Recent headline-worthy mega breaches and October’s status as Cyber Security Awareness Month have helped raise awareness about cyber security, but a layer of naïveté and denial remains about its necessity.
It’s jumped from a specialty niche to a mainstream coverage in a matter of years. And cyber liability has no signs of slowing down.
“If an agent isn’t suggesting cyber insurance to their customers, talking to them about their cyber exposures or somewhat knowledgeable about the various product offerings that exist in the market, they’re doing their customer a disservice—and ultimately themselves a disservice,” says Tim Francis, enterprise cyber leader at Travelers.
Recent headline-worthy mega breaches and October’s status as Cyber Security Awareness Month have helped raise awareness about cyber security, but independent agents and their business clients still have some catching up to do. Because cyber liability coverage is still relatively new in the marketplace, a layer of naïveté and denial remains about its necessity—and experts say that needs to change.
Small Means Susceptible
Independent insurance agencies and their small business clients have an obligation to protect collected personally identifiable data. But for many, having the infrastructure in place to deal with a breach is unlikely.
Francis explains that small companies are every bit as vulnerable as the big dogs—and perhaps even more so due to the lack of resources and staff that are necessary to protect against a breach in the first place. “Cyber events can have a significant impact on the bottom line and a significant impact on the reputation,” Francis says. “That’s as true of a small company as it is of a big company and everyone in between.”
“It’s important to have an appropriate cyber product, not just to protect financially, but also to help respond to such an event,” adds Jeff Norton, private enterprise product head at Beazley. “Mismanaging a breach can be far worse for insurers than the event itself.”
Data from New Agency Partners proves it: While 31% of all cyber attacks occur at companies with fewer than 250 employees, 60% of small businesses will shut down after an attack—a sobering statistic considering 40% of small businesses do not have a contingency plan in place.
Understanding Cyber
Whether you’re a seasoned expert or a cyber newbie, the first step for agents is to identify what exposures are present and to form a working knowledge about why exposures exist. “Whether they are a data owner, in that the consumer believes that that business has their information, or whether they’re a data processor, and they’re just processing someone’s information on behalf of someone else, each one has different exposure,” Norton explains.
Understanding common data compromise threats and staying aware of available coverage products are crucial steps for agents just warming up to the conversation about cyber. Begin by taking these basic preventative steps:
- Look at the data you take in. Ask yourself if it’s necessary and where it’s located.
- Review potential security issues that can be implemented to protect that data, such as updating company policies and procedures around cyber.
- Think about data in the context of what would happen if a breach were to occur. Develop a plan to respond in a timely, effective manner. Complete a test run.
Your agency should consider purchasing cyber coverage for E&O purposes. Reviewing proposals and understanding which coverage responds in what way is applicable to selling the coverage to their own clients.
“It’s very difficult to sell a product if you don’t buy it yourself,” says Norton, who notes that cyber liability “should be considered a core line of someone’s insurance portfolio.”
Sabrena Sally, senior vice president at Swiss Re Corporate Solutions, asks the ultimate question for independent agents who juggle multiple markets, “How does someone become a specialist when they almost have to be a generalist in everything?” Sally’s advice is to start by focusing on the resources you currently have—educating yourself about the cyber coverage available through the carriers you already work with.
The bottom line? Cyber liability coverage for your agency and your small business customers is worth it. “While for your own agency's E&O, you may buy an E&O policy that includes some cyber liability coverage, it's likely not to the extent that you would need it,” Sally says. “There’s still a need for the stand-alone policy.”
Morgan Smith is IA assistant editor.
