Cyber risk is a peril that permeates all lines of commercial property and casualty insurance. Given the economy’s increasing reliance on the internet, it’s a peril that will continue to grow and evolve at a rapid pace, and the insurance industry needs to keep up.
So far, the signs are good. Cyber insurance is one of the fastest-growing markets in the insurance industry – but the market is still young. A lot of work needs to be done on the education front. This applies not only to insureds who have to acknowledge the existence of cyber risk, its potential severity and the necessity of preventative action, but also to insurance brokers and agents, who need to learn how to effectively communicate cyber risks and how to use data and analytics tools for benchmarking and to quantify financial exposure.
There’s still quite a lot of friction and complexity in the cyber insurance sales cycle. To shed some light on this and provide more insight into the value of cyber insurance, CyberCube is offering a free webinar via Insurance Business America on Thursday, May 19, at 12pm Eastern Time. The webinar, entitled ‘Reducing Friction and Shortening the Cyber Insurance Sales Cycle‘ will feature an expert panel, including: Oren Schetrit, CyberCube Product Manager; John Anderson, CyberCube client services manager; Dan Burke, Woodruff Sawyer partner and SVP; and Matt Prevost, Chubb North America SVP and cyber product line manager.
“Cyber risk is embedded everywhere within modern organizations as more and more aspects of business are inter-connected via the internet,” said John Anderson, client services manager at CyberCube, and presenter of the upcoming cyber insurance webinar. “The risks associated with internet-connected technology are always growing and evolving, and can appear impossible to fully understand and mitigate. This is true for companies themselves, as well as for brokers.
“By adopting tools and strategies that arm them with the right information, brokers can add real value to their clients as partners in cyber risk management at a critical early stage in the insurance buying process. Supporting the adage of ‘when and not if a cyberattack happens’, tangible and tailored analytics and loss estimates will strengthen a company’s position in the event of an attack.”
Cyber insurance is typically purchased as part of a larger comprehensive package, explained Anderson. As such, cyber risk is often given limited time or attention as part of the carrier’s overall risk assessment, especially when it comes to small and medium-sized enterprises for whom carriers often struggle to get the information they need to underwrite a cyber risk.
“Recognizing this, many carriers are turning to cyber risk analytics tools to equip them with the right underwriting signals to assess the cyber exposures and risk posture of a potential insured,” Anderson told Insurance Business. “By understanding what data the insurers may be using in individual risk assessment, brokers can position their clients’ risk management and cyber security in the right frame for underwriters.
“Taking a similar view and approach to a client’s cyber risk and resulting financial exposure allows cooperation among multiple lines of business to understand creep coverage. Brokers can therefore build a comprehensive insurance program for their clients, across multiple lines, which best suits the client’s risk appetite and budget.”
Insurance brokers face a tough task when assisting clients in cyber risk management. Some of the cyber risk analytics tools available to them are either too complex and detailed (requiring technical expertise in software patching or network vulnerabilities) or they’re too simplistic (only offering cost per record for data breaches). Brokers have to utilize the available tools to the best of their ability to find a balance between understanding and explaining technical risk signals, while fitting those signals into an insurance context.
That balancing act is especially important for small and medium-sized enterprises that may not have designated information security (InfoSec) officers or enough risk management budget dedicated to cyber risk. Oftentimes, smaller firms will task their chief financial officer or operations manager with the risk management and insurance purchase. In managing corporate wide exposure, they sometimes fail to miss the potential severity of cyber risk.
Anderson explained: “In larger companies that do have separate infosec and risk management departments, there may not be full alignment on the need for - and budget available for - insurance purchase. The chief information security officer (CISO) is concerned with managing the overall security posture of the firm, whereas the risk manager is concerned with managing corporate wide risk, and the resulting capital on a balance sheet. The CISO and risk manager, therefore, may not always see eye-to-eye.
“Understanding these limitations and using analytics that translate information security and technology security to financial risk, allows brokers to act as a true risk partner across their client organizations. A more detailed financial loss resource will allow them to more adequately communicate the risk to their clients and more confidently assign a dollar value to that risk and to specific perils. Being able to break the loss down into concentrated categories will allow the broker to focus the discussion around the losses that matter most.”
To learn more about how to reduce friction and shorten the cyber insurance sales cycle, join this free webinar on Thursday, May 19 at 12pm Eastern Time.