Although demand for cyber insurance has sky-rocketed in recent years, cyber policy buyer objections remain a significant hurdle for cyber brokers. Rumors and myths perpetuate around specialty coverages such as cyber, making it harder to turn a quote for coverage into a signed policy. Here are five myths that I’ve routinely faced and how I handle them.
Mercy Komar is a Commercial Lines Manager and Risk Consultant at L Calvin Jones & Co and a CCIS graduate.
Objection 1: Only Large Companies Need Cyber Coverage
The reality is that SMBs are being more frequently targeted because of their less robust security. It is estimated that 42% of all small businesses have been the victim of a cyberattack. Yes, many of them were minor phishing attacks but they cost the average small business between $25,000 and $50,000. I have seen a $141,000 funds transfer fraud attack on a small machine shop end its business altogether. With the uptick in BEC incidents in mind, ask your SME-clients whether their business can suffer this kind of loss.
Objection 2: Cyber Coverage Is Unnecessary With Good IT Security
Even with the best security, in today’s evolving threat landscape, the likelihood of a threat actor by-passing security controls and executing a successful attack, causing an outage or a data breach remains high. In fact, it is often either untrained or disgruntled employees that permit the threat actor into the system. A cyber policy provides a way to transfer this kind of risk to a third party.
You can put it to your client this way: even if you’ve invested in fire-safety measures and added locks to your doors and windows, you’ll still purchase a property policy – just in case. Why wouldn’t you do the same to protect against the number one top business risk of 2023?
Objection 3: Cyber Coverage Is Too Expensive
By most company standards, cyber coverage is not considered cheap. It is based on the size and type of your client’s business, how many employees there are, the data being protected and the level of coverage they need. But the cost of a single attack will likely be much higher than an annual premium. Premiums have been increasing annually at a rate of 28% over the last two years but are expected to level out for most companies as the insurance industry is beginning to get better actuarial numbers to predict losses and their size. Your ability as a professional to obtain competitive quotes and proper coverage will ease their mind.
Objection 4: Cyber Coverage Is Only For Data Breaches
There are many types of coverages available under a good stand-alone cyber policy. Coverage is normally provided for ransoms or extortion and business interruption (if your client must shut their system down) – these do not involve data breaches but still lead to severe financial losses which can be insured against under a cyber policy. Many of today’s common claims involve business e-mail compromise, which can lead to theft of money via social engineering fraud. By some accounts, business email fraud in one year alone was $2.4 billion dollars.
Objection 5: Insurance Companies Don’t Pay
Many disgruntled insurance clients over the years have repeated this myth. When it comes to cyber insurance, insurance companies have paid handsomely. With the average ransom of $258,000 comes the cost of forensic analysis, data restoration, business interruption, breach coaches to negotiate the loss and more. Often, the loss exceeds the common $1,000,000 limit most clients carry, which is why I normally begin my quotes at $2,000,000.
Buyer Beware
But where you can see a denial of coverage is when there has been a breach of the warranty on the policy application. There are specific questions that are being attested to as the absolute truth on which the premium is based. Mis-state or lie about those answers and coverage will be denied. As an agent, your knowledge of these questions and why we ask them is critical.
There are many more misconceptions about cyber coverage and insurance coverages in general. For insureds, working with a qualified cyber agent such as one with the Certified Cyber Insurance Specialist (CCIS) designation, will provide peace of mind. And it will be beneficial for you, as the agent, when working with their security specialist or IT staff to help determine the appropriate coverage and minimize their insurance costs.
Want to read more about our CII-accredited Certified Cyber Insurance Specialist (CCIS) Course? Click here.