We're struggling to see a future we can't comprehend — yet. That's why almost every movie and conversation about technology goes one of two ways: Technology is either the hero, or the villain. It's either going to save us, or destroy us. But technology is not the problem. The real villains are those who would avoid taking steps to make the world a safe enough place to take a risk. There needs to be a balance between the "risks and rewards of new technologies," according to a recent World Economic Forum report titled "Mitigating Risks in the Innovation Economy: How Emerging Technologies Are Changing the Risk Landscape." Changing this storyline won't be easy, but the World Economic Forum report outlined the following four recommendations for insurers: |

No. 1: Insurers need to play a larger role in risk education.

Sooner or later, every company falls victim to a data breach. Despite the constant threat of a cyber incident, only 4 in 10 small- to medium-sized enterprises (SMEs) actually believe they are a potential cyber target, according to Argo Group's 2017 Insurance Survey, "Under Attack and Unprepared." Brokers need to prepare education for SMEs that speaks directly to their biggest challenges and most prevalent cybersecurity issues. Based on the Argo Group survey, SMEs are most concerned about breaches of customer data or personal/financial information due to spear phishing; software or data being damaged, erased or stolen; and business interruption. SMEs reported that their most prevalent forms of attack are virus, spyware, malware or other malicious code, followed by vulnerability of cloud data and lost or stolen laptops. |

No. 2: Embrace alternative sources of information.

Most companies rely on the security systems they've been using for years. Specifically, the Argo study found that 42% of SMEs score themselves an 8 or higher on a scale of 10 regarding their capacity to deal with cybersecurity incidents. This is likely why 57% don't have a cyber insurance policy. Meanwhile, 63% have experienced a cyber incident, and about three-quarters of companies with revenues $25 million and above report at least one cybersecurity incident a year. Brokers should encourage companies to do three things: |

1. Improve existing network security infrastructure and protocols;
2. Conduct more regular audits; and
3. Prioritize ongoing risk assessment and management.

No. 3: Uncover and ultimately address protection gaps.

While data breaches are an enormous expense, nearly 35% of those surveyed by Argo Group cited cost as a barrier to insurance. This, despite the fact that nearly nine of 10 policyholders said their insurance performed as expected, and 86% said insurance covered the costs of the cybersecurity breaches they suffered. How much does a cyber breach cost? According to IBM, on average, companies paid $4 million in 2016 for a data breach. Few companies have that amount readily available to handle a cyber incident that could happen at any minute. Since 63% of companies reported experience with a breach and the average cost is $4 million, brokers can build an ROI model with the likelihood of paying for a breach versus paying for cyber coverage to bolster your case for why the latter beats the former. |

No. 4: Play it safe.

The World Economic Forum says the goal of insurance is to "enhance the resilience of society and the economy." That means it's up to agents and brokers to help create a safe world where people and companies can take risks. Simon White is senior vice president and head of the Cyber at Argo Group. He can be reached at [email protected]. The opinions expressed here are the author's own. See also: The 12 cybersecurity laws insurance agents need to know Cybersecurity threats in the insurance industry