New cyber product covers pre-policy breaches, personal phone use for work

Addressing two major gaps in cyber coverage for small to medium-sized businesses (SMEs) inspired the launch this week of Cyberboxx by new managing general agent (MGA) Boxx Insurance.

CyberBoxx addresses: 1) breaches before the policy commencement date, and 2) employees who use their own devices for work.

“First, many smaller companies wouldn’t know if they have been compromised, never mind when,” Boxx Insurance CEO and co-founder Vishal Kundi told Canadian Underwriter. “Second, many smaller companies allow employees and part-time workers to use their own devices for work. So what if an employee-owned mobile device was used as the point of entry by a hacker? These are good examples of the type of gaps in coverage that we’re obsessing about on behalf of SMEs.”

Cyber coverage is often designed for the needs and resources of enterprise-size clients. But Alister Campbell, chair of the Boxx Insurance advisory board, said cyber is a relatively new risk “and not one the insurance industry has nailed yet. And, we think it is probably the single most critical threat facing small businesses.”

Related: New MGA promises to “redefine” cyber risk business in Canadian P&C market

Cyberboxx focuses on the needs of smaller organizations that probably do not have an IT specialist, let alone an entire cybersecurity team to monitor and identify potential intrusions, Kundi said. “The Cyberboxx product is designed to not only help clients respond and recover from a cyber incident, but predict and prevent one,” he said. “Our goal is to make the coverage meet the needs of agile and smaller businesses.”

Campbell said SMEs have “never been more connected to the world,” with nearly all small businesses employing at least one cloud-based application. “This newfound level of connectivity attracts new threats and Canadian SMEs are in the eye of the storm,” Campbell said. “Very few have an IT resources, never mind a cybersecurity team, and their security measures are generally basic. As a result, hackers see them as easy prey and insurers are rightly cautious.”

Both Kundi and Campbell compare SME cyber risk with traditional property insurance. Today, it would be absurd to insure or own a house with expensive contents, but without door entry and window locks and alarm systems, Campbell said. “But we see this every day in the digital world with SMEs,” Campbell said. “What insurer wants that risk multiplied by a million cases?”