people to call or hand the customer off to if they’re not as comfortable, getting into the weeds on some of the cybersecurity stuff,” says Drummond.

    Giving brokers license to customize products is another service that At-Bay brings to the table. Its software engineers and developers built the company’s entire underwriting platform, claims system, and security platform. This affords them the ability to have a tight feedback loop across all business operations. 

    Its InsurSec solution, At-Bay Stance™, is a unified security platform that helps insureds proactively identify and mitigate cyber risks associated with 86 percent of customer claims. Access is included with every Cyber and Tech E&O policy and offers an estimated value of up to $72,000 per year in security solutions.

    Earlier this year, At-Bay also launched two new InsurSec solutions designed to combat the most common type of cyber claim: financial fraud. These tools help prevent fraud before it happens and can unlock enhanced coverage terms for eligible insureds, including financial fraud sublimits of up to $1 million.

    At the core is the firm’s ethos of responsiveness and critical thinking.

    Drummond says, “Whether that’s a more complex or less complex account, our folks are there to have those conversations and they aren’t afraid to think outside of the box and tailor something.”


    Flexibility, responding quickly and running educational webinars are ways Tokio Marine HCC – Cyber & Professional Lines Group supports its brokers. The firm is also content to be transparent about what it does and what it can offer.

    “Even if a competitor knows our techniques and approach to client monitoring, alerting and the incident response, it would still take them a long time to build something similar. So, we’re comfortable,” says Ingerslev.

    Tokio Marine HCC – Cyber & Professional Lines Group’s primary target market is the small to mid-sized segments that can use the insurer’s preventative services, compared to a Fortune 1000 company that is likely to have in-house cyber teams.

    This year’s recognition is the fifth successive annual cyber award for Tokio Marine HCC – Cyber & Professional Lines Group, which supports its view that its infrastructure and systems in place are formidable.

    “It’s a stamp of quality and also a sign of consistency,” adds Ingerslev. “We are a big global insurer with very solid financial stability behind us, and that allows us to continue to stay relevant and have a reasonable market share, but also not fall into some traps in parts of the market cycle.”


    Both industry experts – Lieberman and O’Brien – who spoke to IBA for this report agree that cyber insurance has not yet reached the maturity where it exists alongside more established areas such as flood or fire.

    O’Brien says, “They are backed by decades of actuarial data, but cyber insurance is still evolving due to the rapid pace of technological change and the volatility of cyber threats. Many incidents go unreported, and the risk landscape continues to shift, making it harder to standardize and stabilize the market to the same degree.”

    Lieberman also points to the rapidly evolving nature of the market, which makes it difficult to define coverage and leads to confusion.

    “If a new type of attack is discovered, is that covered automatically? The challenge for a lot of insurance companies is that the state of things is changing so fast,” he says.

    And he also cites that the cuts to government agencies focused on compliance and regulations in the cyber security space is leading to concerns. For example, National Institute of Standards and Technologies (NIST) lost hundreds of cybersecurity staff due to downsizing. Part of its role is to run the National Vulnerability Database, which some fear may disappear in the future.

    Liberman adds, “If it does go away, what is going to be there is unclear. That’s a huge problem for insurance companies, because they’re viewing this as if you have vulnerabilities that exist in the database, and you need to fix them. But if that goes away, what are they going to use as a gauge to say you have this vulnerability?”

    • AIG

    • AXA XL

    • Beazley

    • CFC

    • Chubb

    • Cowbell

  • PGA TOUR Championship to have Starting Strokes eliminated starting in 2025

    PGA TOUR Championship to have Starting Strokes eliminated starting in 2025


    At long last it is over.

    It was announced on Tuesday that the PGA TOUR Championship at East Lake will officially begin with every player at even par. Starting Strokes are a thing of the past.

    From the PGA TOUR:

    As part of its ongoing commitment to accelerate innovation on behalf of fans, the PGA TOUR announced updates to its TOUR Championship format. Beginning this year, Starting Strokes will be eliminated from the season-ending TOUR Championship as the TOUR’s top players compete for a chance to win the PGA TOUR’s Ultimate Prize, the FedExCup.

    Ultimately the PGA TOUR announced three specific changes to the TOUR Championship.

    Elimination of Starting Strokes – The TOUR Championship will be played as a 72-hole stroke-play event, with all players starting the tournament at even par. The best performer over the course of four rounds at the TOUR Championship will win the FedExCup.

    Adjustments to Course Setup – In response to data indicating fans want to see winning scores closer to par, the PGA TOUR Rules Committee will adjust its course setup approach to encourage more risk/reward moments throughout each round, further heightening the drama and competition to determine the FedExCup Champion.

    Toughest Tournament to Qualify for – Already the most elite field in golf, the TOUR Championship field size will remain at 30 players in 2025. The Player Advisory Council is studying the qualification system of future years to raise the stakes on the entire FedExCup season and reinforce the TOUR Championship as the hardest tournament to qualify for.

    The second and third points here are significant obviously, but they carry far less impact relative to the past than Starting Strokes. While it made sense to reward players for their success all season long in spirit the reality is that Starting Strokes really took away a point of competitiveness in the event. It makes more sense to go at it like a traditional tournament.

    Scottie Scheffler spoke on the changes:

    “We want the TOUR Championship to be the hardest tournament to qualify for and the FedExCup trophy the most difficult to win,”

    “Shifting the TOUR Championship to a more straight-up format with a tougher course setup makes it easier for fans to follow and provides a more challenging test for players – which brings out the best competition.”

    These changes, notably the elimination of Starting Strokes as mentioned, certainly help the cause of making this event the hardest in golf to win become more attainable.

    Good for the players and the TOUR on making this happen.