Welcome to Inside the Cyber Risk Playbook, a new series featuring conversations with risk pool leaders, executives, and risk control managers across the public sector. In each story, we explore how pools are responding to a shifting cyber threat landscape and evolving insurance expectations—highlighting the practical challenges they face, the strategies they’re implementing, and the lessons they’re learning to reduce risk across their membership and strengthen their cyber programs.
In this first installment, we sat down with Lyde Graham, Director of Insurance Services at the South Carolina School Boards Insurance Trust (SCSBIT), to explore how one pool is managing cyber risk beyond the annual renewal cycle.
For many risk pools, cyber risk is still managed primarily through the renewal process. Applications are completed, controls are reviewed, and coverage is placed. But cyber risk does not stand still between renewals.
As threats evolve and member circumstances shift, insurers are increasingly looking for evidence that a pool isn’t just assessing risk annually, but actively improving it across the portfolio over time. That creates a growing challenge for pool leaders: how do you focus support where it will have the greatest impact, drive meaningful action at the member level, and prove that risk is being managed in a continuous, credible way?
For SCSBIT, that challenge was very real. Supporting more than 50 school districts across the state—many with limited IT resources—SCSBIT recognized that cyber risk had become an ongoing responsibility, not just an annual insurance exercise.
Lyde Graham, Director of Insurance Services at SCSBIT, has been focused on helping member districts navigate that reality while responding to a more demanding insurance environment and an increasingly active threat landscape.
“As cyber threats evolved, we needed a way to manage risk that was credible, efficient, and recognized by the insurance community,” said Graham.
Like many pools, SCSBIT historically relied on a streamlined annual insurance process to assess cyber risk and support coverage placement for members. While effective for that purpose, it wasn’t designed to provide continuous visibility into how risk was changing across the membership or to help focus effort on the members and issues most likely to drive loss.
Just as importantly, any approach needed to work in the realities of public entities: uneven cyber maturity, constrained budgets, and already-stretched IT teams.
“We’re in a fast-paced market. One year it may be Carrier X, the next it may be Carrier Y,” Graham explained. “We needed something portable, not tied to the carrier, because anything new is already a heavy lift for our districts.”
A point-in-time assessment is no longer enough. Pools need a historical view of portfolio risk—what’s changing, what’s improving, and where exposures are building over time. That’s difficult for already stretched teams to track manually, but increasingly essential as underwriting expectations evolve and concentrated exposures can quickly translate into material loss.
That need is increasingly common across the public entity space. Pools do not just need more cyber data. They need a practical way to turn visibility into action consistently across a diverse membership, and in a way that supports stronger conversations at renewal.
What changed wasn’t just visibility—it was how SCSBIT acted on it.
With KYND providing continuous visibility across its member districts, the team could identify where risk was concentrated, which members required immediate support, and where focused intervention could make the biggest difference. Rather than spreading time and effort evenly across the membership, SCSBIT was able to prioritize attention around the issues most likely to affect insurability, operational resilience, and loss potential.
This made cyber risk more actionable—not just for IT teams, but for superintendents, finance leaders, and boards—helping translate technical exposure into decisions around prioritization, budgeting, and accountability.
“KYND helps put rubber on the road,” Graham said. “We’re not just saying we care about cyber risk. We’re focusing on the issues that drive claims and showing progress over time.”
That distinction matters. For pools, the value isn’t in appearing busy. It’s in focusing effort where it counts and demonstrating that the portfolio is becoming stronger, not just more measured.
That approach proved critical when a high-risk, zero-day vulnerability was identified affecting a member district.
What mattered wasn’t just detection. It was prioritization, timing, and specificity. SCSBIT was able to quickly engage the district because the alert was tied to live, attributable exposure; giving the team a clear view of the member’s susceptibility and where action was needed. Remediation was then completed during a scheduled weekend window before the vulnerability could be exploited.
The impact was significant. There was no disruption to instruction, no operational downtime, and no reputational fallout for the district. What could have escalated into a costly cyber event—potentially exceeding $300,000 when factoring in response, legal, and recovery costs—was avoided entirely.
More importantly, this wasn’t just an isolated technical win. It showed how SCSBIT put portfolio-directed risk control into action: visibility leading to targeted action, and that intervention reducing the likelihood of loss before it became a claim.
“If that alert hadn’t come through, it wouldn’t have been a matter of if something happened, but when,” Graham said.
For school districts, that kind of intervention matters far beyond direct financial cost. A serious cyber incident can disrupt instruction, strain already limited resources, and create lasting operational and community impact. Preventing an event before it unfolds is not just about avoiding expense. It is about protecting the functioning of the district and reducing avoidable pressure across the wider pool.
SCSBIT’s experience reflects a broader shift happening across the market.
Insurers are increasingly looking for evidence: that risk is identified early, addressed in a timely fashion, and improving across the membership over time—not just at renewal, but continuously. Pools that can demonstrate that discipline are in a stronger position.
In that context, SCSBIT’s approach demonstrates something critical: not just that risk can be identified, but that it can be acted on in a way that measurably improves the portfolio before it becomes a claim.
Importantly, this doesn’t require more complexity. In many cases, it comes down to a clearer view of the portfolio, better prioritization of member support, and a more practical way to show that action is driving measurable improvement.
As renewal approaches, the questions for many pools are becoming harder to avoid:
For pools that can answer “yes,” renewal becomes a more informed, controlled conversation. For those that can’t, it often remains reactive, driven by activity, but without clear evidence of impact.
If you’re heading into renewal and don’t yet have a clear view of portfolio risk or evidence of improvement, connect with our team to see how we’re helping pools strengthen their position.