FIVE TIPS FOR SELLING CYBER
Stop getting “no’s” and start writing more cyber
Most agents are aware that all commercial clients should have a cyber liability policy. The risk is there. But, after all the work you do to quote and propose cyber liability insurance that you know the company needs, many CEOs and risk managers still do not want it. What can you do to convince them? Here are a few tips and tricks to help you go from pitching to writing more cyber insurance.
Know the risk. No longer is there an industry or class of business that is immune to the risks of cyber liability. When an insured comes back with the common objection, “I just don’t need this,” it is up to you to show that they do, and that begins by understanding the company’s business processes. If a company takes credit cards, that’s a potential cyber liability. For those that do not, do they rely on payroll services, store any client data (even on paper but especially on laptops, mobile phones or tablets), use any third-party technology they do not own but rely on to function, or have automated processes (like manufacturing, transportation, and industrial companies)? If they say “yes” to any of these common business scenarios, these are risk profiles that must be covered by a good cyber liability policy.
Know a few key statistics to illustrate the need for cyber.
- Roughly 50% of cyber breaches happen to large companies, which leaves the other 50% to small and medium-sized businesses (SMBs). Regardless of size, every company needs cyber insurance for many of the reasons listed above.
- Globally, one in four companies will suffer a cyber breach incident in 2018. Those are significantly higher odds than what businesses traditionally cover in a business-owners policy (BOP).
- Per record, the average cost to notify and monitor customers or employees ranges from $200-$400 (usually estimated around $225), depending on the data exposed. In 2017, the average data breach size was over 20,000 records. Know how many customers the insured has and do the math. Depending on the insured, an average cyber breach could be a business-closing event.
- Case in point, 60% of SMBs hit with a data breach go out of business within six months.
- The average global cost of a data breach in 2017 (including any reporting, lawsuits, notifications, and the business interruption cost of downtime) was $3,620,000 according to IBM and the Ponemon Institute. Can your clients weather a storm that large?
Know the difference between the cyber liability coverage offered in a package or BOP policy and a stand-alone cyber liability policy. A common pushback from insureds is that the company has some form of breach notification expense coverage included in a package or BOP policy, and they believe that is adequate. It will probably even be named “Cyber Liability” on the dec page. But read carefully. As we now know, with a cost of $225 per record, a $25,000 or even a $100,000 sub-limit can be eroded in as few as 100 customer or employee records. Make sure the policy covers lawsuits, regulatory expenses, business interruption for cyber breach incidents, the costs to pay ransomware or extortion threats, data forensics and repairs, and PR expenses, as these can be major cost drivers for cyber liability claims and can easily be left off the “add-ons” of other policies.
Know what your insureds should be worried about and help them feel more secure. Especially with confusing, ever-changing topics like cyber liability, your clients are relying on you to be the trusted advisor they need. Host a seminar to teach an insured’s employees about strong password protections and two-factor authentication. Do a lunch-and-learn on why no employee should ever open attachments from unknown sources. Create handouts and other materials to help employers teach and empower their workforces to prevent data breaches by not clicking Facebook ads at work and always double-checking invoices from third-party vendors for fraud. If you can situate yourself as a knowledgeable partner in the overall risk management strategy for cyber liability, the insured will be more likely to understand how to round out the risk with a strong cyber liability policy.
Know what kind of expertise comes with a cyber policy. One of the most overlooked and under-rated aspects of purchasing a cyber liability policy is the access to resources it grants an insured if an issue arises. Nearly every policy now comes with some sort of free legal advice hotline for immediate responses in case of a suspected breach. These policies usually have a panel of service providers ready at a moment’s notice to step in and prevent a small incident from turning into a catastrophe. Breach response planning, forensics experts, and even early warning detection systems are now becoming more readily available as part of the cyber liability offering (often for no additional cost). Ask your insured if they are capable of handing the fallout of a breach. Who would they call? How long would it take them to restore backups, have resources brought in to fix complex systems or pay ransoms or extortions in bitcoin? The peace of mind afforded to someone who has a cyber liability policy includes knowing that those resources are ready and waiting to help with just one phone call.
Company owners are becoming more aware of the need to add this protection to their overall risk management strategy.
As a bonus: Use free Web services to bolster your argument. You would never go into a sales pitch without knowing the overall risk profile of the potential insured’s industry, and cyber is no different. Google it. Find articles about similar companies that have had breaches in the past. Look to trade associations and industry blogs for specific industry risks. Use the “Data Breaches” tab at www.privacyrights.org to get real-world claims examples broken down by industry segment, year, and even type. Companies do not tend to openly broadcast being the victim of a cybercrime, but the data is out there in the news and numerous studies.
Company owners are becoming more aware of the need to add this protection to their overall risk management strategy. Take your customers to the finish line and be sure they are protected.
The author
Ellie Feldman is managing director of Wingman Insurance, a software and insurance entity that provides a platform designed to let agents across the company quote cyber and tech risks in under 60 seconds. This is the third in Ellie’s short series of articles on cyber-related issues.