A cyber insurance expert is cautioning brokers not to just measure an insurer on the cost effectiveness of their cyber coverage.
“Look at the services they provide and their incident response capabilities. Brokers and insureds should expect more from insurers. It sounds crazy to say in a hard market, but it’s true,” said Jeff Gonlin (pictured), head of underwriting and product development at Emergence Insurance.
Gonlin conducts webinars on the global cyber insurance market. He said brokers need to be mindful of the two components of cyber insurance: the indemnity that covers business interruption; and the incident response and claims service, which is about orchestrating a team of specialists to respond to any cyberattack.
“Budgets are limited, so the question is how to optimise the protection per dollar spent, especially in a hard market where premiums are only going in one direction,” he explained.
Gonlin said as trusted advisers, brokers can provide objectivity and perspective.
“Insurance might not be the answer,” he said. “Or rather, it’s part of the answer but not the only answer. Brokers need to communicate the importance of risk management, of controlling risk before trying to transfer it.”
He said Emergence’s claims statistics mirrored those in an IBM market report, with the agency’s average claim severity today more than three times what it was in 2017. The stats showed that business email compromise (BEC) is the most common cyber incident, but ransomware comes second and represents nearly one-third of all claims.
“BEC can hurt a business, but ransomware can kill it,” Gonlin said. “It’s like comparing the common cold and COVID-19.”
He said the hard market in cyber insurance has a particular character and different drivers compared to other hard markets.
One change in recent years, he said, is that cyber insurance has become a mainstream insurance product.
“It’s got to compete with other covers for a share of the insurance budget,” he noted.
COVID-19 inspired remote work and rapidly growing internet and social media use have led to cyber exposures increasing exponentially.
“Much faster than other lines and much faster than most businesses are aware,” he said. “This has obvious implications for cyber versus other premiums.”
One result, said Gonlin, is cyber extortion has become very profitable for criminals.
“We used to see $500 or $5,000 ransoms. Now, you can add a few zeros,” he explained. “This is new. So, it’s bad and getting worse, and the ‘pain’ is more widespread and acute.”
However, he said, the defences businesses can deploy against these ransomware attacks are improving.
“Sure, criminal gangs have become highly organised and their tactics, techniques and procedures are increasingly sophisticated,” he said. “But, in response, more sophisticated defences have become available. This sort of spy versus spy game is expensive and will never end.”
For small businesses, some basic ground rules can offer a robust defence.
“The basics still matter – multi-factor authentication, 3-2-1 backups, patching, tracking your IT inventory, data curation, and managing privileges,” he said. “Don’t make yourself an easy mark. Alarmed and sprinklered buildings still burn, but not at the same rate as unprotected properties.”
He said brokers can help ensure that clients are taking appropriate risk management action.
“Transparency helps,” he noted. “Complete and accurate info is essential, but that’s just a snapshot in time. Play the long game. If your client is not yet ticking all the boxes, where are they and where, realistically, should they be?”
Gonlin advised brokers to work with an insurer who is willing and able to help their clients get to where they should be. The attitude of clients is important too.
“Do they view insurance as a cost to be minimised or an asset to be optimised? It’s got a role to play, but it’s not a silver bullet. Knowing this may not change the market, but it should help keep things in perspective. If you run your business securely, like you didn’t have insurance to rely on, you’ll find that buying insurance becomes easier,” he said.
Despite the increasing cyber threat, the latest Australian Securities and Investments Commission (ASIC) cyber resilience report found that firms in the Australian market were coping reasonably well. The December report also found that the cyber resilience of many SMEs had improved.
“The COVID-19 pandemic has increased opportunities for threat actors to target remote workers and access remote infrastructure and supply chains critical to the delivery of products and services. However, the response from firms has been robust,” said ASIC commissioner Cathie Armour.