Brokers can help reduce their clients’ premiums in the cyber insurance market by helping them focus on staff training and people risk.
The latest research from Willis Towers Watson found that employee negligence or malicious acts account for 66% of cyber breaches, compared to only 18% from external threats and just 2% for cyber extortion.
Tanya Stevenson, Willis Towers Watson financial and executive risks specialist, said that with little commonality between cyber insurance policies, a focus on staff training could help clients reduce premiums.
“So much of cyber insurance, from both clients and insurers, typically focuses very much on tech risk and this can be seen just in the cyber insurance application forms. They are very heavily IT focused and often they will just touch lightly on staff training,” Stevenson told Insurance Business.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
“Whereas in our experience clients that are better able to demonstrate a robust cyber risk culture, not just focusing on the tech, will see benefits when negotiating cover.”
Stevenson noted that as cyber insurance continues to develop, those businesses that ignore staff and fail to show an all-around risk management approach to training could see higher premiums and experience more difficulty in arranging broad coverage.
For brokers, clients should be advised to start cyber risk training as early as possible, Hamish Deery, Asia-Pacific head of talent and rewards for Willis Towers Watson said.
“Those organisations that do this well would induct their employees into an environment where there is a clear focus and early experience around why cyber risk is important. Then there is understanding of how the organisation manages it, and expectations for them as individuals being part of that. These elements really set the foundation,” Deery told Insurance Business.
Deery stressed that better staff training should not be seen as a catch-all solution but it should form part of a wider risk management strategy.
Related stories:
Cost of cyber attacks on small businesses revealed
Transport industry wants more than insurance on cyber risk