Graeme King speaks to Insurance Times about the how the complexity of cyber insurance can be a hurdle for regional brokers, and how Barbican hopes to remedy that

What still prevents cyber from becoming a must for the SME market?

Cyber threats are not always front-of-mind for most SME businesses. Issues such as employment, making a profit, facilities etc. may often take precedent.

graeme_king

Graeme King

So, many SMEs unfortunately do not realise the severity of some of the cyber risks they face and how good the available policies are at helping them to recover from a cyber-crisis when it hits.

There is also the increased cost of cyber insurance on top of the costs SMEs already face. Nobody wants to spend a penny more than they have to.

There is a real need for insurers and brokers to better educate SMEs on the real benefits of cyber insurance, as those who remain uninsured are far more vulnerable than they may realise. Whilst the policies can help prevent a breach in the first instance, their real value is in being able to respond rapidly to and recover from a breach in a highly cost-effective way.

What would you say is the main challenge with cyber policy wording and how that can be overcome?

Cyber insurance is a complex product. It covers many different aspects of cyber risk.

That complexity can be a hurdle for regional brokers to understand and articulate effectively to the end customers.

To remedy this, we look to simplify coverage, taking it right back to basics. From our own research, the bulk of SME clients just want to get up and running again following a cyber-incident; for them it is about the ability to keep trading.

So we provide them with a 24/7 hotline number at the centre of the policy to allow them to access the experts who will guide them and get them back on their feet as quickly as possible.

With such a simple product addressing their key concerns for a relatively small fee, we are able to encourage them to take their first step into cyber insurance, after which you can work on upselling the benefits of additional coverages.

What would you say are the main difficulties when the cyber liability product is put together?

The main difficulty is in understanding what the end client wants.

If you are looking at larger clients, they are already aware of cyber; it is something that they have been talking about for many years at board level and probably have in place a head of risk, head of I.T, CIO, CISO etc. They usually have international brokers helping them to understand the risk and even placing programmes. So they are comfortable with the complex coverage on offer in stand-alone cyber insurance products.

The smaller companies may feel the risk doesn’t apply to them and they may not understand the nature of the coverage or be willing to pay for all that cover. The challenge is to understand the SME client’s budget and to tailor an offering appropriate for that price.

cyber panel morning 1

King (middle left) recently appeared as a panellist at the Cyber Insight event with (l-r) reporter Scott McGee (chair), partner at JLT Specialty, Claire Davey and Insurance Times data insights editor, Matt Scott

Although UK markets can put together an offering that makes sense with targeted and focused wording and sustainable pricing, competition in international markets has recently seen a continuous expansion of cover by adding in so many additional little extras. If this continues unabated, in time the net effect will be death by a thousand paper cuts.

What would you say is the role of the industry in educating clients about the cyber threat?

It is definitely their role; they are the ones taking the risk so they have an interest in educating clients.

For regional brokers, if their clients aren’t buying cyber already, the small extra commission they could earn may not be enough to justify the time and resource required to educate existing and potential clients.

In many ways, it is a catch-22. The brokers are perhaps not learning more about cyber as it may get in the way of their current revenue-generating activities.

It is our job to try to change this. I suspect that there will be some leading brokers out there who are more forward-thinking in the retail market, who will drive this forward for their own clients. Once they start doing that and their clients start to benefit, other retail brokers will see the benefits and follow that lead.

How do see the future of cyber insurance in the next five to ten years?

I think in five-to-ten years you will see an interesting shift in the role of the insurer. This will be in the form of insurers actively helping clients with cyber risk mitigation before a breach happens.

I believe we will see more and more cyber insurers offering highly valuable, truly effective cyber risk mitigation tools for free to the insured as a thank you for taking the policy.

There is a significant benefit to everyone for doing this because the insureds will get smarter at protecting themselves and responding to cyber incidents, which will make any subsequent breaches less costly and time-consuming, and will lower the ultimate cost to the insurers.

If you look at the insurance market today, it is all about dealing with the problem after it happens, making sure that everyone is financially compensated and fully up and running in the shortest possible time-frame.

There is a huge number of people who need this insurance and the threat of a potential cyber tsunami is increasing. More emphasis is needed in pre-breach cyber risk mitigation services to minimise the impact on all of us if it strikes.