Technology is transforming the way small and medium sized organisations do business, but it’s also increasing cyber risk. Brokers are now more critical than ever in the cyber insurance market where their expertise and trusted relationships are helping SMEs to tackle cyber risk management in addition to ensuring they are choosing the right cyber cover.

Our 'Cyber Savvy Broker' series highlights forward-thinking brokers with the knowledge and skills to help their clients navigate this digital transformation.

Matthew Clark is Cyber Director at Partners&. We had a chance to chat with him about his relationship with insurance, his views on the UK market and how he helps clients navigate the cyber risk landscape. 

Tell us about yourself and your cyber insurance journey

I've been in insurance for 36 years. I started straight out of school — kind of fell into it as most people do — initially working in the aviation captive market before going into commercial and general insurance. After moving around in various roles both in the UK and abroad, I landed at an insurance company working mainly with the science and technology sectors. So from 2000 I was working with life science businesses, healthcare companies and technology clients, and that's where I started to cut my teeth on the business of cyber risk and grappling with all its flavours and colours.

The businesses I was working with were quite complex, sophisticated buyers with fairly heavy financial lines requirements, one of which was cyber, so these were really the early adopters. It started out as a liability class and then has slowly morphed into what it is today.

What is it about cyber insurance that keeps you interested?

I think it’s the fact that it's so sector and size agnostic. You know, every business of every size and industry has cyber exposure. Public sector, private sector, not for profit - to one extent or another they're all vulnerable. So it’s a ubiquitous area of risk that is poorly understood. This also means that there’s opportunity, and when Partners& was set up in 2020, cyber was one of the cornerstones, alongside general insurance and people related risks. We could see that cyber was becoming more and more important as a threat to our clients’ resilience. So it made sense to focus on it.

How much has changed in cyber in the last few years?

So of course we had the pandemic which has somewhat driven the narrative, but you combine that with the hard market cycle, which has pretty much been in lockstep with it, and you’ve got this perfect storm of a huge demand for cyber related services and insurance, but at the same time not very much appetite for new risk from insurance companies. 

Insurers are arguably not competing as much as they used to. And we did see a few insurers drop out of the cyber market or restrict their coverage quite dramatically early on.

It's been a challenging couple of years, but it’s also been useful because what we set out to do was to focus on risk management and cyber security, and we actually looked at cyber insurance last. This allowed us to create a proposition that helps clients to understand their cyber risk, what it looks like in their sector and in their own network, to understand what good cybersecurity looks like for their business, and tailor a risk management approach to them. Then, when you do come to talk to them about the insurance solutions, it makes the conversation that bit easier, and hopefully it’s helped the client to become more insurable.

What are clients' expectations of cyber insurance and what influences their decision to buy?

It starts with recognising that a lot of SMEs — and in particular the smaller businesses — aren't always aware that cyber insurance even exists to protect them, nor how a policy would work to support and protect them. So again, it's an educational piece and much of our effort goes towards working with insurers like Coalition to piece it together and explain in plain English what cyber risk is and its potential impact on their business. 

In terms of the decision to buy, for a lot of our clients in science and tech it's a contractual obligation to buy the insurance. But the reason we want people to buy it is not to comply with a contract, but because they see the sense of it and want to get on the front foot.

In my experience, many clients will only look to buy or even discuss it once they’ve seen a customer, a supplier or a competitor having a loss. Then it's the fear of becoming a victim that becomes the driver. And of course there's no getting away from the fact that the decision does tend to be around price. So there’s still a lot more to do on outreach and education in my view.

What does the insurance industry need to be better at to support SMEs?

It feels like there’s a lot of frustration about brokers not being active in the cyber space and that they could be doing more to advise their clients in this area. It's a big opportunity with the expected growth in the market. If you’re not having those conversations with your clients, somebody else will sooner or later. But lots of brokers are pretty overworked and cyber is a whole other layer of risk to become familiar with and learn to articulate to clients. So we need to teach our own people. And select the right insurance partners who are supportive and help us help our clients through training, claims information, sector case studies etc.

In the current climate, we do get some clients who want to lapse their policy. For a lot of small businesses it's very difficult with the cost of living impacting things like wage inflation and operating costs. Supplier costs go up and everything gets passed down the chain. So what we try to do is turn it on its head and explain to clients what will happen if they experience a cyber attack and don't have insurance.

The government's cyber security survey from last year said that 39% of SMEs suffered at least one attack in the last 12 months. This helps us frame the conversation so they can see why they should prioritise it. You know, there's not a 39% chance of our clients having a fire or a flood, or a litigation over giving wrong advice. But a 39% chance of a cyber attack is real.

What do customers value most in cyber insurance?

It's the breach response service which we promote as being the main reason for buying the insurance. It’s comforting to know that if you get sued or if you have a data breach that you’re going to have cover in place to pick up the unexpected costs. Clients who have been through a cyber incident value having that 'break glass in emergency' panic button.

Improve your cyber knowledge with Coalition

Cyber insurance is one of the fastest-growing insurance products and a massive opportunity for brokers to grow their book of business. Coalition's Cyber Savvy program equips you with the tools and knowledge to deepen your cyber risk expertise and advise (and protect!) your clients.

You can access more free Cyber Savvy Broker resources to continue your learning journey.