May 21, 2020 by David Gambrill
Smaller brokerages need improved tools to sell cyber insurance to small and mid-sized enterprises (SMEs), a cyber insurer told Canadian Underwriter recently.
The industry is currently working to provide those tools, which may include a scaled version of the third-party cyber services offered to large organizations. Such services may include IT support and forensics, credit monitoring, as well as access to legal advice and public relations firms that offer crisis communications.
One trick is to scale such services so that they are appropriate for smaller-sized clients, Tim Zeilman, global owner of products, cyber, for HSB (part of Munich Re), said in a recent interview.
“Everybody realizes that agents and brokers need to be better armed with tools that they can use to communicate the importance of this to their clients, but it’s been a struggle to find the right tools,” he said.
The P&C industry has risk management services associated with its cyber insurance coverages, as Zeilman observed. “We are trying to expand our capabilities there, particularly for smaller insureds, to make sure that these services can be easily delivered to the smaller insureds in a way that is efficient for insurer and insured. And also, to make sure they provide outputs that are appropriate for smaller insureds.”
For example, Zeilman said, a large company with comprehensive IT services and security, and a full-scale risk management department, can benefit from the kinds of sophisticated risk management services associated with a commercial cyber insurance policy. “Whereas in a smaller business,” he added, “the buyers of insurance may be the owners of the business, and they have all kinds of responsibilities – cyber insurance and cyber security among them – and you need to find a service that may give a person, who may not be terribly sophisticated, outputs that they can act upon. It’s a challenge.”
It’s not just about the tools, of course. Brokers need to feel more comfortable about the topic, too. Part of the issue is that many smaller brokers may not feel like they have the time, skills or expertise to keep up with a rapidly changing field, Zeilman said. Companies are trying to arm their brokers with claims information that is industry-segmented and relevant to broker clients.
The field of cyber security is shifting, as claims and coverage expand beyond privacy and data breaches into the sphere of ransomware and social engineering attacks that involve impersonating corporate executives. Cyber criminals are using data found on social media to find out email addresses, and when senior executives might be out of the office.
In a word of working remotely from home, Zeilman says, “you are more likely to be persuaded by an email that says, ‘Hey, I’m on the beach, but I just got this emergency email from one of our lenders. They haven’t been paid. They’ve gotta be paid today. They’ve changed their bank account. Please send out the wire. It’s gotta go out by the end of the day today.’”
Most companies will have secondary checks and not move money based on a single email, as Zeilman notes. But a recent cyber survey by HSB shows that almost half of employees receiving these types of financial scam emails (47%) responded by transferring company funds. The losses most often resulted in the $50,000 to $100,000 range (37%) and rarely less than $10,000 (only 11%).
Feature image via iStock.com/iLexx