More small businesses may be purchasing cyber insurance today as compared to a few years ago, but agents still have work to do to help clients understand their unique risks and ensure they have the right coverage.
That’s what panelists had to say during Insurance Journal’s March 31 webinar: What Agents Should Know About Cyber.
Panelists opened the hour-long discussion on a positive note, stating there has been an uptick in small and medium-sized businesses that recognize their cyber insurance needs and are purchasing coverage.
“We’ve certainly seen an uptick in small business customers,” said Rob Rosenzweig, national cyber risk practice leader at Risk Strategies. “With the growth of ransomware, I think the individual small businesses have realized how impactful that can be to their direct business.”
Indeed, ransomware – malicious software designed to shut down access to a computer system until a ransom is paid – is typically spread through phishing emails or infected websites. As technology has evolved, so have ransomware attacks, with The Cybersecurity and Infrastructure Security Agency (CISA) noting on its website that it has observed an increase in attacks globally.
“We’ve seen a huge uptick with the awareness and increase in both frequency and severity of ransomware claims, and then a huge awareness on the social engineering and invoice manipulation fraud front that seems to be driving more smaller businesses into the marketplace,” said Matt Donovan, senior vice president and cyber specialist at Worldwide Facilities.
Donovan said he believes the industry is on the back of a 10-to-15 year period in which businesses began moving to digital capabilities, and this has led to increased concern about ransomware and other cyber risks.
“Now, we see a high concern on the business continuity side, whether it be reliance on your own network or people waking up and realizing how much they’ve outsourced to the Cloud, to Amazon web services, Microsoft, Google – whomever it might be – and they recognize that while going through some pretty nice cost-cutting and efficiency measures, they now are further exposed to business interruption events,” he said.
Rosenzweig said on top of that, he’s seen more carriers pulling back on including cyber coverages in other lines of business or silent cyber risk coverages in policies.
“…which could be driving a need for smaller businesses to, for the first time, think about purchasing standalone, affirmative cyber coverage,” he said.
The Education Challenge
While more small and medium-sized businesses may be buying cyber insurance, there are still some misconceptions among insureds about whether they’re too small to be a target or what their policies actually cover, Donovan said. That’s where agents come in.
“Where I think the insurance industry probably needs to do a better job is on the education front,” Rosenzweig said. “A lot of stories you might see about the insurance marketplace not necessarily addressing cyber risk exposures are a function of policyholders being reliant on other insurance products that they think are going to have some element of coverage for cyber-related losses.”
Matt Prevost, senior vice president of cyber at Chubb, agreed, adding that agents and brokers have a responsibility to help clients understand what their policies cover.
“I think there’s an element of agents and brokers really pinpointing, ‘Okay, here’s what cyber coverage is, here’s how it relates to you as an organization, and here’s why you need to understand this,'” Prevost said.
It’s important for agents to run through an actual claim scenario, he explained, in order to understand how a cyber insurance policy will respond in the event of a claim and what the next steps are. That way, agents can properly convey this information to clients.
“I think those are the good agents and brokers if they understand the ramifications of not just going out and seeking cyber coverage, but really knowing how a policy works at the time when it’s needed,” he said. “That’s where we’ve seen that education gap lessen in a favorable way, given that they can communicate that message to those non-buyers who are out there.”
Understanding Coverage for Clients
However, it’s not just insureds that need a better understanding of cyber insurance. Agents also need to educate themselves in order to meet clients’ coverage needs, panelists said.
I think we’ve only scratched the surface as to where it’s going to go.
“The popularity around cyber is something that’s important, but also the significance of educating the agent/broker community around cyber insurance,” Prevost said.
Rosenzweig said any remaining lack of buyers in the cyber insurance space could partially be due to insurance brokers and agents who aren’t cyber specialists feeling hesitant to talk to clients about it. This is especially important for agents just getting started selling cyber, he added.
“If you’re getting started, first and foremost, you need to understand that there is no standardization of policy wordings across the marketplace,” he said. “There is just a tremendous difference from one policy to the next, so either taking a crash course and familiarizing yourself with some of the trapdoors in the wording or linking up with a broker or other outsourced provider that can help you navigate those differences in the wordings can be crucial. You have to be able to give the 50,000-foot view of what a policy covers, and then try to extrapolate that to: What does that mean for the insured?”
Rosenzweig pointed to industry resources such as classes and publications that can help agents understand the available insurance coverage, as well as trends facing small and medium-sized businesses.
“You certainly don’t need to be a technology expert, but to have that base level understanding so that you can communicate to a small business owner in a very succinct and clear way why they need to think about data security and why the insurance policy might help them – that’s imperative,” he said.
Additionally, Nadia Hoyte, national advisor for USI Insurance Services’ Executive & Professional Risk Solutions Practice, said new agents need to understand why their client is thinking about cyber in order to find the right product.
“Sometimes, there is the desire just to go out and just get an insurance policy, but I do think it’s always prudent to take that step back to really understand what are [the clients] asking for, and making sure that is aligning with the product that we’re putting in front of them,” she explained.
This starts through candid conversations with policyholders, Prevost said.
“I think that’s when the cyber insurance marketplace is performing on all cylinders; when that communication happens, rather than just thinking, ‘Okay, these small businesses are going to get attacked,'” he said. “We can’t just throw our hands up in the air.”
The Age of Specialty
However, if agents hope a better understanding of cyber coverage will be made easier with standardized policy forms, that’s probably not going to happen anytime soon, panelists said.
“If we talked about cyber insurance overall as a marketplace, there are over 70 carriers in the market in the United States,” Prevost said. “All have different policy forms. All have different underwriting questions. Really, there’s an element of innovation and staying flexible with both policy forms and the underwriting questions because these threats are evolving constantly.”
Indeed, Rosenzweig said differentiation of policy forms presents an opportunity for agents and brokers to set themselves apart by becoming experts who can navigate a crowded and noisy marketplace. “We are in the age of specialty,” he said. “I think clients want a specialty-focused insurer that is nimble enough and innovative enough to continually have an iterative policy that’s going to meet the unique needs of their industry and their risks. If we were to move towards a higher level of standardization, you lose that.”
‘You have to be able to give the 50,000-foot view of what a policy covers, and then try to extrapolate that to: What does that mean for the insured?’
That said, Hoyte noted overall concepts will need to see more standardization in the future to lessen the risk of inconsistency and confusion about whether coverage exists in certain areas.
“For example, the concepts of gaming or computer hardware replacement costs – that particular concept is extremely different when you read the technical language from one policy to another policy,” she said. “There should be some consistency from that
perspective, because that certainly would benefit the insured.”
Scratching the Surface
With all of this in mind, panelists answered one final question: Where is the cyber insurance market headed?
“I don’t think it can get much more competitive,” Donovan said. “It’s pretty competitive right now in the marketplace.”
With the spike in ransomware and increased frequency of attritional losses, Rosenzweig said he anticipates more carriers will begin pulling out of the marketplace, leading to a smaller network of specialty insurers offering the right coverage, understanding the risks and asking important questions.
“It will ultimately be better for the marketplace to have a committed, concentrated number of carriers that we know are here for the long-term and that we feel confident placing our clients’ business with,” he said.
In addition, Hoyte said she believes the way insureds are thinking about purchasing cyber coverage will change in the future.
“I think you will start to see people buy very differently in the future because they will see it as a risk that overlays your business rather than something that ties specifically to certain aspects of your business,” she said. “I think there will also be an influx of different ways to buy cyber insurance. It won’t necessarily be just a standard retention or deductible and then a limit on top of that. There will be different ways to conceptualize how you’re able to buy the insurance.”
Donovan said while heightened competition may be keeping underwriters on their toes, he believes the industry has done well evolving with new cyber threats.
“We’re still rapidly evolving as far as what the coverage is going to encompass. What we’re covering today will be expanded by next year, and so on,” he said. “I think we’ve only scratched the surface as to where it’s going to go.”
Was this article valuable?
Here are more articles you may enjoy.