5 Ways the Market Is Trying to Demystify Cyber Insurance for SMBs

Small- and medium-size businesses have a tendency to think hackers don't find them appealing. The industry is debunking that notion and getting them affordably covered.
By: | July 23, 2019

As the cyber insurance market matures, carriers are increasingly looking to small and mid-sized businesses to achieve growth in the segment.

To achieve that goal, insurers and brokers are adapting their strategies to target this market. Here are five examples:

1) Packaged policies

According to AM Best, many insurers have upped their efforts to add cyber coverage to their CPP and BOP products. The coverage is now also commonly bundled with E&O policies, and the standardization of cyber forms have enabled a growing number of small insurers to get into the market, whilst reinsuring 100% of the risk.

Market sources say that SMB-focused brokers have also become more amenable to this kind of deal. For a long time, the prevailing attitude was that premiums were too low and commissions attached to cyber supplements were not worth the hassle of trying to convince clients to purchase a complicated product.

But this is changing.

“The global impact of GDPR, coupled with contractual demands from institutions and trading partners, has driven SMBs to demand more from their brokers regarding cyber policies,” said David Price, the director of specialty at Lloyd’s broker SSL Endeavour.

2) Adequate coverage

The cyber market took off at the corporate level, and for a long time, coverages were not well-suited to the needs of SMBs.

The gap in the market was spotted by new and traditional players, which have designed simpler policies that are easier for business owners without an IT background to understand. Some are very basic, covering first party damages and little else, while others include PR services, crisis management and additional services.

Some policies also help SMBs to perform tasks like paying ransomware with bitcoins; the kind of thing that tends to befuddle many a small business owners.

Coalition, a San Francisco-based MGA that uses capacity from Swiss Re CS and Argo, provides services like cyber security assessments and the monitoring of crooks who build fake websites to perform frauds against SMBs.

3) Affordable rates

Anita Sathe, chief strategy officer, CyberPolicy

Not long ago, cyber policies were notorious for how expensive they were.

Prices have gradually shrunk, however, and some markets have been able to bring rates down to an extent that coverage can be attractive even for the smallest companies.

Coalition, for example, has starter-level policies that cost as little as $25 a year.

But pricing varies according to the business.

Anita Sathe, the chief strategy officer at CyberPolicy, noted that a bakery that does not need to save third-party data can obtain a $1 million limit for around $30 a month. But a doctors’ office that stores data from many patients may have to fork out $200 to $300 a month for the same limit.

4) Lower limits

While large corporations may look for capacities in the market that reach hundreds of millions of dollars, SMBs obviously require much more modest values.

Sources say that some big companies are demanding cyber policies with limits of at least $1 million from vendors. But for many companies, needs are not even that high.

Travelers, which is very active in the SMB market, offers coverages with limits as low as $25,000 to $50,000.

The expectation is that they will convince clients to make first purchases and gradually appreciate the value of cyber insurance. Tim Francis, the enterprise cyber lead at Travelers, sees a trend for customers to later extend their limits to up to $1 million.

“Especially when it comes to ransomware events, it is not uncommon for claims to exceed six figures, not only due to the payment of the ransom, but also to the critical part of the cyber claims experience,” he said.

5) Online underwriting

Buying a cyber policy can be a time intensive exercise. Risk managers are often asked to answer long questionnaires that demand extensive input from their IT and cyber security colleagues.

Shawn Ram, insurance lead, Coalition

The market has realized that the same kind of approach would not cut with SMBs.

The answer, in the view of many players, is to make the process much easier by selling policies online. At brokers CyberPolicy and CoverWallet, clients can buy their policies fully online.

SSL Endeavour, for its part, has created a system where brokers can do the whole underwriting process and access Lloyd’s cyber capacity through a web portal.

Shawn Ram, the insurance lead at Coalition, pointed out that the company has streamlined the whole process by using data analytics, ultimately reducing questionnaires from 20 pages to 4 or 5 basic questions.

“We took an underwriting process that can take 10 to 15 days and, through the broker community, we have enabled that process to take less than 3 minutes,” he said.

The Task Ahead: Education

The demand for cyber insurance from SMBs is growing faster than the demand from larger corporations, according to a recent report by Aon. But it still amounts to a reduced share of the market. To make real inroads in this universe, the industry must invest in the education of business owners.

Many are still unconvinced that their modest businesses can be targeted by hackers the same way that big corporations are.

Stephanie Reilly, the cyber expert at California-based broker Relation Insurance Services, notes that a couple of her clients have recently suffered cyber attacks, but still refused to look at insurance protection against new events thereafter.

Reilly said, “Even though we have been telling our clients, which are predominantly SMEs, that they really do need to consider cyber liability, a lot of buyers are still reluctant to purchase insurance.” &

Rodrigo Amaral is a freelance writer specializing in Latin American and European risk management and insurance markets. He can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance