This week, CFC Underwriting, the London-headquartered cyber insurance agency with a significant presence in Australia, hosted a webinar for local brokers. “Selling cyber in 2023: How to grow the Australian market” was accredited by the National Insurance Brokers Association (NIBA) and, according to CFC, more than 2,000 brokers signed up to attend.
“Never in the history of the market has an insurance product evolved so quickly to meet the needs of its customers,” said webinar presenter, Lindsey Nelson (pictured above), the agency’s cyber development lead, with echoes of Winston Churchill’s famous speech during the Second World War.
She said that evolution has converted cyber insurance from a straight policy that reacts into a service that aims to prevent cyberattacks in the first place.
The channelling of Churchill could be appropriate because, in Australia, you could say it’s the few against the many. Compared to some other countries, fewer businesses in Australia have cyber coverages against mounting numbers of attacks. According to CFC’s data, cyberattacks across the world have generally been going down in recent years – even taking into account the war in Ukraine. However, one exception to this trend is Australia where attacks are still on the up.
Nelson quoted other data – based on financial reports and discussions with brokers – indicating that as few as 10% of Australian businesses actually have cyber insurance, despite the fact that these attacks, she said, are their “absolute largest exposure as a business.”
“So we as a market have a responsibility to change that,” said Nelson, who’s spoken to brokers around the world who are successfully selling cyber policies to find out their tips.
An online poll taken during the webinar suggested that Australian brokers want new ideas to help them sell cyber insurance: 80% said they’d like to sell more of these policies.
One issue, Nelson said, is changing the mindset of Australian businesses. The CFC expert said, in Australia in particular, many small businesses tend to believe that they’re too small to be attacked. However, her agency’s own claims data suggests small businesses are the main target for many cyberattackers.
Some businesses, she said, believe attacks won’t happen to them, others are confident that their investment in IT alone will protect them. Some regard cyber insurance as too expensive.
Nelson put the expense of a cyber policy in perspective. She said a $50,000 loss from a cyberattack can be critical for a sub $1 million business. When that is balanced against paying several thousand dollars a year for cyber protection, she suggested the protection is well worth it.
“That cyber insurance policy is, by and large, a fraction of the cost of what the cyberattack would be,” she said. “There needs to be a shift in thinking among businesses.”
So how are brokers who are successfully selling cyber, managing to do it?
Nelson’s first suggestion: don’t walk the client through insuring clauses, start with an elevator style pitch that brings cyber insurance back to basics.
“Put quite simply, cyber insurance is coverage for your intangible assets, or digital assets,” she said. She said cyber coverage is a modern day crime policy to deal with the shift in today’s crime from physical to electronic.
“What you’re buying is access to a team of experts, you’re buying access to a preventative service,” said Nelson.
She also suggested brokers start their renewals conversation with a client over cyber, rather than having it at the end of the discussion.
“Our most successful brokers are using cyber to actually drive the conversation and position it as a need to have, not a nice to have, which it absolutely is,” said Nelson.
When they’re talking cyber, she said brokers should discuss their client’s cyber risks before they engage in a conversation about coverage.
“Your clients will rarely care to hear about insuring clause three if they don’t want the product in the first place,” said Nelson. “So get their buy-in with that [their cyber risks] and know how to handle those objections.”
She said cyber needs to be explained so it’s appreciated as a tangible service.
“Explain cyber as a service rather than a wording,” said Nelson. “What they’re buying is access to a team of experts who are there to help when the worst happens.”
She said it’s also important to distinguish for the client the difference between incident response (IR) and IT. Nelson illustrated with a simple analogy: you go to the IT department if you forget your password but you go to the IR team if you get a ransom demand.
She also said brokers should be diplomatic with the IT department who may feel threatened by the services that come with a cyber policy.
“The IT person is the first person who gets thrown under the bus if the worst happens,” said Nelson. “If they actually see the investment that they’ve made into an incident response policy and cyber insurance, then it makes them look incredibly better positioned than it would without it,” said Nelson.
Brokers also need to define their placement strategy.
“Get to know a few markets really well, don’t get to know every single cyber market, and know a little bit about all of them, and judge those markets based on their services first, wording second,” said Nelson.
What challenges do you face selling cyber insurance? Please tell us below.
