Cyber liability claims can have crippling consequences for businesses. The National Cyber Security Alliance predicts that approximately 60% of small and medium-sized businesses (SMBs) go out of business within six months of a cyberattack, and yet, there remains a significant cyber liability insurance coverage gap among SMBs.
Many business owners struggle to understand the extent of their cyber exposure and the devastating costs that cyber incidents, whether malicious or accidental, can bring. They’re aware of cyber risk – it’s impossible not to be considering the amount of attention cyber events garner daily in the news – but they’re less clear about how that risk pertains to them.
One way insurance agents and brokers can spread the message about cyber risk and educate SMB clients about their unique exposures is by sharing real-life claims examples.
Brian Thornton (pictured), president of ProWriters, a managing general underwriter which is striving to simplify the cyber liability insurance process for agents and brokers, commented: “We constantly get requests from agents and brokers asking for real-life cyber claims examples; not just fictious ‘this could happen to you’ examples.
“Business owners want to know the real cost of a cyber incident. There are a lot of claims calculators and studies out there that will tell you a cyber claim will cost X amount per record breached, and so on. That sometimes leads to astronomical exposure numbers that don’t really reflect the reality of what these claims might look like for small businesses.”
Oftentimes, it’s not just the end-clients that need a bit of help getting to grips with the realities of cyber risk. Lots of agents and brokers also need a helping hand. In the SMB space, agents and brokers tend to touch multiple lines of coverage, with cyber still feeling relatively new in the grand scheme of things. Partnering and consulting with cyber experts, as well as making the most of the educational tools and resources that are widely available in the marketplace can help agents and brokers become more comfortable with cyber risk, according to Thornton.
Read next: Cyber now top business risk globally
To assist its agent and broker partners with this, ProWriters has released a series of non-branded whitepapers, tip sheets, and educational videos and webinars about cyber liability risks. Its most-recent publication entitled ‘Cyber Exposure: What’s the Real Cost?’ runs through real-life claims examples in in six sectors: healthcare, retail manufacturing, food service, professional services and communications.
In the manufacturing sector, for example, the claim highlighted by ProWriters involves an employee of a car components manufacturing firm accidentally clicking on a malicious link. In a classic phishing scenario, the link is infected with ransomware which encrypts the firm’s data, and hackers demand $13,040 in Bitcoin within 48 hours in order to release the encryption key.
The manufacturing firm has a cyber insurance policy, so they call their insurer, who enlists an IT forensics team to review the threat. Together, they decide the most prudent course of action is not to pay the ransomware demand. The total cost of the incident response and data recovery end up at around $60,000.
“Real-life claims examples are invaluable to agents and brokers talking to SMBs about cyber risk,” Thornton told Insurance Business. “Oftentimes, agents and brokers approach us with a very specific risk in hand, which is driving them to educate themselves so that they can quickly educate their clients and answer their clients’ questions.
“They’ll come to us and they’ll say: ‘I’ve got a manufacturing client. They want cyber insurance. We got them a quote, but we don’t really have any expertise around this.’ We can use our experience to talk them through particular risks and what to focus on. For example, a manufacturing company might have a bigger cyber business interruption exposure than a firm in a different sector. We can use claims examples to illustrate that.”
As well as talking clients through real-life cyber claims examples, agents and brokers can learn about the simple, inexpensive actions clients can take to improve their risk posture. Again, there is lots of literature available in the marketplace that documents these tips and tricks. These might be simple things like encouraging strong password management, setting up multi-factor authentication on Office 365 accounts, demanding dual sign-off for wire transfers, and integrating secure email gateways.
“These things might seem simple, but they really can help to improve a business’s cybersecurity,” said Thornton. “At the end of the day, it all ties back to education. At ProWriters, we’re putting together a lot of these whitepapers and e-books and doing a lot of webinars to educate the agents and their clients. We try to provide material that is very easy for them just to share downstream with their clients, whether that’s videos or non-branded whitepapers in order to make it as easy as possible to start that conversation.”
