The following is an editorial by Alicja Grzadkowska, senior news editor at Insurance Business. To reach out to Alicja, email her at firstname.lastname@example.org.
Cyber policies have been around for two decades now, yet despite the serious risk posed by cyber events, many companies still lack the right coverage and risk management know-how. As a result, brokers have an opportunity to become true experts and thought leaders in this burgeoning space, in turn standing out from their competitors.
Cyber insurance policies first entered the insurance marketplace back in the late-90s and at first covered liability from the hack of a third party. In the early 2000s, these policies evolved to cover breaches that impacted the insureds, though they had many exclusions and did not offer first party coverage, according to ProWriters. Eventually, the cyber insurance marketplace became more crowded with insurers offering their versions of standalone products as well as providing additional risk management and post-breach services to insurance buyers.
By this point in time – 20 years after the first policies came into existence – you’d think that most companies and individuals would be well-versed in the cyber risks facing their organisations, and have robust cyber insurance and cybersecurity measures in place to protect their networks and their bottom lines from the fallout of cyber-related incidents. Nonetheless, there is still tons of room for improvement, with the vast majority of chief information security officers reporting that they are unable to get the cyber coverage they need, according to a recent study by Arceo.
Meanwhile, many cyber experts are predicting that cyber coverage will only get more important considering the interconnected, data-driven world we are currently living in. And yet, many firms across the spectrum, from Fortune 500s to mom-and-pop shops, seem to be missing the boat on cyber. Capital One, for example, just agreed to pay an $80 million penalty over its lack of preparation against a massive data breach last year, while Canon and Twitter are two other big names that were hit with a cyber incident this year.
Big companies aside, issues of cyber weaknesses are pervasive across the board. For example, office email services have been used to impersonate and scam nearly 6,600 organisations so far in 2020, according to a study by email security firm Barracuda Networks, and close to half of employees have made mistakes that have had cybersecurity repercussions for themselves or their companies, found email security firm Tessian.
The coronavirus pandemic has introduced even more cyber risks into the fold, with the switch to remote work creating new vulnerabilities for cyber criminals to exploit. Remote work has exposed new access points for cyber criminals to gain entry to corporate systems, including domestic PCs, laptops and Wi-Fi routers. It has also led to a reduction of employees’ distinction between work and personal emails, and an increase in the use of devices with insecure passwords. Home workers are also more likely to use online applications that would be prohibited in an office environment due to security concerns, explained a new report by CyberCube and Aon.
This complex risk landscape presents insurers with an opportunity to improve their cyber insurance penetration rate, noted GlobalData. In fact, cyber insurance uptake among micro-businesses saw a 300% increase between 2016 and 2019, mainly due to the “very low proportion” of these businesses that held cyber insurance in the past. Small and medium businesses have also recorded notable rises, with more than 50% of medium enterprises and 40% of small enterprises holding cyber insurance as of 2019.
When looking at the cyber landscape, brokers should see a land of opportunity. With many companies still lacking cyber insurance, especially standalone products that tend to be more robust in their coverage, insurance professionals should take this time to educate their insureds on the very real cyber threats that exist and that have been further exacerbated by the coronavirus pandemic to help sell them on cyber. To assist in this effort, brokers can turn to the many examples of costly cyber incidents, as well as the frequent cyber-related regional reports that seem to come out on a weekly basis.
Brokers should likewise be educating themselves on the evolving cyber insurance market and policy language to further beef up their advisory services in this line of business.
“Given the complex and varied policy language that exists in cyber policies from insurance carrier to insurance carrier, there has been a need for further specialisation to understand the nuances in policy language,” client services manager at CyberCube, John Anderson, recently told Insurance Business. “Having a trusted partner that can advise a potential or existing cyber insurance purchaser is in demand.”
Insureds have been turning to their brokers for advice on insurance coverage amid the pandemic, proving their reliance on this channel for guidance. Brokers should stay ahead of the curve and use these conversations to warn of cyber risks as well. In this way, they’re not only helping their insureds fight against cyber losses in the long run, but also helping themselves stand out in a competitive landscape by offering deep insight and expertise on a line of business that only stands to become more critical in the future.