How Supply Chain Disruptions and Cyber Risks are Transforming Business Insurance in 2024 – A Conversation With Zane Goldthorp

Business Risk

In 2024, businesses face a rapidly evolving risk landscape where supply chain disruptions and cyber threats have become critical concerns. These threats, including ransomware, invoice manipulation, and dependent business interruption, are not only more prevalent but are also more costly than ever before, making Business Insurance a crucial consideration for companies to mitigate these risks.

As a commercial insurance producer, understanding these risks and knowing how to educate clients about the right cyber liability coverage is essential. This blog post explores how these threats are transforming business insurance in 2024, the gaps in current coverage, and why producers must lead with cyber in their client conversations to protect both their clients and themselves.

The Year of Supply Chain Disruption

Overview of 2024 Cyber Risks

The surge in cyber attacks related to supply chain vulnerabilities has made 2024 a critical year for businesses of all sizes. Some of the largest breaches this year, including Change Healthcare, Ascension, and CDK Global, crippled entire industries, demonstrating that even businesses that are not directly targeted by a cyber attack can still suffer significant losses due to third-party vulnerabilities.

These breaches primarily affected healthcare and automotive industries, where third-party providers are often integral to day-to-day operations. When one part of the supply chain experiences a breach or ransomware attack, the ripple effect can shut down businesses for weeks. For example, the CDK Global breach affected over 15,000 auto dealerships, forcing them to revert to outdated manual processes and costing the industry over $600 million.

Impact on Business Operations 

Supply chain disruptions like those caused by Change Healthcare not only disrupt operations but can also lead to significant financial losses for businesses that rely on third-party services to function. The recent healthcare-related cyber attacks highlighted the importance of dependent business interruption coverage, which helps businesses recover from financial losses due to a supplier’s or partner’s cyber event. Without this coverage, many businesses could face catastrophic losses that might otherwise be avoided.

The CrowdStrike incident, while not a direct breach but a botched security software update, further demonstrates the impact of these third-party disruptions. It affected millions of businesses globally, showing how even the most secure companies can face severe downtime due to third-party failures. The lesson for producers is clear: ensuring that clients are covered for supply chain disruptions is more critical than ever.

The Rise of Ransomware and Invoice Manipulation

Ransomware in 2024

Ransomware attacks have increased dramatically in recent years, with 2024 seeing a continued rise. Industries such as manufacturing, healthcare, and contractors have been particularly hard- hit by these attacks. According to recent reports, manufacturers experienced over a 1,000% increase in ransomware attacks in 2023, and this trend is continuing in 2024.

Ransomware attacks have the potential to bring an entire business to a halt. Companies without the proper cyber insurance coverage may find themselves facing millions of dollars in losses, not just from ransom payments but also from operational downtime, data recovery efforts, and damage to their reputation.

Invoice Manipulation and Social Engineering

One of the most overlooked but devastating cyber risks is invoice manipulation. This form of cybercrime involves bad actors infiltrating a company’s email systems, rerouting invoices, and siphoning off payments. One recent case involved a government contractor that lost $750,000 to invoice manipulation. The hackers had infiltrated the company’s email system and rerouted payments intended for legitimate suppliers to fraudulent accounts.

This example underscores the importance of having proper cyber insurance policies that cover social engineering and invoice manipulation. Many businesses think they are too small to be targeted, but statistics show that 70% of small businesses still do not purchase cyber insurance. Without this coverage, these businesses are highly vulnerable to financial loss.

Why Every Business Needs Cyber Insurance

Business Risk

Cyber Awareness on the Rise

With cyber awareness at an all-time high, businesses are more aware than ever of the need for cyber insurance. In the past, many companies would scoff at the idea, thinking they didn’t need such coverage. However, after seeing countless breaches and learning about their effects, most companies now understand the value of cyber insurance. 

Still, many businesses remain underinsured. While 70% of small businesses don’t have cyber insurance, even those that do often have insufficient coverage. Many companies only carry $1 million in cyber insurance, while the average claim in 2024 is estimated to be around $4 million. This massive gap leaves businesses exposed to potential financial ruin in the event of a major breach.

As a commercial insurance producer, it is critical to educate clients on why $1 million is no longer enough and guide them toward coverage that will actually protect them when the worst happens.

Small Business Vulnerabilities

Even though awareness is rising, the reality is that many businesses still do not have the right cyber insurance in place. For small businesses, the danger is especially acute, with 70% of small businesses not carrying any cyber insurance at all. Even worse, many of those who do have cyber insurance are woefully underinsured.

This is where producers can step in and lead with cyber. Every renewal is an opportunity to discuss the necessity of cyber insurance. Failing to offer adequate coverage or skipping the conversation altogether can open producers up to E&O (errors and omissions) exposure. To avoid this, it is essential to offer cyber on every renewal account and provide adequate coverage that meets the client’s specific needs.

Cyber Coverage Gaps and the Need for Adequate Limits

Understanding Coverage Gaps

Many businesses may believe they are sufficiently covered for cyber risks, but often they are not. For example, if a company only carries $1 million in cyber coverage, they are vastly underinsured. The reality is that a major cyber incident, especially one involving ransomware or a breach of customer data, can easily exceed that limit. Producers must educate clients about the importance of adequate limits, especially in industries like healthcare and manufacturing where breaches are more frequent and costly.

Many businesses also fall into the trap of relying on cyber coverage in their business owner’s policy (BOP), which often provides only minimal protection. These policies typically have low sublimits and may not cover critical exposures like dependent business interruption or system failures. Educating clients about these coverage gaps is crucial to ensuring they are adequately protected.

Using Coverage Comparison Tools

One of the most powerful tools producers can use to educate their clients is a coverage comparison tool. These tools allow producers to compare cyber insurance policies from multiple carriers side by side, highlighting differences in coverage, sublimits, and exclusions. For example, many BOPs may offer $100,000 or less in cyber coverage, whereas standalone policies from top cyber carriers provide millions in protection.

By showing clients where their current coverage falls short, producers can build trust and credibility while helping clients make more informed decisions about their insurance needs.

The Role of Risk Assessments and Cyber Insurtech Solutions

Business Risk

Risk Assessment Reports

 Risk assessments are an invaluable resource for identifying vulnerabilities in a client’s cyber defenses. Tools like those provided by At Bay and Coalition offer comprehensive reports that scan a business’s digital environment for weaknesses. These scans can identify issues such as open ports, missing security patches, or outdated software—common entry points for hackers.

Once a risk assessment is completed, producers can work with clients to address these vulnerabilities, often leading to lower premiums and better coverage. In fact, some insurers offer discounts to clients who take proactive steps to improve their security posture.

The Importance of Proactive Cyber Security

 In addition to risk assessments, many insurtech providers now offer built-in security features, such as endpoint detection and response (EDR) and multi-factor authentication (MFA). These tools help clients mitigate their risk and reduce the likelihood of a cyber incident.

For example, some insurers make EDR mandatory before binding a policy, while others offer it as a value-added service. These proactive measures not only help clients avoid costly cyber incidents but also reduce the frequency of claims, which can lead to more favorable renewal terms and lower premiums in the long run.

Leading with Cyber in Sales Conversations

Storytelling and Case Studies

One of the most effective ways to sell cyber insurance is through storytelling. Clients need to understand how real-world cyber incidents could affect their business. Using case studies, such as the invoice manipulation example mentioned earlier, can help clients visualize the potential impact of a cyber event on their operations.

For instance, discussing how a $750,000 invoice manipulation claim nearly crippled a government contractor can drive home the importance of having the right coverage. Real-world stories make the risks more tangible and help overcome objections.

Leveraging Technology for Prospecting

 Producers can further enhance their sales efforts by using coverage comparison tools and vulnerability assessments during prospecting. These tools allow producers to present concrete data about a client’s current vulnerabilities and coverage gaps, making it easier to engage clients in meaningful conversations about their insurance needs.

For example, when making marketing drops, producers can use risk assessment reports to highlight specific vulnerabilities in a client’s cyber defenses, such as open ports or outdated software. This approach not only opens the door for conversations about cyber insurance but also positions the producer as a trusted advisor who can provide real value.

Conclusion

The growing prevalence of supply chain disruptions, ransomware, and invoice manipulation in 2024 makes cyber insurance more critical than ever for businesses of all sizes. As a commercial insurance producer, it’s your responsibility to educate clients about these risks and ensure they have the right coverage in place to protect their operations and their bottom line.

By leveraging tools like coverage comparisons and risk assessments, producers can differentiate themselves in the marketplace while helping

Responses

Killing Commercial Login