October 21, 2018 by Jason Contant
Small business clients gravitate to cyber insurance not for the insurance, per se, but for the accompanying services following an incident, a cyber underwriter said recently.
“If you think about it in the context of car insurance, they’re buying their cyber insurance effectively not for the car claims payment, but for the breakdown cover. They want the roadside assistance piece,” said Andy Holmes, chief underwriting officer with CFC Underwriting, in an interview last week.
“They want the tech guy on the end of the hotline, where they can say, ‘Look, my systems have been locked down, I think I’ve had a ransomware attack, what do I do next?’ They want someone who can talk them through it and potentially get their systems unlocked, get them moving again. They don’t really care about the insurance piece as much.”
Some clients buy cyber insurance for the panel and “front-of-the-line” access, said Kevvie Fowler, partner of cyber risk with Deloitte Canada. “If some major cyber threat came out, there would be a lot of stress for a lot of incident response providers coming through cyber insurers, who typically get preference just due to volume,” he said. “So, if you are one individual trying to contact a third party, you are likely going to be bottom of the heap as opposed to higher up on the chain. That’s another reason why people are trying to migrate towards cyber insurance.”
These panels are key in bringing the right expertise together to manage third party investigations that are typically more complex and require a deep relationship that most organizations do not have, even with contracts they may have with third party providers, Fowler added.
Highlighting the services offered is important enough that it is reflected in policy wordings, Holmes said. CFC does not write polices with language such as, “‘We agree to pay on behalf of,’ like a liability policy,” but rather, “‘We agree to provide the following services,’ and we list out those services,” Holmes said.
CFC writes about $150 million globally in cyber, including about $20 million in Canada. The specialty insurer does not have a physical presence in the Canadian market; it uses a network of brokers in Canada.