Briefing: Commercial brokers must build cyber cover confidence to avoid ‘lazy broking’

By Editor Katie Scott

The penetration of cyber insurance among the UK’s SMEs remains a concern.

Research by insurer Aviva, published in October 2022, found that despite 21% of UK SMEs experiencing a cyber incident between October 2021 and October 2022, 34% of this demographic have still have not purchased cyber cover.

Equally, a survey of 2,000 UK SMEs conducted in Q3 2022 by analytics firm GlobalData found that 56% of medium-sized businesses, 40% of small businesses and 17% of micro businesses had a cyber insurance policy in 2022.

Although it’s easy to point at cost pressures of the Covid-19 pandemic and current recession as the only drivers of low cyber cover take up, another unwelcome factor could be that brokers are simply failing to talk to end clients adequately about this risk.

Chatting around this topic at an exclusive cyber themed roundtable event this week (26 January 2023), hosted by Insurance Times and sponsored by professional services firm RSM, Matthew Clark, cyber director at broker Partners&, explained: “I’ve never had clients push back on an insurance purchase as much as you get with cyber. No one ever gives me any reasons why they don’t buy fire insurance, professional indemnity, product liability.

“But, for some reason, cyber [clients] give you half a dozen reasons why they don’t need it. So, it’s overcoming that which is the critical thing for us. Brokers are doing a very poor job on the whole.”

Generalist versus specialist?

One stumbling block, according to Richard Hodson, cyber broker and consultant, is that cyber insurance is viewed as a very niche, specialist area – therefore, generalist commercial brokers tend to shy away from wanting to have in-depth client conversations about this risk.

He said: “You go to small, SME brokers [that] are maybe just generalists [and] they don’t feel confident about selling cyber. I think that’s a big problem.

“I honestly believe that every commercial broker [that] can sell commercial combined can sell cyber. They just need to shift their perceptions.”

Clark agreed that determining how best to allocate cyber cover internally was a consideration for Partners& too. He noted: “We’re going through exactly the same thought process at the moment – do we try and turn 200 odd people into cyber experts or do we just have a core of people who just do nothing but cyber across all those client sectors?”

Mark McIlquham, president of UK retail at Acrisure, also identified staff confidence as “the biggest issue” counteracting greater cyber insurance penetration.

He explained: “I look at our brokers – we’ve got to do a massive upskilling of their knowledge of the products.

“A typical, everyday, SME broker wouldn’t [be able] to sit here and have a conversation about [cyber insurance] and make really valid points for their clients. They’re almost selling it because we’re asking them to and it’s an obvious growth area for all of us.

“We all think cyber is a great idea, we all think that our clients need it. I’m not sure how well we’re equipping the actual brokers to sell it and ask the right questions to their clients. The easiest thing to give away is cyber and almost not to bother with it.”

Clark added that currently, cyber cover discussions are “far too transactional”. This often involves “brokers just [throwing] a 14-page questionnaire at the client when they say cyber and [saying] ‘well fill this in, I hope you don’t ask me any difficult questions’”.

McIlquham agreed and described this approach as “quite lazy broking”.

Simon Mabb, group managing director at Romero Insurance Brokers, added that many brokers serving SMEs are primarily concerned with the errors and omissions risk around incorrect building sums insured rather than having cyber cover conversations, as this is where the main threat of being sued lies.

Looking to improve

Although roundtable attendees’ comments painted a bleak picture of brokers’ confidence around selling cyber insurance, the positive takeaway is that broker leaders recognised the issue and were keen to rectify it.

Clark, for example, noted that brokers must “talk about risk, not insurance”, while Lindsey Nelson, cyber development leader at CFC Underwriting, said that all staff within a broker should be made accountable for learning about cyber insurance – this would help eliminate cyber insurance’s image as a specialist and awkward class of business.

Hodson, however, feels there is more insurers can do to help.

He explained: “The insurance underwriters aren’t helping. We’ve got different underwriters calling different cyber [risks] different things. We need the market to come together to create some standardisation.

“Even if we just say ‘right, we’re going to have sections. That’s my response piece, that’s my first party piece, that’s my third party piece’ and we start to get some standardisation of terms in there.”

In response, Nelson noted that she does not think this type of standardisation will become the norm until more insurers invest in technology.

“One of the challenges from the underwriting side is there’s such an abundance of underwriting talent needed and no time to train on interpreting those questions [from brokers],” she added.

It is undeniable that the insurance industry needs to be on the same page when it comes to cyber insurance. The cyber risk landscape is constantly evolving, fast-paced and incidents can prove costly, so broker nervousness is understandable to an extent.

Cyber risks are not going away, however – they are only growing. So, if brokers remain unconfident about having cyber conversations with their clients, then they will remain firmly on the back foot behind their competitors and peers.

As roundtable attendees left with learnings aplenty, it will be interesting to see how their firms now tackle this staff cyber confidence crisis.