Has our ability to connect online ever been more important? This year, as COVID-19 has made technology essential to work, shop and connect with people we cannot see in person, our need for secure and uninterrupted online connections has become more critical than ever. At the same time, weaknesses that have been exposed as people have adjusted to new ways of working with technology have created opportunities for cybercriminals. “Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19,” said Jürgen Stock, INTERPOL Secretary General.
Cyber insurance can offer protections against such threats – and the market still has ample room to grow. A recent PwC report estimates that annual gross written premiums should increase from approximately $2.5 billion today to $7.5 billion by the end of the decade.
“There is still a low take-up of cyber insurance and a lot of future premium in this space,” said David Kessler, Head of Cyber at Travelers Europe. “Becoming knowledgeable about it takes some legwork, but the rewards for brokers are more beneficial than the potential business interruption drawbacks.”
Doing the legwork
Brokers have an opportunity to enhance their partnerships with clients here. They can help clients to not only better understand their exposures but also to stay abreast of evolving language around cyber risk. Having the ability to put industry jargon into plain terms and explain the nuances of still-developing cyber policy language can make the value of (and need for) cyber insurance better understood. What’s more, it can ensure clients have the support they need to minimise or potentially avoid costly interruptions to business.
Still, selling cyber cover can be daunting. Here is some guidance to keep in mind to help break down potential barriers to sales:
Words matter – sometimes more than numbers: For example, cover triggered by interruption to the insured’s systems vs the insured’s operations sounds like it should be similar but can make a difference to the depth of protection. Also, put numbers in perspective. If one policy restores computer systems within 180 days and another within 365 days, how much is that difference likely to matter when 98 percent of UK companies have systems restored in less than one month and 96 percent restored in less than a week?
Mind the gap: You can help clients avoid unexpected gaps in cover following an incident by explaining how policy terms may trigger cover at different times and produce different outcomes. Further, in the event of an insured company partnering with a third party insured elsewhere, it’s important to know where (and if) the insured’s responsibility ends and where a third-party partner’s responsibility begins in the event of a breach.
Unscramble the alphabet soup: The tech industry – more than other fields – is packed with an ever-growing lexicon of acronyms and jargon. Develop a running list of terms you find, along with definitions that explain concepts in plain English.
Judge what’s reasonable: What cybersecurity requirements does the insurer require from the insured in order for cover to apply? Does the insured understand how retroactive date exclusions may impact cover? Understand the exclusions to determine if cover is appropriate to the client and if the insured can take the steps needed to protect its insurability.
Put the risk in perspective: Clients may assume their risk is small or that their other insurance cover will protect them in the event of a breach. Have some facts at your fingertips to inform them. Every 19 seconds, a small- or medium-size business in the UK is attacked. According to the UK government’s Cyber Security Breaches Survey 2020, 46 percent of businesses and 26 percent of charities reported having cybersecurity breaches in the last 12 months. Of the 46 percent, 32 percent are experiencing these challenges at least once a week. In the past three years in the UK, there has been a shift in the kinds of cyberattacks businesses are experiencing, with a rise in phishing attacks (86 percent in 2020, up from 72 percent in 2017) and a decline in viruses and other malware (16 percent in 2020, down from 33 percent in 2017).
Building a better business continuity plan
At those rates, it’s less a case of if an organisation will face a cyber incident than when. Still, brokers can help make a client a less attractive target for an attack and also guide them in acquiring the kind of protection that will enable them to get back on track more quickly after an event. Having a business continuity plan can help with that, in addition to helping protect the organisation’s reputation and relationships with customers, partners and employees.
The cyber risk and privacy management consultancy IT Governance provides an overview of the key elements of an effective business continuity plan and how to validate it, as well as some templates to help build a plan. Once a client has a plan in place, small- and medium-size organisations may also benefit from putting it to the test by taking part in the National Cyber Security Centre’s Exercise in a Box. It’s an evolving tool that guides teams through cyber risk scenarios to help them anticipate their vulnerabilities to a breach and how they can minimise business exposure and interruption.
“Presenting cyber insurance to clients can be intimidating for brokers but doesn’t have to be,” said Kessler. “By breaking down wordings, being mindful of where gaps in cover can exist, and partnering with insurers to improve understanding of new risks, brokers can take advantage of the many opportunities in the market to generate business and build trust with clients.”
Get Cyber Ready. Visit our CyberRisk Insurance page here
Links:
https://www.itgovernance.co.uk/blog/how-to-write-a-business-continuity-plan-the-easy-way
Scan here to download the app