The Big Question: How can brokers stay updated on cyber security threats and offer effective risk management support to commercial clients?

Beth Granger, senior cyber underwriter, CFC Underwriting

Brokers can stay informed and best support their clients by partnering with insurers that offer a full suite of cyber risk management services.

By providing access to a dedicated and experienced incident response team, alongside a proactive monitoring and threat intelligence service, brokers not only help their clients to manage and mitigate risk, but they can also build on their own cyber security knowledge.

For example, at CFC, we have built a global team of cyber security experts who remediate thousands of cyber events for policyholders every year.

Alongside this, proactive prevention delivered through our team is one of the most powerful ways in which brokers can support their clients – this includes providing access to continuous cyber monitoring, to help detect specific risk factors and vulnerabilities actively being targeted by cyber criminals and alert clients to cyber security threats in real-time.

Education is clearly important, so attending industry conferences and webinars provides a great opportunity for brokers to stay on top of evolving threats and risk management developments.

Our team is passionate about education. We strive to help brokers better understand cyber risk and to articulate the evolving cyber security threats and trends to their clients better through regular educational sessions and webinars.

In summary, a broker is best positioned to support commercial clients with cyber risks by partnering with experienced cyber insurers that can help keep them up to date with the latest trends and provide a comprehensive and innovative risk management toolset for their clients.

Graeme Trudgill, chief executive, Biba

There’s a lot of easy to access information about the latest cyber threats and how to protect businesses.

It’s key to remember that cyber insurance is more than just an insurance policy – it’s a service that can provide 24/7 threat and vulnerability monitoring, proactive security services and incident response, so it can really help to provide risk management support for commercial clients.

For example, one of our go to websites is the National Cyber Security Centre. There is also a lot of resource and information available to brokers via the Biba Cyber Scheme, including webinars, educational materials, guidance and access to expert knowledge, risk management tools and alert systems.

We also have two guides available, one to help brokers and another designed for brokers to use with their small and medium-sized enterprise (SME) clients, which may help brokers and clients prevent and survive cyber attacks.

However, despite cyber cover providing vital protection, take-up of this insurance remains low with only 7% of businesses and 8% of charities having a specific cyber insurance policy.

Furthermore, 96% of all cyber attacks are directed at SMEs, so it’s really important that brokers use as many resources as possible to help more businesses to recognise these risks.

Scott Sayce, global head of cyber, Allianz Commercial

In the 2024 Allianz Risk Barometer report, published on 16 January 2024, cyber incidents – such as ransomware attacks, data breaches and IT disruptions – once again ranked as the business risks of most concern for small, mid and large-sized companies.

Following two years of high but stable loss activity due to cyber attacks, 2023 saw a strong resurgence in ransomware losses, in particular.

So, cyber risk is obviously high on brokers’, insurers’ and insureds’ minds and given the fast evolving nature of the cyber threat landscape, it’s vitally important to remain informed and up to date with developments in this sector.

Cyber criminals are exploring ways to use new technologies, such as generative artificial intelligence (AI), to automate and accelerate attacks.

The growing number of incidents caused by poor cyber security, in mobile devices in particular, a shortage of millions of cyber security professionals and the threat facing smaller companies because of their reliance on IT outsourcing are also expected to drive cyber activity this year.

Close relationships and knowledge exchange is key for brokers, carriers, regulators and technology providers in the cyber field to enhance knowledge and boost resilience – especially for smaller businesses that often lack the time and resources to identify and prepare for cyber risk scenarios.

Tom Draper, head of insurance, UK, Coalition

Brokers want to protect their clients and be a risk management resource, but not all commercial brokers are cyber experts. Keeping abreast of the latest threat actor developments demands resources, advanced cyber security knowledge and the ability to translate this in conversations with non-technical clients.

Brokers need to be able to rely on their cyber insurance partners to share the most up to date information with them. These partners can share their knowledge with brokers via online learning and face-to-face sessions.

At Coalition, we run broker roadshows across the country, supported by monthly webinars on key topics, because we understand education is vital for brokers to have the confidence to talk to clients about cyber.

However, the speed of cyber threats can render even the most recent education redundant.

That’s why we continuously monitor policyholders and their vendor partners to understand the vulnerabilities impacting them and how to mitigate them. We use technologies like honeypots – a network-attached system set up as a decoy to lure cyber attackers – to identify emerging threats.

We share that information with brokers and policyholders to alert them to the latest concerns and ways to remediate them as quickly as possible. We do so in a non-technical manner, enabling brokers to support their clients with this evolving risk.

Andy Parkin, client director of cyber, data and crime, JM Glendinning

A great way for brokers to ensure their knowledge of cyber security remains current is to invest time in continuous professional development.

There are lots of training options available, such as IT security webinars and seminars focused on cyber security trends, threats and industry best practice.

Another good way of learning the best ways to reduce and manage IT and cyber risks can be to network. Consider developing business relationships with a broad spectrum of specialist companies and professionals within IT and cyber security.

This can help brokers stay up to date on the ever-changing attack surface companies face. Likewise, utilise threat intelligence services for updates on new and evolving cyber threats that may impact commercial clients.

Consider providing clients with non-invasive cyber security reports evaluating their external attack surface. These reports look at the visibility of public facing assets from discovery to vulnerability.

They can identify shadow IT, detect domain configuration errors, pinpoint technical vulnerabilities and find potentially leaked user credentials.

Finally, when discussing cyber security with commercial clients, it’s important to be able to articulate cyber risks in plain English, avoiding acronyms.

While cyber is such an intangible matter, having and maintaining a strong knowledge of IT security and the range of security available to commercial clients will prove invaluable.

David Molony, head of cyber solutions, EMEA, Aon

Assuming that any insurance policy is a complement to an overarching security strategy, it is incumbent on brokers to develop technical nous and skill sets to maintain relevance in an increasingly digital and volatile world.

Initially, we must focus on the appropriate utilisation of data.

The insurance industry – and more pertinently, brokers – harnesses significant levels of data across all industries and segments. The ability to harness this data will create an understanding of a constantly evolving threat environment and allow for product modification, which will be important for continued and maintained relevance.

As an example, threat analysis applied to something like the Mitre Attack Framework – which is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations – has the ability to provide immensely powerful insights for forward looking protection.

In addition, the upskilling of the existing workforce is paramount.

Policies are increasingly technical, as are buyers, and having the ability to connect with stakeholders in information and operational technology and information security at a technical level is non-negotiable. Advice needs to be relevant in transferring risk to the market.

Ultimately, brokers hold the position of trusted advisors. In order to maintain trust in a digital world and foster continued collaboration, proactive views on the challenges of cyber security globally and the necessary risk management advice must become the status quo.