Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report

New Mission for Brokers: Help Protect Clients from Cyber Risk

Coalition Blog Brokers Role in Protecting Clients From CyberRisk

Brokers are now facing a new role and opportunity: helping to protect insureds from cyber risk. Thanks to the digital transformation of business — which accelerated during the pandemic — brokers’ entire client portfolios (regardless of company size) are facing cyber threats that didn’t exist just a few years ago. 

Coalition’s 2022 Cyber Claims Report found that overall claims severity rose 56% last year for small organizations with under $25M in revenue. This highlights the opportunistic and non-discriminatory nature of threat actors. 

The job of the broker has changed because business risk has changed. Organizations can be wiped out as quickly (or even faster) by cyber incidents as they can by traditional events like fire, theft, and natural disasters. 

In 2022, being an insurance broker is about being consultative — being able to help a business understand their cyber risk and how they can mitigate it. Understanding a business’ full exposure to cyber threats is now more important than ever before. This is especially true when it comes to small businesses that don’t have a full IT team to manage their own cyber risk. In such cases, the broker’s role as a risk advisor is relied upon and amplified. 

Why does cyber protection matter now more than ever?

There are many reasons why brokers have a greater need to advise and help protect their insureds from cyber risk.

  • Every business is fair game to cyber criminals. Cyber risks are no longer just relegated to one industry because of the integral role technology plays in all business functions today. However, Some of the sectors we depend on may be the most vulnerable.

    • Education. Due to the greater amount of student information, largely open-access platforms, and legacy data systems, higher education institutions saw a 30% increase in cyber attacks in July and August 2020—in comparison, other sectors saw a 6.5% average increase.

    • Healthcare. Based on the FBI’s 2021 Internet Crime Report, this sector saw the highest number of ransomware victims last year. Because of the sheer volume of private information available—from health information to billing—this is a highly lucrative sector for threat actors to target. Because the operational integrity of the data can be life-threatening, this could warrant a higher ransom demand in the eyes of cyber criminals. In lieu of backups, many healthcare organizations find themselves with no choice but to pay due to the criticality and reliance on their systems.

    • Small businesses. Because they often lack the resources for a large cybersecurity effort and supportive manpower, SMBs are prime targets. Our 2022 Claims Report found small businesses saw a 40% increase in ransomware attacks and a 54% increase in funds transfer fraud incidents.

  • Businesses have digitized their operations. Disruption always births innovation. Companies of all sizes have embraced ecommerce capabilities, accelerated their migration of data to the cloud, integrated technology into their supply chain, and expanded their customer base globally. Cyber risk has also evolved to take advantage of the strengths (and exploit the vulnerabilities) of these new technologies. Even for organizations with large risk management teams, the broker is often the first one to raise these concerns and prompt discussions on the tradeoff between efficiency with integrating technology, and security risks it poses.

  • Businesses are outsourcing more than ever. Although outsourcing can reduce costs, it also increases risks — both upstream and downstream from vendors. Many companies are outsourcing to multiple vendors, for example: IT to one vendor and distribution to another, etc. As a broker, it’s important to point out the increased risk exposure each outsourcing decision brings. Just because a company outsources its data or shares it externally, this doesn’t reduce its responsibility and obligation for protecting it.

  • Businesses adopted digital processes quickly. A McKinsey survey reported that companies adopted digital solutions 20 to 25 times faster than expected. At such speeds of adoption and transformation, emerging or untested technologies can cause ripple effects of risk. The rush to digitize operations requires businesses to consider integrating holistic protection solutions to keep up with evolving risk.

What role does cyber insurance play in reducing risk?

As a broker, it’s important to understand that general insurance has a stop-gap. General Liability policies cover bodily injury and property damage, but perhaps overlook an even bigger exposure threatening companies today — cyber risk. 

Even if the coverage businesses had before COVID included cyber, the limits and level of protection may not be sufficient in 2022. Traditional insurance protection is no longer enough. Cyber protection must be more active and holistic. 

With innovative cyber coverage solutions now available, brokers have an opportunity — and an obligation — to educate clients on the evolving risk landscape and the available protection mechanisms that go beyond traditional insurance policies. 

How can brokers use annual renewals to educate insureds? 

Since the role of the broker has changed, so has the annual renewal meeting. Business owners may not even be aware of the most recent risk trends, so they don’t know what questions to ask. This gives brokers an opportunity to turn the annual renewal meeting into a truly consultative event. This is a great time to discuss emerging risks and how they apply to the client’s business — strengthening the credibility and the relationship between the broker and the client.

Here are some ways brokers can use annual renewal meetings to discuss cyber risks:

  1. Listen and learn to understand the business’ tech exposure. Many brokers don’t feel comfortable with asking invasive technical questions. Start by listening to the client. Try to read between the lines on the way their operations or communications integrate technology. things they don’t think are technology exposures can be uncovered as gaps in their coverage.

  2. Plug the gaps. Brokers have an opportunity to expand their horizon to learn about all proactive solutions available in the market to mitigate digital exposures. Brokers with a traditional P&C focus are especially well-positioned to listen to their insureds’ current tech challenges and to uncover potential gaps in coverage. Brokers who don’t feel confident talking about cybersecurity challenges can leverage their partnerships and resources provided by their cyber insurer.

  3. Have the customer talk to the insurance company. Connecting insureds with a cyber insurer and utilizing the provider’s available resources can not only help educate the client but also enable the insurers to gain insights into specific risk exposures. To help support that conversation, Coalition’s Cyber Risk Assessment (CRA) can be a helpful tool — providing visibility into the organization’s external risks and vulnerabilities as well as guidance on how to mitigate them. The CRA can also show how the organization’s risk categories stack up against peers in the industry, validated by more than 40,000 companies contributing to Coalition’s proprietary risk models.

  4. Talk about pre-breach protective measures. When cyber risk started expanding beyond privacy and loss of laptops or physical files, more intangible exposures and the accompanying first party expenses started to threaten businesses’ operations and balance sheets. Since the cyber market has started to mature, pre-breach services are often overlooked. Coalition believes that pre-breach preparedness is as critical as an efficient response, so we provide brokers and clients with assessment tools, educational resources, and vendor partnerships that can help. Coalition even offers consultative calls with our partners and claims team, to discuss how to develop a pre-beach approach to mitigating cyber risk. Along with employee training and claims team calls, we’ve stayed consistent throughout all market conditions, not deviating from our active and holistic approach to cyber risk management.

How to better insure businesses of the future 

Traditional coverage is no longer enough for the digital economy. Brokers must now be able to provide advice and consultancy to current and prospective customers about why their cyber risk is evolving and what they can do to elevate their protection. Our 2022 Cyber Claims Report found that Coalition policyholders reported 70% fewer claims than the industry average. By acting as a trusted advisor on cyber risk — leveraging insurer partnerships and the resources available — brokers can strengthen their client relationships confidently offering better protection, beyond coverage.

Brokers interested in offering Coalition’s cyber insurance, get appointed here.