The Insurance Bureau of Canada says 99% of Canadian organizations have reported an increase in cyberattacks since COVID-19 began, but many brokers appear to be struggling to sell cyber.
“Anecdotally, Canadian brokers have indicated that many clients don’t believe a cybercrime is likely to happen to them and they don’t fully understand their exposures, which adds to the challenge of selling cyber insurance to businesses,” Sovereign Insurance says.
Allianz Global Corporate and Specialty (AGCS), analyzing $1 billion of insurance industry claims, has shown cyber incidents including cybercrime accounted for 47% of the risks in financial services. Rounding out the Top 5 risks were the pandemic outbreak itself (40%), business interruption (31%), changes in legislation and regulation (26%), and macroeconomic developments (19%).
Insurers see a rising number of losses from outages or privacy breaches with third-party service provides a potential weak link, concludes its Financial Services Risk Trends: An Insurer’s Perspective report.
Despite growing awareness of threats, and an increase in frequency and severity of attacks, there hasn’t been a concurrent rise in demand for standalone cyber coverage, says Sovereign Insurance.
In a Deloitte survey on cyber insurance growth conducted last year, middle-market companies (between U.S.$250 million to U.S.$1 billion in annual revenue) were asked why they didn’t purchase a cyber policy. Reasons included concerns about product issues, distribution, and buyer concerns. Over 41% of respondents felt it was too expensive, 22% said their broker or agent did not suggest coverage, and a further 17% said they weren’t aware coverage was available as a standalone policy.
While these barriers mean “cyber isn’t necessarily an easy sell” Sovereign advises there are ways brokers “can overcome challenges in the marketplace and make the case for cyber insurance”.
Making cyber risks relevant to a client’s business – Brokers should initiate discussions about the cyber threat landscape and highlight risks relevant to their business or industry. Manufacturers, for example, would be more concerned with phishing or ransomware attacks than data breaches.
Building the case with case studies – In addition to outlining where clients’ exposures might be, brokers can inform them of the potential significant business impact that could follow a breach. The Deloitte survey found that respondents who bought standalone policies were often reacting to cyberattacks against others.
Creating a sense of urgency – The cyber landscape is changing quickly, with no business immune from the threat and insurers dramatically revising their approach, in some cases increasing premiums and tightening coverages across the board. Brokers can discuss how difficult securing cyber insurance could be if a client has had a recent loss, and how the longer they wait, the more vulnerable to a possible cyberattack they become.
Educating clients on the need for standalone coverage – Insurers should help brokers to help clients understand how standalone cyber policies can close possible gaps in a client’s current coverage and offer greater clarity.
Highlighting the value-adds – Brokers should take the opportunity to tell clients about value-added benefits of standalone cyber policies, such as breach preparation and breach response services.