Small- to medium-sized enterprises (SMEs) are increasingly vulnerable to cyberattacks, and yet many highly underestimate their exposure and don’t believe they need to have cyber insurance.
For cybersecurity awareness month in October, Keith Savino (pictured), national cyber practice leader at PCF Insurance Services, shared three questions business owners should answer about their cyber risk.
“Part of the challenge is that small businesses relate cyber insurance with credit card transactions, but that’s one drop in their swimming pool of exposure,” he told Insurance Business.
Savino’s three questions for SMEs are:
“A lot of folks would say, ‘I’m not a target. No-one wants to come after me,’” Savino said. “The reality is if you can answer ‘yes’ to any of those questions, you are the target.”
The good news is that the number of cyber solutions and products available to SMEs has grown dramatically, and premiums are more accessible than ever before.
Critically, many of these solutions include access to cyber expertise, pre- and post-claim, that many small businesses may not have.
“The coverage is attainable for a vast majority of small businesses today, and I think that’s huge because small businesses are under attack,” Savino said.
“There is a sense that they may not have the same IT resources and security procedures that a larger company might have. They don’t have a chief information officer or a chief information security officer.”
Though cyber insurance has been in the picture for over 30 years, Savino believes the market is still in its nascency.
“We’re in an exciting time in this space,” he told Insurance Business. “I think this market hasn’t seen all the adjustments that are going happen to it, and I’m not just speaking about rate.”
Savino cited the proliferation of cyber risk mitigation services and “active” cyber insurance providers that are highlighting the importance of security alongside insurance as a positive sign for the industry.
He also predicted that more players are likely to enter the market, adding capacity.
“It’s a marketplace that has tremendous potential, and folks are drawn to potential,” Savino said.
Moreover, conversations between brokers, insureds, and carriers are evolving, with insureds playing a more hands-on role in the insurance process.
“It’s not a matter of filling out a form, waiting for a quote, and then talking to the client next year. I think we’ve moved from that logic,” Savino said. “I find that sophisticated clients are very happy to have these conversations about engagement.”
Apart from technology and underwriting innovation, the community that has sprung up around cyber insurance over the past three decades has also given business strength.
“While we often talk about being disrupted, I think the disruption comes from inside the industry,” said Savino.
“If you look at some of the most successful organizations in the industry right now, they’re the folks always trying to build a better mousetrap and to leapfrog each other.”
The resurgence of ransomware attacks and several high-profile cyber breaches in recent months have drawn attention to the exposures faced by small businesses once again.
Cybersecurity awareness month is a time for brokers to renew conversations about risk mitigation with their clients. But Savino stressed that knowledge about evolving cyber risks is not a month-long endeavor.
“What we can do this month is to continue to post information and share as much as possible about it. But to me, cyber is clearly not about being aware for one month,” he said. “Cyber is truly a way of life. You always need to think before you click.”
Are you a broker working with SMEs on their cyber insurance? Share your perspective below.