‘Education. Education. Education.’ It’s the unofficial mantra underpinning critical discussions on how to boost the uptake of cyber insurance coverage across UK businesses. And for Alex Jomaa (pictured), the knowledge gap that exists in the cyber insurance ecosystem was the inspiration behind the creation and growth of Onda, a start-up cyber insurance intermediary that wears its ambition proudly on its sleeve – ‘cyber insurance, simplified’.
From his time in the market, he said, he has seen first-hand its “laudable” attempts to help brokers and customers better understand cyber as a class and where those efforts commonly fell down.
“These largely consist of sit-down classroom lectures, whitepapers, videos, etc. in order to help customers and brokers understand the product better, but we could be doing a lot better,” he said. “There’s a lot of challenges we need to unpack in cyber insurance that are not found in traditional insurance products.
“The historic issue we’ve always pointed to was the lack of claims. This is a 20-year-old class of business which didn’t have a lot of buyers, certainly in its early years, so there has been a lack of claims data, which insurers deem critical. So, we weren’t really able to use claims data in the way other insurance lines use it to be predictive.”
Jomaa noted that, in recent years, the sector has seen an uptick in claims activity and accordingly, the data that accompanies that. However, a different problem has emerged with cyber claims data not proving as predictive as certain other classes particularly because the cyber claims landscape changes all the time. In response, parts of the insurance industry have resorted to fear-mongering tactics and warnings that cyber incidents are not a matter of “if but when”.
“That works some of the time but generally people aren’t that responsive to that messaging,” he said. “[…] I feel that due consideration is not being given to the limited sales opportunity that brokers have. They need a clear and punchy line when they’re speaking to customers to help them understand the risk. I believe, as a market, we’ve been guilty of providing too much information. And what we want to do at Onda is to cut through and simplify the message.”
It might sound straightforward, he said, but simplifying complex messages and empowering brokers to deliver a concise, accessible cyber insurance pitch without needing to be cyber specialists themselves is not easy. The challenge is finding the sweet spot of how much information is too much without cutting back on critical messaging around this essential coverage.
Jomaa highlighted that the existing knowledge gap that exists within the cyber insurance market has ultimately caused the vast majority of businesses not to be insured against cyber risks. The 2022 Cyber Security Breaches Survey revealed that only 5% of UK businesses carry a standalone cyber policy, he said, and, to be best protected, he firmly believes businesses need a standalone cyber insurance policy, not a “fig leaf that’s added to a commercial combined package.”
“It’s important to think about the origin of this product which was originally conceived in the US as a speciality liability product,” he said. “But brokers should really consider cyber insurance as a mainstream commercial product. Every business now has a cyber risk and it needs to be treated more as part of a commercial combined package but for a business’s digital risk. And when you explain it in those terms, brokers can connect the dots quite easily.”
Brokers are doing a good job of having conversations about cyber insurance with insureds, he said, but what Onda’s looking to do is increase the quality and the efficiency of those conversations. It’s a proposition that the team has seen resonating strongly with the broker market to date, and he highlighted the appetite that exists for simplified, more effective cyber messaging.
“Cyber is currently considered a specialty line but the growing demands and needs of customers will place it firmly into the mainstream,” he said. “This isn’t something that is a luxury or a discretionary purchase. In my view, you can’t do business without your technology, so the ever-increasing adoption of technology, by businesses across all industries, means that cyber risk is here to stay. The market has to keep pace with the changing nature of the risk and the challenge is providing the right information so as not to confuse the end consumers.”
As to how Onda is tackling the task at hand of simplifying the cyber insurance proposition, Jomaa emphasised the importance of equating the more technical aspects of cyber risk with brokers’ existing areas of expertise. For instance, he said, brokers are well acquainted with something like a physical business interruption incident - such as a fire preventing a business from trading - and its impact on an insured.
“Now, if you just take the cyber equivalent where your digital systems have been locked out, the cause is different but the results are largely similar,” he said. “Brokers are reliably informed about first-party risks such as business interruption, so when you frame it in those terms, that’s one way that we’re simplifying cyber messaging.
“And every digital risk has a real-world physical counterpart. A password is just a key that opens a lock. A firewall is a locked door. A hacker is just a burglar that’s entering your premises i.e. your network and taking things or holding you to ransom. When you put it in those terms. It’s actually pretty simple to understand.”
Where Onda goes one step further than this educational piece is in utilising technology to simplify the procurement process and enable brokers and their clients to obtain quotations quickly. Innovation for simplification is embedded in the DNA of the business, not just in its messaging around cyber risk but across the entire cyber insurance purchasing chain, Jomaa suggested. This is about freeing up brokers’ time, he said, because nobody wants to be waiting a week to be told ‘no’ by an insurer.
“We feel that as every business uses technology and therefore has a cyber risk that they should be insured against that risk,” he said. “We feel that we are a company that is able to deliver the insights to fill the knowledge gap in the market and ultimately help brokers to get more businesses protected… In the UK alone, there are millions of SMEs that do not buy cyber insurance, and so UK Plc is at risk.
“We have to remember the nature of electronic risks and that cyber risk crosses borders. This isn’t like a property policy where thieves have to physically break into your premises. UK plc is exposed worldwide to cyber criminals and in order to protect their businesses, they need to have the insights necessary to secure their assets and some form of risk transfer as a safety net – Onda provides both.”
What are your thoughts on this story? Feel free to share them in the comment box below.
