What role do insurance brokers play in the cyber space?

"Benchmarking is really no good"

What role do insurance brokers play in the cyber space?


By Mia Wallace

“Specific and deep.” That is the type of service brokers need to be providing their clients in the cyber insurance spaces, says Shannan Fort (pictured) partner, financial lines, cyber at McGill and Partners. To be successful, brokers need to clearly understand their role and have a firm grasp on the remit of their responsibilities.

“I’m not an underwriter,” she said. “I’m not a risk analyst, I can’t come in and tell you that you’ve got a five on a score of one to seven for your data management practices, that’s just not my role. But what I can do is take that information from a risk analyst and a carrier, and package it up so that it makes sense to you, the client.

“And then I can get you the best cover that is available in the marketplace. And I can help craft it so that it actually takes into account the risk that you’re actually facing and can push the carrier to meet us where you actually need to be, not necessarily where the market wants you to be. I can be very specific in what I do but I have a very deep knowledge and understanding and ability around that.”

This depth of knowledge is especially important right now, she said, because, given the financial devastation caused by the pandemic, convincing people of the essential nature of this non-compulsory cover is more challenging than ever. Fort noted that, though every single company is reliant on technology to some degree and technology permeates every single bit of society, cyber risk is still not given nearly the same emphasis that more traditional property and casualty risks are.

“Even though so many companies now have intangible assets that are much more valuable than their tangible, they’re still insuring their tangible assets to a much higher degree,” she said. “So, it can make for some interesting conversations, it can certainly make for a bit of a challenging task and, in some cases, a bit of a Herculean task. But that’s the challenge and that’s the fun part.”

It is this challenge that first attracted Fort to the cyber sector, and it is also what brought her back to cyber-orientated roles after a stint teaching English as a foreign language in Japan. Following several senior roles at Aon, she first joined McGill and Partners in November 2020, onboarding remotely. She said she has been delighted by how her new colleagues share her passion for utilising their wealth of knowledge and market influence to craft the best risk transfer policies for both current risks and future risks.

The pandemic has accelerated the cyber risk facing businesses over the last year, she said, with rising concerns surrounding areas such as increased virtual capacity demands, the security of remote communication channels and the increased liability threat of credit card information being stored by retailers driven online. These are just a few of the troubles faced by businesses in the current remote working environment but they highlight the duty of care that the insurance industry owes its clients.

“We as brokers have the opportunity to show this, but I also think that we, as the cyber market, have that opportunity,” she said. “… And, from a cyber perspective, [we need to accept] not every client is going to be at that place or time where it’s right for them to purchase insurance. That might not be what the ultimate result is of our conversations.

“What this process needs to look like for any client considering cyber is understanding your company’s cyber risk, how it will be uniquely impactful to you as an organisation, and managing that risk through a variety of methods. It’s not just about the transfer of that risk and the purchase of insurance. So, our role is also providing access to other specialists that can help you better understand and put some qualitative and quantitative measures around that risk which will better inform your purchasing.”

Cyber coverage is still relatively very young, Fort said, but one of the things she has seen since she joined the sector is that it is now more common for companies to provide specialist and expert cyber risk assessments to individual businesses. This means they can look at clients’ risk maturity levels and help them understand where they sit within that level and the right course of action they should take to mitigate their unique exposures. She noted that this is a much more effective method of determining coverage requirements and the risk transfer process than benchmarking.

“Benchmarking is really no good,” she said, “and I don’t know how to shout that from the rooftops more. No-one should be asking you for benchmarking, you shouldn’t care what your peers down the street are buying as it really does not matter at all. Because what benchmarking doesn’t do is measure any of those salient points.”

Benchmarking looks at common industry and common revenue, she said, and then reveals what someone else is buying from a limit or retention perspective. But this misses the point of the expertise offered by a genuine risk assessor who can tell you about the relevant, personalised facts behind the purchase of that cover.

“For other lines of insurance, those types of risk assessments are being done by risk engineers all the time,” she said. “You don’t just walk in and buy property insurance off the shelf, there’s a process behind understanding the risk and then being able to underwrite to it. And that same kind of philosophy is being applied now in a better way than it was 15 years ago.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!