CFC on how brokers can balance the demand-side problem facing the Internet
This article was produced in partnership with CFC
Mia Wallace, from the insurance company, sat down with James Burns, CFC’s Head of Cyber Strategy, to discuss the need for more education on the implications of cyber risk.
Despite the rapid development of the electronic insurance market, it still faces the problem of the demand side, according to James Burns (pictured), head of electronic strategy at CFC. He said the relatively low level of cyber awareness among UK SMEs – which represents 99% of businesses in the UK – provides a glimpse into the cyber protection gap that exists today, and underscores the role insurers have to play in closing this gap.
“This is partly due to recent developments in the insurance market,” he said. For the past ten years, online insurance companies have been focusing on growing the market. We have spent most of our time, energy and resources marketing this product. There is a lot of training and education for brokers and insurance conferences where the focus is on selling the product. As an industry, I felt like we were on a mission to get people to see the value of this product and realize they need it, which they’re doing right.”
In 2020, Burns noted, that situation is beginning to change as the threat environment deteriorates exponentially with loss ratios going through the roof and insurers turning all their attention to correcting rates. Brokers with online customers were faced with having to explain why the price was so high while those who had not started selling the product were deterred from doing so by perceived volatility of the product line.
“This undoubtedly had an impact on awareness of the product,” he said. “The irony is that organizations need this product now more than ever and its value has been proven time and time again in the billions of dollars in losses paid by insurance companies in the past few years.
“I think we need, as an industry, to shift our focus back to helping our brokers sell this product to SMEs. There are still huge brokerage houses where less than 10% of their trading client base buys a stand-alone e-policy which is absurd given we know this is one of the biggest threats facing organizations today. So, I think there is a lot of work to be done.”
The Internet as Intangible Risks
The problem with a lot of insurance brokers, Burns said, is that until you get to the sharp end of an online claim, it’s an inherently intangible risk. Once the broker has backed the client through a cyber incident, it becomes a lot easier to contextualize the cyber insurance and what it does but up until that point, it’s hard to understand – and what you can’t understand, you can’t explain to your clients.
“It’s only intangible until something happens and then you see exactly how the attack could affect the business and how exactly the insurance policy and the incident response service work,” he said. “Obviously, not every broker will have a client who has had a cyber incident — but many do, and it’s a safe bet most will at some point soon.”
Burns’ call to action for brokers is to tell insurance providers that they stand with what they need from them in order to do what they do best – support and protect their clients. He said they should feel empowered to request case studies of claims, and to support in interpreting those examples. Taking CFC for example, he said, the provider has handled thousands of cyber claims and has a wealth of publicly available case studies for every industry sector imaginable.
“So if you’re a broker and you have a business client that fits a certain industry sector, there are real-world examples that could affect your clients in the same way they affected the subjects of our case studies,” he said. “I think brokers should look to their underwriters, who should also be happy to go over things with them and discuss common objections and why those objections might be misleading.”
Burns also stressed that pressure should not only be on brokers communicating with service providers, and called on underwriters to live up to the mark by being more proactive about disseminating relevant and timely insights to their broker partners. He said insurance companies need to make their educational assets and materials as accessible as possible, and ensure they are kept up to date.
“I think insurance companies have been a bit consumed with discussions elsewhere recently, and their eyes may have been taken off the ball with regard to the fact that we need to start growing the market organically again,” he said. “We’ve seen tremendous growth in the last couple of years, but a significant amount of that has come from higher prices and we need to make sure we increase the number of policies in the market as well.”
Electronic insurance education
It is critical for insurers to actively engage with brokers, and to take a proactive stance when it comes to educating the broader insurance market about the “enormous value” of e-insurance.
“We need to start instilling confidence that this is a stable product and that it will be available for brokers to sell for a long time to come,” he said. The “hard market” has seen tens of thousands of claims costing billions of dollars, which really shows that e-insurance works – and it almost worked from an insurer’s perspective, given some of the loss ratios encountered.
“So, it is important to note that cyber insurance is not there to replace investment in security controls, quite the contrary, it can only sustainably exist alongside them. We should not compete with security companies nor should brokers see themselves competing with them. We need to work together to make sure that customers are adequately protected.”
Burns said this broader piece of education takes some effort, but that effort is rewarded by the increased confidence that brokers have when conducting conversations about the Internet and thus educating insureds about their own cyber risk profile.
“Insurers and insurers need to support that confidence by talking about the product,” he said. “Cyberattacks are essentially a form of crime for which there is no contingency service, and so a cyber insurance policy is an contingency service. If you think of it in these simplistic terms, you realize that it is a much needed and incredibly broad product that no organization should be without. So, we need to be confident in talking to customers about this again.”
Keep up with the latest news and events
Join our mailing list, it’s free!