Learning from the past is the best way to predict the future. Cyber attacks in the 2000s vs. today are quite different. Cybersecurity has progressed by leaps and bounds in the last 20 years, but the risks of attacks have grown at a faster rate. Therefore, insureds that can prove strong cybersecurity can request discounts on their cyber insurance. It is in this direction that the cyber insurance market is heading, and an opportunity for forward-thinking brokers to generate more revenue.
The best defense is a great offense
The rapid global escalation in cyber attacks is creating a demand for better cybersecurity, especially for small to medium-sized (SMB) companies. As SMBs lack the sophisticated cyber defense strategy of their larger brethren, many C-suite and Board of Directors do not know the risk their company is in. They trust the two person IT department to function with the sophistication of 50 people. That is just not possible anymore. They must explicitly task someone with the security piece.
One example of how SMB’s are becoming targets is Wawa, Inc. a chain of convenience and fuel retail stores in eight eastern States. Between March 2019-December 2019, Wawa was hacked through their payment processing servers. The hackers retrieved payment information, including debit and credit card numbers, expiration dates and cardholder names. While the damage is still being assessed, Wawa’s liability is estimated to be in the tens of millions of dollars.
Rokenbok, a California-based company, was hit by a different hack: ransomware. For a company that taught children how to think like engineers, getting hit with a Denial of Service attack, which shut down their website was something that never crossed their seven full-time employees’ radar. Unlike a lot of SMBs hit with ransomware, Rokenbok got lucky: they did not go out of business. Instead, they rebuilt their software from the ground up at great expense. This is just another tragic example of how small businesses are vulnerable to attacks, not just large corporations.
Even public institutions are vulnerable to ransomware hacks. In March 2021, a school district in Buffalo, New York was hacked. Caught completely unprepared, the superintendent stated that “If we can't solve this during the weekend, I will have to call school off for Monday, and for the near future, if need be.” As ransomware continues to proliferate, expect more disruption of critical services and infrastructure.
Where does Cybersecurity meet cyber insurance?
For the unprepared, this meeting occurs just after an attack. Cybersecurity breaches are highly public and damaging; this is when many companies' eyes open to the lack of security in place. Unfortunately, by that time it is too late.
Before purchasing cyber insurance, companies should invest in cybersecurity. However, there are emerging opportunities to build cybersecurity directly into the policy or purchase it separately. Most cyber insurance companies give a discount in either of these situations. For SMBs, the best options are on-demand cybersecurity services to proactively fill gaps like a dedicated information security team, by companies like GamaSec. Proactive cybersecurity grants users, executives, and directors the peace of mind that they have taken necessary action to secure their business.
Check with the insurance carriers you work on additional cybersecurity service add-ons. If those carriers do not offer cybersecurity add-ons, make recommendations to insureds on services that they can quickly deploy. Providing valuable advice increases a broker’s ‘stickiness,’ and helps build a growing source of commission.
The future of cyber insurance
Here is a hint: it starts with C and ends in ybersecurity.
An insured’s website is their gateway to the world. It is how they connect with customers, share information, and grow their business. Protecting their gateway and reputation should be at the top of every broker’s priorities.
It is important to remind insureds that as much as they remind users not to open certain emails or websites, inevitably, clicking a malicious link will happen. If the company is proactive, the cybersecurity product they purchased will react. And if all else fails, while cyber insurance is not a silver bullet for solving cybersecurity problems, it is a bulletproof vest to help the business get back on its feet.
The whole insurance industry is already moving towards active risk mitigation, either through specialized advisors or professional development. The next logical step - and opportunity - is for brokers to provide cyber tools to manage and detect the cyber risk as a pre-breach solution.
Broker’s that can offer tools which lower the risk of a cyber breach are in a win-win situation: both lowering their insured’s premium and increasing their market share. It is important to explain to insureds that IT security is one part of the puzzle; cyber insurance is the other. They are not mutually exclusive and should go hand-in-hand at all times. Forward thinking cyber security companies like GamaSec offer bolt-on products for brokers to protect their SMB’s cyber exposures. As companies develop their understanding of cyber risks and exposures, both the demand and need continue to grow, as does integrating a pre-breach cyber solution to prevent and minimize cyber risk.
Special thank you to the author of the article, Premier Consulting Group LLC. Premier Consulting are insurance and insurtech experts. They specialize in offering innovative products, like cybersecurity with GamaSec. If you would like to learn more, Premier Consulting can be reached at lb@picg1.com or through their website at www.picg1.com