Cyber insurance: The most valuable spend for any business
Many insureds don’t have a full understanding of how this coverage works or why it's become essential.
“How much is it going to cost?”
I’m willing to bet that’s one of the first questions that insurance clients ask when it comes to buying new coverage or renewing an existing policy, whether general liability, commercial property or more complex protection such as cyber insurance.
It has long been the case, but these days the cost of cyber insurance in particular has become an increasingly hot topic. In a recent poll that CFC conducted of our broker partners, cost was cited as a major obstacle when it came to discussing coverage with their clients, but this came as no great surprise. Over the last couple of years, as a result of rising ransomware costs and fears around systemic risk, the cyber insurance market has been in a corrective state as far as pricing is concerned. This was driven by a need to get the price right to match the new threat environment.
While we have seen a degree of stabilization in rates over the course of 2023, it’s all too easy for clients — especially small to midsize businesses — to look at the quote and deem it an unnecessary purchase, particularly in the current challenging trading environment in which many find themselves.
In truth, it’s likely that many of your clients don’t really have a full understanding of how cyber works or why it provides essential protection in today’s increasingly digitalized world.
But when you boil it down, cyber cover is comparable to the more traditional insurance lines that they’ve been buying for years. They understand that fire or flood could have a devastating impact on their ability to run their business. Cyber events have equally huge potential to disrupt their operations.
As cyber incidents become more frequent and costly to manage, cyber insurers are upping their game to deliver more innovative and effective policies geared not just to deal with an incident effectively, but more importantly, prevent it from happening in the first place. As a result, I’d argue that purchasing cyber insurance isn’t just great value for money; rather it’s one of the best investments any business can make.
To help you explain to your clients why this investment makes sense, here are the three things that influence the cost of good cyber cover — and which hopefully will influence their decision to buy.
No. 1: Cyber is today’s biggest exposure.
Cyber incidents have been reported as the top business risk for the fifth year running according to the ICAEW’s 2023 report1, with cybercrime also named a top cause of economic crime for most businesses2. Driven by a perfect storm of increasingly sophisticated and frequent cyber attacks, businesses today are much likely to face dealing with a cyber event than a traditional risk, like fire damage. As insurance for fire damage is seen as standard practice, shouldn’t cyber be viewed with the same lens?
Purchasing cyber insurance empowers businesses of all shapes and sizes to transfer their increasingly heavy cyber risk burden to the insurer.
No. 2: The cost of cyber incidents is huge.
It might surprise your clients to know that 72% of businesses worldwide have been impacted by ransomware in 2023 — and these aren’t just big public corporations. The majority of incidents that we’ve been involved with have impacted smaller businesses like law firms and recruitment firms, machinery manufacturers, hotels, local government, schools or hospitals. In fact, just about every industry sector you can imagine.
The one thing they have in common is that they all suffered business downtime and, without cyber protection in place, would have had to shoulder huge costs to get back up and running. So it’s vitally important to makes sure that your clients understand the extent of costs that a broad cyber insurance policy would cover:
- Loss from operational disruption;
- Remediation and recovery expenses;
- Legal fees;
- Hiring of expert teams;
- Regulatory fines;
- Reputational harm; and
- Loss of customer loyalty.
It will even cover ransom payments, if the client chooses to pay it and the cybercriminal is not on any sanctioned list.
These all add up to far more than the premium the client will ever pay for their policy.
No. 3: The promise to protect is worth every penny.
It’s possible for cybercriminals to exploit common vulnerabilities and breach a victim’s network within hours, so for the defender every minute counts. But how many small businesses have the resource on hand to take the cybercriminal on?
A good cyber insurer will fill that gap. They’ll not only have expert incident response teams on hand 24/7 to triage incidents, contain threats and get your client’s business back online quickly. More importantly, they’ll be working round the clock from the moment a policy binds to detect and alert their policyholders to specific cyber threats targeting their business. When they find a cyber security issue, they’ll notify the impacted business, offer instant response and eliminate the threat before it develops.
If a business were to engage with different third parties to take advantage of these proactive and reactive services, it would cost them tens of thousands of dollars. The good news for your clients is that they are included as part of a standalone cyber policy from insurers like us, free of charge.
With the cost of global cybercrime set to continue its upward trajectory, broad cyber insurance is just as inexpensive as it is invaluable. The best cyber insurers aren’t just there if the worst happens, they’re proactively working to get your clients ahead of cyber risk so they can operate with confidence and thrive.
If that isn’t a great investment for any business, I don’t know what is!
Michael Phillips is cyber practice leader at CFC USA. These opinions are the author’s own.
See also: