Cyber sector challenges present broker opportunities

No comments

Cyber insurance is often seen as low priority to SMEs, but brokers are in a unique position to add value

Current challenges in the cyber insurance market present opportunities for brokers and therefore they have a critical role to play in its growth.

The cyber market is facing several challenges that is stifling adoption rates, such as the speed at which cyber insurance wordings are evolving, the perception that cyber insurance is a “small ticket item” and a lack of joined-up thinking between organisations.

This is according to a report The Role of Intermediaries in placing Cyber Risk from cyber risk analytics specialists CyberCube, which looked at how brokers can add value to clients to understand the purpose of cyber insurance, exposure and policy wording.

The report found that brokers can support underwriting partners with cyber risks, as understanding the view of both clients and underwriters could maximise efficiencies and be mutually beneficial.

It follows CyberCube launching its first product for the broking market. Broking Manager is designed to help brokers measure, understand and explain the sources and financial impact of cyber risk to clients.

Indispensable role

John Anderson, CyberCube’s client services manager, said: “Cyber risk presents a unique opportunity for brokers to further entrench themselves as trusted advisors, helping corporations navigate the complexities of this risk and successfully insure it.

“Marrying their understanding of insurable cyber risk with their business relationships and expertise in policy wording, brokers can seize this opportunity to grow the cyber market, while carving out an indispensable role for themselves.”

Hinderance

A recent survey by accountancy firm EY found that just two-thirds of organisations thought they had adequate cyber coverage to meet their true exposure to cyber risk.

CyberCube identified three factors that hinder growth of cyber insurance:

The protection of information and risk management functions in a company are often siloed or differ, therefore the languages of the two may not be entirely understood. This is especially true for SMEs
Cyber insurance is seen as a “small-ticket item” making it low priority for many
Varying cyber policy language means it is a “shifting problem” and difficult to understand or measure in absolute terms

How can brokers help?

The report highlighted how the broker can be of value to clients, namely:

Brokers are trusted advisors in cyber insurance not cyber security
Understanding exposure is only half the battle, but mapping exposure to coverage and policy wordings is where brokers can shine
Helping carriers reach a ‘yes’. Underwriters are concerned with balancing the profit and loss of their portfolios, but market conditions have opened up the floodgates for more product-oriented underwriters
Standalone cyber is only part of a well-built insurance program. There is an enormous opportunity for brokers to play a pivotal role in facilitating collaboration across multiple lines of insurance cover

Brokers can also help clients understand how more technical categories of cyber exposure map to insurable losses, and what steps a company can take to mitigate or transfer exposure for these risks.

They can also leverage their relationships with insurance carriers to deliver new, fit-for-purpose solutions to address both existing and emerging cyber risks.

Does size matter?

The risk to a small or large company varies even though they are exposed to the same threats.

Larger companies have dedicated roles for risk management and information security functions, whereas smaller companies do not always have the same resources, and roles can be spread thin, the report highlighted.

This means that smaller companies encounter resource restraints, both financially and in expertise. It can therefore be difficult for them to develop a mature InfoSec program.

And although large-scale cyber-attacks also contribute to deepening the divide, smaller companies often feel disenfranchised by hearing of the perils of a larger company, even though they may face the same risks.

It is therefore, important to educate smaller companies about their own vulnerabilities to similar attacks.