- Rosanna Hayes
A Brokers’ Role in Cyber Risk Management
UK insurance brokers increasingly face a more complicated role in the assessing of business cyber risk and the implementation of appropriate policies.
As indicated in the 2020 VMware Carbon Black Global Threat Report Series, almost every UK Business (99%) surveyed, suffered at least one security breach in the last 12 months and confirmed that attack volumes have also increased in the same period.
Moreover, cyber losses have risen nearly six-fold worldwide during 2020, according to Hiscox Cyber Readiness Report 2020. And with the frequency and severity of business cyber-attacks on the rise, the insurance market continues to harden, forcing insurers to be more calculated in their risk selection and pricing.
The previously favoured broad-brush cyber exclusion approach has now given way to a more detailed look at cyber risk, clearly exposing grey areas of coverage. And as insurers and businesses prepare for their 2021 renewals, they will need to ready themselves for higher pricing, more aggressive risk management measures and the earlier implementation of the renewals process. Clients and brokers will both benefit from the clarity this brings, ensuring a simpler and clearer solution for both parties, in view of more cyber coverage and an increase in business cyber insurance uptake.
Davis Kessler, the head of cyber at Travelers Europe explains - the role of increasing cyber uptake for businesses comes down to a joint partnership between insurers and brokers. From speaking with brokers first-hand, Kessler has seen that what they need most from the insurers is assistance in proving where a cyber policy can be beneficial to the insured. Anything that can help brokers explain to their clients what is covered in the policy and to prove the policies worth would be beneficial. (Source)
However, the responsibility also lies with the inured who need to demonstrate that they are managing their cyber risks effectively. Yet many do not know how to do this, particularly with the increased cyber risk caused by the shift to remote working, COVID-19 has forced upon us - this is where a professional insurance broker can help.
By using assessment services such as CYBER3, brokers can assist the insureds in evaluating their current cyber risk and in understanding where they can make practical improvements.
It also aids brokers in addressing the benefits and worth of their cyber policies, allowing them to demonstrate what is covered, and how they solve their client’s particular needs.
When choosing an effective assessment service, there are a few key indicators to look for:
It includes questions commonly asked by cyber underwriters
It is low in cost and does not cause client friction
It includes client interaction and remote profiling of insureds online presence
It features high-quality reporting with an easy-to-track roadmap to improvement
However, the importance of preparing a client and assisting them in the appropriate planning and effective management of cyber incidents, also cannot be denied. The broker plays a vital role in aiding their customer through the cyber risk journey, helping them to explore vulnerabilities from an attackers’-eye-view, and providing a perspective that equips the insured with the knowledge to prepare and protect, rather than to simply react.
An Insurance Business article explores the importance of moving forward and offering more than just an insurance product. “The pre-breach and post-breach services that we provide, both in house and through external partners, are very much part of the future state of the cyber insurance market, and are key to the retention and stickiness in our relationship with our brokers and their clients.” James Creasy, Head of Cyber & Technology, London, at AXIS.
Having the right incident planning service in place will facilitate the insured in their understanding of how their network is vulnerable, how they are targeted and where an attacker might find a gap in their environment. They can then work towards strengthening their security and putting the appropriate cyber policies in place, given the measures they have now established. By implementing cyber incident planning services, the client assures the insurer that they are ‘on the journey’ to achieving optimal management of cyber risk.
Working with brokers and their clients, STORM Consulting provides a professional and extensive cyber incident planning service, assisting in the building, training and exercising of effective response plans. STORM develops procedures that enable businesses to handle cyber breaches with confidence and provides clear and simple to execute process documents, scaled across the whole organisation. STORM planning covers:
Alignment to best practice including NIST
Integration with existing procedures with minimal modification
Clear, unambiguous wording and terms
Simple to execute
Playbook style checklists
Senior Management and Operational team plans
When risk management is performed effectively and expertise developed, it can build and cultivate long-term, strategic relationships with both insurance brokers and end-clients. And as we continue into a deeper state of digitalisation, the broker’s role in educating and advising businesses will only become more crucial. The increased threat brought on by COVID-19 and remote working - together with the ever-evolving threat landscape, means companies that previously may not have considered cyber insurance as a must-buy, are now requiring the help of brokers to assist them in their management of cyber risk.