In cyber insurance, trust is becoming a baseline expectation, not a bonus. As the market grows more complex, some MGAs are shifting focus from product alone to how they engage with brokers.
As ransomware, social engineering, and AI-driven deception reshape the threat landscape, brokers are under pressure to deliver more than just policies - they need partners who can respond in real time and keep pace with emerging risks. Global cybercrime costs hit $8 trillion in 2023 and are projected to grow to $10.5 trillion by 2025, according to Cybersecurity Ventures.
Yet many traditional carriers still lag, offering outdated coverage and little clarity on emerging threats. But many traditional carriers still struggle to offer clarity around coverage, let alone education that resonates with brokers or their clients.
That’s where Patrick Costello (pictured) comes in. As co-founder of Evolve MGA, he’s built one of the fastest-growing cyber-focused MGAs in the US by prioritizing what he calls the “human element” in underwriting. His approach - rooted in responsiveness, adaptability, transparency, and yes, friendship - has helped position Evolve as a standout in a crowded market.
“I think there are four major elements that come to mind immediately: responsiveness, adaptability, transparency, and the last point, which I actually think is the most important, is friendship,” Costello said.
Responsiveness means being able to turn around a quote minutes before a broker walks into a meeting. In a line like cyber, where premiums are often low and urgency is high, that speed becomes a differentiator. Adaptability follows closely behind.
“Is your product competitive in regard to coverage and rates? If not, it’s very difficult to transact, and if you can't transact, there's no basis for a relationship,” he said.
Staying relevant means continuously adapting because in cyber, a static product is a dead one. Transparency is just as vital. Costello cautioned against carriers who overpromise and underdeliver, creating appetite guides that suggest they can write everything.
“We can't underwrite effectively if we don't know what we’re truly underwriting at the end of the day,” he said.
Honest communication between underwriter and broker builds the trust that keeps the pipeline open.
The ultimate differentiator is the human element.
“We are in the relationship business,” Costello said. “It’s always more fun to do business with people that you can work with, people that you’re friends with.”
That philosophy underpins Evolve’s broker network, which spans from national players to Main Street agencies.
“Our appetite is so broad, it allows us to work with lots and lots of different brokers,” he said.
And with that reach, they can prioritize long-term partnerships over one-off transactions.
“We’ve dealt with this issue from three major angles: entertaining and memorable marketing videos, cyber sales academies, and in-person or over-the-phone training,” Costello said.
Their videos break down cyber coverage and common claims in simple terms that brokers can forward to clients. One favorite: a primer on wire transfer fraud, cheekily branded as “WTF.”
“That’s very memorable, I think, for a lot of clients to hear,” Costello said.
Their cyber sales academies go deeper, offering live sessions with cybersecurity experts, including hackers and social engineers.
“It seems to sink in a bit more when you’re in person, especially when you have people like Sammy Kamkar, who comes in and talks about how he took down MySpace with the fastest spreading virus of all time,” he said.
Beyond the classroom, their team is on call for brokers needing a crash course in cyber coverage or common threats.
“We’ll jump on a call at any time to simply break down cyber coverage, common claims and why every business needs a cyber policy,” Costello said.
“Those are pretty industry agnostic,” he said, noting that small businesses in particular are underreported victims. “Those businesses don’t want those hacking attacks publicized.”
The future, however, could get more complicated. Deepfake technology is an emerging threat that has yet to be properly quantified.
“There isn’t a ton of actuarial data that exists around deep fake incidents,” Costello said, citing a Deloitte prediction that AI-enabled fraud could double by 2027 to hit $40 billion.
That reality demands sharper underwriting. Current policy language around social engineering, he argued, is often too vague to address AI-driven deception.
“Markets will have to get a lot clearer about what they’re picking up, what they’re not, and policy wordings will have to get more specific.”
Risk mitigation, too, is changing. Training and multi-factor authentication are no longer just best practices, they’re pricing factors.
“Pricing will depend on how well staff is trained on these threats, if they’re using multi-factor authentication, and if they have implemented voice and video authentication technology,” he said.
