If this latest wave of retail cyberattacks proves anything, it’s that any business in any sector and of any size can find itself breached. These aren’t fringe incidents anymore; they’re national news, hitting high-street brands and sending disruptive shockwaves through supply chains.
In everyday life, I’ve heard more people talk about cyberattacks in the last month than I have in the last year. We have radio stations running specialist segments, and families discussing email scams at the dinner table.
In this market, continuing to talk about cyber insurance as a specialist product risks missing a massive opportunity, and moreover leaving customers without crucial cover because they and their broker didn’t understand the value proposition of the product. If a business risk can shut your doors and stop you trading, it belongs in the core commercial package, right alongside property and liability.
Unfortunately, cybercrime is an exploding industry. It used to be that criminals robbed businesses with weapons, now they’re robbing businesses with keyboards. But we’ve been communicating this in the wrong way, making cyber insurance feel like a specialist product, only relevant to certain businesses, when it’s not. We need to stand up and be abundantly clear that cyber insurance is simply modern crime insurance, and that every business should be a buyer.
Cybercriminals evolve constantly. Are we?
This year, we’ve seen a new generation of cybercriminals emerge—faster, smarter, more agile. Their tactics constantly evolve, and right now, they’ve turned their attention to retail. Why? Because they found the door slightly ajar. That’s how this works; they go where the locks are weakest. So if you’re in a sector that “hasn’t been hit yet” don’t get complacent. Not every breach makes headlines, but the damage still gets done.
Yes, we’ve recently seen an uptick in cyber submissions. But penetration of cyber insurance across the SME size-segment is still woefully low—and often it’s the smaller firms that are most exposed. So why are we still treating cyber like a specialist product?
For too long, the cyber market has seen itself as a niche corner of the industry—and spoken like one. We’ve wrapped the product in a language that needs decoding, using acronyms and technical jargon that make the product inaccessible to the very people we want to reach. If generalist brokers can’t explain what cyber insurance actually does in a way an SME businesses can understand, that’s on us. It’s time to change the lexicon, simplify the pitch and meet people where they are.
The product isn’t the problem. Our messaging is.
The product isn’t the issue, far from it. Today’s cyber policies are some of the most innovative in the market. They’re proactive, preventative and packed with value. What other line of insurance offers a suite of services designed to stop claims from happening in the first place? Not just a risk survey at inception and see you in 12 months. With cyber, we’re talking about continuous monitoring, active alerts, round-the-clock support. It’s not insurance as a fallback, it’s insurance as a service. The promise to pay has become a promise to protect.
The way we talk about it is where we’re falling flat. We’ve got a powerful story, but it’s buried under mountains of jargon and market lingo that too many people outside the cyber bubble switch off to. We’re not lacking in quality, we’re lacking in clarity. If we want cyber to be understood as modern day crime insurance, we need to start describing it that way.
It’s fair to say most brokers are not cyber specialists. So when cyber comes up, with its specialist reputation preceding itself, eyes can glaze over. That’s not because they’re not interested in cyber, but because the value proposition is not clearly communicated. That’s exactly why CFC runs Cyber Masterclass, a new video learning series designed to cut through complexity. Most classes of insurance remain specialist for a reason. But cyber isn’t like professional liability or product recall which are only relevant to some businesses. Cyber is relevant to every business and every broker.
A rallying call for today’s cyber market
Cyber is the first insurance product for generations which is relevant to every single business. It should be part of standard commercial combined policies (or business owner’s policies in the US). Yet too many of the brokers who sell commercial combined policies don’t sell cyber to their customers. That’s because the value proposition hasn’t been communicated to them in everyday language, rather than the language of the cyber market.
Cyber prices are falling, cyber threats are increasing, so the time to make cyber mainstream is now. So let’s talk mass-market, not cyber market.
Topics Cyber
Was this article valuable?
Here are more articles you may enjoy.
Viewpoint: Certificates of Insurance…Or How I Got a Job in the Prison Laundry 
DeSantis Signs Law Giving Condo Owners Some Relief, But Questions Remain 
Public Adjusters Decry Florida Citizens’ New Plan That Keeps Their Names Off Checks 
What to Watch: The Trends for P/C Insurance in 2025 So Far 
