Expert view: How the Insurance Industry can sell Cyber

Cyber risk continues to be a hot topic, producing a seemingly endless tide of articles, seminars and white papers covering subjects from the General Data Protection Regulation (GDPR) to the WannaCry ransomware event.

With all of this information hitting desks, it is tough for anyone to sort the wheat from the chaff when trying to keep abreast of the latest developments and threats and to understand how cyber insurance may relate to these risks.

Even the word “cyber” provides a poor description of the risks we all face. It is used to compress two fields of risk management, information security and data protection, into one word that actually has multiple meanings. 

To complicate things further, the cyber market is guilty of a lack of consistent terminology used when defining its cyber coverage with the result that we have a confusing array of policy wordings using wildly differing language, but which broadly intend to cover the same core risks.  

This paints a pretty bleak picture for the market and makes it very difficult for brokers to compare products with confidence as they try to understand the nuances that the various wordsmiths have introduced and present a balanced recommendation to their client.  Brokers may, understandably, shy away from selling a product in which they have limited confidence and which may expose them to accusations of mis-selling or errors and omissions when things don’t work out as expected.

Despite this, there are strong reasons to be optimistic.  Client interest in cyber insurance remains high and we all anticipate strong market growth as a consequence of GDPR. It’s important that we help to demystify cyber insurance and light a pathway that leads brokers and their clients through the various areas of cyber risk within a business – from websites, production and sales through to invoicing, payroll and HR. Identify the threats that we are seeing propagate against each of these business areas and identify the corresponding coverages that are offered under a cyber insurance.

Insurers may offer value added benefits with their product to enhance the quality of a client’s cyber security risk. For example, at Manchester Underwriting Management we have partnered with Berea, a cyber-security risk management company. Berea’s online training platform, Cyber AMI, helps companies to reduce their risk through education and helps them to achieve the Government standard of Cyber Essentials.

How often do we find that clients challenge the need for dedicated cyber insurance stating that “my business is not a target for hackers” or “my IT team has this covered” and asking “isn’t this already adequately covered by my other insurances?” We all know that the answer is a resounding no, but how do we get a client to see that having cyber insurance and cyber risk management is just part of good risk management of a business. 

It’s crucial that insurers and MGAs do all they can to help educate not only the client, but to assist the broker too. Many insurers offering cyber insurance are happy to tell you about their policy but what assistance is there in helping to explain it to a client or to raise the demands and needs questions a client needs to consider? The challenge is that like the word “cyber”, it is very hard to condense everything a broker needs to know into a handy document. Most become overly long with too much cyber text, and others that try to over-simplify it end up giving no relevant information to help the broker. It’s key for the industry to strike a balance between too much information and not enough when it comes to demands and needs. 

The challenge is clear and we must provide the tools to aid brokers in the risk evaluation and sales process if we are all to realise the potential growth for cyber insurance over the coming years.