7 March 2019

Cyber Policyholders Need Security Data – Brokers Can Help

A recent survey of large businesses from Willis Towers Watson suggested that 85% of US employers and 72% of UK employers consider cybersecurity to be a top priority.

Few cyber insurance policyholders have a security program in place. That’s an opportunity for insurers and brokers. 

For large businesses, cyber risk is a fact of life. After the spate of privacy breaches and ransomware attacks experienced by companies with household-name brands, including the WannaCry and NotPetya attacks of 2017, cyber risk shot up to the top of lists of business risks. A recent survey of large businesses from Willis Towers Watson suggested that 85% of US employers and 72% of UK employers consider cybersecurity to be a top priority.

In general, these companies have the resources to take on the issue of cyber risk head on with well-developed IT policies and programs throughout the enterprise. But if you’re not a Fortune 500 company (or even a Fortune 1000 company) are the headline-making events of the last few years enough to coax you to take action?

Most would answer yes, with some caveats. One way to look at this is by looking at the market for cyber insurance. The steady growth not just in the enterprise segment, but also in middle and small business segments, speaks for itself. Within the SMB segment, first-time buyers of cyber insurance policies grew an average of over 30% each quarter for the year leading up to Q3 2018. That is substantial growth.

Yet awareness of the issue, and the penetration of cyber insurance, doesn’t provide a complete picture of risk, or what companies can do about it.

A recent survey from the Council of Insurance Agents and Brokers (CIAB) found that just 37% of commercial brokers’ clients have a security program in place to prevent or mitigate the effects of cyber attacks. These clients run the gamut from SMBs to the largest enterprises. The number is surprising given that this is a sample of companies that we already know have cyber insurance – so they are certainly aware of the risk, and willing to take steps to mitigate their financial exposure. Yet few have put procedures and programs in place to prevent the events they are insured for.

This points to a major opportunity for the insurance industry.

Companies of all sizes are clearly looking to insurers for help to protect against cyber risk. While the world’s biggest companies are already backing up their cyber insurance policies with standardized security procedures deployed across many thousands of employees and applications, companies in the vast middle market, including many large businesses, are not. The insurance industry serving this market can surely underwrite the risk and provide policies — but we can also help provide the knowledge companies need to help push toward safer practices and policies for cyber.

The key, as with much innovation in today’s business world, is data.

As cutting-edge cyber insurers develop new means of identifying and pricing cyber risk, the next frontier should be deploying that knowledge in ways other than simply fueling a premium and coverage decision. The opportunity is there for insurers to arm brokers with data about their clients’ vulnerabilities. In turn, brokers have the opportunity to relay that information to clients, ensuring they understand it. The challenge for everyone throughout the insurance value chain is presenting data clearly, making it actionable for the policyholders.

The CIAB survey noted that 85% of brokers have a “strategic approach to marketing and educating clients about cyber risks.” It’s time for insurers and brokers alike to take it a step further. If clients can get their hands on actionable information about cyber security — armed with knowledge of what it means, and what to do about it — it could mean fewer claims, lower premiums, and a safer web environment for everyone.

Mike Karbassi

Mike Karbassi is Vice President and Head of Cyber Underwriting at Corvus. He specializes in Network Security, Privacy Liability, Technology E&O, Media Liability, and Miscellaneous Professional Liability. Karbassi has over a decade of experience in insurance and is a graduate of the Boston University Questrom School of Business.

Gerritt Graham

Gerritt is the Chief Commercial Officer at Corvus. He has over 20 years of sales and marketing experience, primarily focused on technology and data solutions for the financial services industry.

James McElhiney

James co-founded Corvus and is the company’s Chief Technology Officer. A 30+ year technology veteran, Jaimie most recently served as CTO of Iora Health and previously co-founded Gazelle.

Mike Lloyd

Mike Lloyd is the Co-Founder and Chief Product Officer of Corvus Insurance. Previously, Mike co-founded Poncho, a personal lines agency InsurTech startup, and was a venture investor at FJ Labs. Mike has an MBA from Harvard Business School and engineering degrees from Virginia Military Institute and MIT.

Phil Edmundson

Phil is the founder and CEO of Corvus. A 30+ year insurance veteran, Phil co-founded broker William Gallagher Associates (acquired by Arthur J Gallagher in 2015) and was an active leader in both the Worldwide Broker Network and Council of Insurance Agents and Brokers. Phil is the Managing Partner of Edmus Ventures where he invests in InsurTech companies including Verifly, Wellthie, Agentero, and Cover Wallet, and serves on the board of Cover Wallet.

Play Video