Getting a leg up on the competition in the hyperactive cyber insurance market is a real challenge. For years, carriers and underwriters have been searching for ways to differentiate themselves, with many trying to outplay each other with value-added services. The problem with this tactic, according to Dan Burke, the national cyber practice leader at Woodruff Sawyer, is that carriers can’t really afford to offer these services.
Burke had 12-years of experience on the underwriting side, including seven years underwriting tech E&O and cyber at ACE and five years with specialist underwriter Hiscox, before joining Woodruff Sawyer, which is one of the largest insurance brokerage and consulting firms in the US. He has firsthand experience of the constant tug of war carriers are playing between maintaining profitability and offering clients extra services.
“One of the insights I have from being on the underwriting side was that, at the time, lots of underwriters were trying to innovate with value-added services that they could bring to the table and offer to clients for free. They were focused on security products or tools that might ostensibly reduce losses,” he told Insurance Business.
“However, the reality was that the sales chain to get from carrier, through wholesale broker, through retail broker, to end-client was very difficult. Carriers can’t afford to pay for these value-added services because cyber insurance premiums are so cheap, and what they can offer is either really scaled-back or not something that’s actually useful for the end client.”
Burke moved over to the brokerage side partly because he believes brokers are in a better position to bring value-added services to cyber insurance clients. As trusted advisors, brokers can build bespoke risk mitigation programs for individual clients rather than offering a blanket suite of services that might not address unique exposures.
“It’s a fact of insurance life that despite our best efforts, companies have an inherent distrust of insurance carriers,” Burke commented. “Brokers, on the other hand, are not in that position. They can use their reputation as trusted advisors to bring services to the table that actually help the end clients.
“We’re not in a position to tell IT experts and CISOs what security tools they should use, but we can introduce them to a whole suite of services that are helpful – from risk mitigation, risk assessment, risk identification and so on – and then we can work with them to build a plan for how to address their cyber exposures over time. In my opinion, that’s a really valuable conversation to have with clients and it helps in telling a good story to the insurance carriers and underwriters.”
To achieve this goal, Woodruff Sawyer has chosen and vetted a cyber services network, made up of cyber security and IT experts who can work with clients to identify security gaps and develop custom mitigation plans. They can provide services like risk assessment, penetration testing, incident response planning, tabletop testing, and more, which the clients will pay for up-front.
“I don’t know many brokers that are bringing this level of service to their clients,” Burke commented. “As for carriers and underwriters, I think they’re still trying to figure out what they can offer and how they can gain a one-up on each other. A handful of newer MGAs in the market are leading with services as opposed to insurance, and some of the more traditional carriers are trying to play catchup to that.
“The problem they run into is affording to provide those services on a per-policy basis. The margins on the SME accounts especially – where these services are the most important – are not sufficient to cover the costs on a per-policy basis. As a result, they’re either providing watered-down services or they’re offering something that isn’t actually valuable to the client.”