Six Secrets to Selling Cyber Insurance

Six Secrets to Selling Cyber Insurance | Insurance Business America

Six Secrets to Selling Cyber Insurance

Karly Overman, a director of business development at IDT911, gave Insurance Business these six tips for successfully selling cyber-insurance policies.

The good news is that cyber risk is no longer a foreign concept to most business owners. Small and medium-sized businesses increasingly recognize security breaches as an exposure.

Data risk and the loss of personal information now fit into the traditional insurance portfolio alongside fire and theft coverage. But framing productive conversations around cyber liability risk can still be a challenge for agents.

Nearly two-thirds of small and medium-sized businesses have been targeted by cyber crime, according to a Symantec survey, but agents may still need to prime the pump when talking with clients.

Here are some helpful tips for explaining and selling cyber liability coverage.

1.    Help clients understand the different types of information they’re storing. Talk with the policyholder about what the exposure is and how they protect information. Most business owners understand the sensitive nature of processing credit cards and maintaining Social Insurance numbers, but they may not consider medical or family information, e-mail addresses and birth dates to be sensitive.

2.    Shed light on compliance rules that could affect clients in the event of a breach. Provincial regulations on privacy vary in both the public and private sector. Only two provinces have enacted specific breach notification requirements. Federally, the Office of the Privacy Commissioner has issued keys steps organizations must take in responding to privacy breaches. Most clients will be under some level of provincial or federal compliance guidelines, each of which costs money and/or time. Navigating those requirements can be cumbersome, expensive, and time-consuming. Identifying potential resources is likely to be a significant talking point for agents.

3.    Discuss how exposures typically happen. Offshore hackers present an exotic image, but many security breaches stem from mundane causes. Laptops are stolen, file cabinets are left unlocked and passwords are written on sticky notes. Once business owners understand the risks, turn the discussion toward what would happen if an exposure occurred. Ask if there are policies and procedures in place.

4.    Shift the focus toward your client’s coverage needs. The amount of sensitive data a business holds is one factor in determining what’s appropriate. Examine the number of customers and employees at the business. Companies that handle minimal data will likely have different needs than those with tens of thousands of records. This point can be a relief to small businesses with tight budgets and may help you move ahead with developing a suitable solution.

5.    Be prepared to discuss risks based on the client’s industry. Companies in the healthcare and financial sectors typically contend with elevated risk, but any firm that deals with personal information should be aware of the potential for exposure. Cyber criminals are constantly finding new ways to use stolen data, and that information may be benign today but a gold mine tomorrow.

6.    Remember that data risk covers more than just electronic data. Paper records are still widely used by businesses in nearly every sector, and must be considered when crafting a data protection strategy. Medical files, banking documents, even insurance information continues to reside in paper format.

At this point, a discussion about first- and third-party coverage is often the next natural step. Because this coverage area is evolving, not every insurance company provides both types of coverage. If a client focuses only on third-party coverage because of the large sums of money typically involved in lawsuits, remind them that first-party coverage—protecting out-of-pocket expenses such as sending notification letters to customers—also can be instrumental in helping their business survive the financial impacts of a security breach.