How Supply Chain Disruptions and Cyber Risks are Transforming Business Insurance in 2024 – A Conversation With Zane Goldthorp

Business Risk

In 2024, businesses face a rapidly evolving risk landscape where supply chain disruptions and cyber threats have become critical concerns. These threats, including ransomware, invoice manipulation, and dependent business interruption, are not only more prevalent but are also more costly than ever before, making Business Insurance a crucial consideration for companies to mitigate these risks.

As a commercial insurance producer, understanding these risks and knowing how to educate clients about the right cyber liability coverage is essential. This blog post explores how these threats are transforming business insurance in 2024, the gaps in current coverage, and why producers must lead with cyber in their client conversations to protect both their clients and themselves.

The Year of Supply Chain Disruption

Overview of 2024 Cyber Risks

The surge in cyber attacks related to supply chain vulnerabilities has made 2024 a critical year for businesses of all sizes. Some of the largest breaches this year, including Change Healthcare, Ascension, and CDK Global, crippled entire industries, demonstrating that even businesses that are not directly targeted by a cyber attack can still suffer significant losses due to third-party vulnerabilities.

These breaches primarily affected healthcare and automotive industries, where third-party providers are often integral to day-to-day operations. When one part of the supply chain experiences a breach or ransomware attack, the ripple effect can shut down businesses for weeks. For example, the CDK Global breach affected over 15,000 auto dealerships, forcing them to revert to outdated manual processes and costing the industry over $600 million.

Impact on Business Operations 

Supply chain disruptions like those caused by Change Healthcare not only disrupt operations but can also lead to significant financial losses for businesses that rely on third-party services to function. The recent healthcare-related cyber attacks highlighted the importance of dependent business interruption coverage, which helps businesses recover from financial losses due to a supplier’s or partner’s cyber event. Without this coverage, many businesses could face catastrophic losses that might otherwise be avoided.

The CrowdStrike incident, while not a direct breach but a botched security software update, further demonstrates the impact of these third-party disruptions. It affected millions of businesses globally, showing how even the most secure companies can face severe downtime due to third-party failures. The lesson for producers is clear: ensuring that clients are covered for supply chain disruptions is more critical than ever.

The Rise of Ransomware and Invoice Manipulation

Ransomware in 2024

Ransomware attacks have increased dramatically in recent years, with 2024 seeing a continued rise. Industries such as manufacturing, healthcare, and contractors have been particularly hard- hit by these attacks. According to recent reports, manufacturers experienced over a 1,000% increase in ransomware attacks in 2023, and this trend is continuing in 2024.

Ransomware attacks have the potential to bring an entire business to a halt. Companies without the proper cyber insurance coverage may find themselves facing millions of dollars in losses, not just from ransom payments but also from operational downtime, data recovery efforts, and damage to their reputation.

Invoice Manipulation and Social Engineering

One of the most overlooked but devastating cyber risks is invoice manipulation. This form of cybercrime involves bad actors infiltrating a company’s email systems, rerouting invoices, and siphoning off payments. One recent case involved a government contractor that lost $750,000 to invoice manipulation. The hackers had infiltrated the company’s email system and rerouted payments intended for legitimate suppliers to fraudulent accounts.

This example underscores the importance of having proper cyber insurance policies that cover social engineering and invoice manipulation. Many businesses think they are too small to be targeted, but statistics show that 70% of small businesses still do not purchase cyber insurance. Without this coverage, these businesses are highly vulnerable to financial loss.

Why Every Business Needs Cyber Insurance

Business Risk

Cyber Awareness on the Rise

With cyber awareness at an all-time high, businesses are more aware than ever of the need for cyber insurance. In the past, many companies would scoff at the idea, thinking they didn’t need such coverage. However, after seeing countless breaches and learning about their effects, most companies now understand the value of cyber insurance. 

Still, many businesses remain underinsured. While 70% of small businesses don’t have cyber insurance, even those that do often have insufficient coverage. Many companies only carry $1 million in cyber insurance, while the average claim in 2024 is estimated to be around $4 million. This massive gap leaves businesses exposed to potential financial ruin in the event of a major breach.

As a commercial insurance producer, it is critical to educate clients on why $1 million is no longer enough and guide them toward coverage that will actually protect them when the worst happens.

Small Business Vulnerabilities

Even though awareness is rising, the reality is that many businesses still do not have the right cyber insurance in place. For small businesses, the danger is especially acute, with 70% of small businesses not carrying any cyber insurance at all. Even worse, many of those who do have cyber insurance are woefully underinsured.

This is where producers can step in and lead with cyber. Every renewal is an opportunity to discuss the necessity of cyber insurance. Failing to offer adequate coverage or skipping the conversation altogether can open producers up to E&O (errors and omissions) exposure. To avoid this, it is essential to offer cyber on every renewal account and provide adequate coverage that meets the client’s specific needs.

Cyber Coverage Gaps and the Need for Adequate Limits

Understanding Coverage Gaps

Many businesses may believe they are sufficiently covered for cyber risks, but often they are not. For example, if a company only carries $1 million in cyber coverage, they are vastly underinsured. The reality is that a major cyber incident, especially one involving ransomware or a breach of customer data, can easily exceed that limit. Producers must educate clients about the importance of adequate limits, especially in industries like healthcare and manufacturing where breaches are more frequent and costly.

Many businesses also fall into the trap of relying on cyber coverage in their business owner’s policy (BOP), which often provides only minimal protection. These policies typically have low sublimits and may not cover critical exposures like dependent business interruption or system failures. Educating clients about these coverage gaps is crucial to ensuring they are adequately protected.

Using Coverage Comparison Tools

One of the most powerful tools producers can use to educate their clients is a coverage comparison tool. These tools allow producers to compare cyber insurance policies from multiple carriers side by side, highlighting differences in coverage, sublimits, and exclusions. For example, many BOPs may offer $100,000 or less in cyber coverage, whereas standalone policies from top cyber carriers provide millions in protection.

By showing clients where their current coverage falls short, producers can build trust and credibility while helping clients make more informed decisions about their insurance needs.

The Role of Risk Assessments and Cyber Insurtech Solutions

Business Risk

Risk Assessment Reports

 Risk assessments are an invaluable resource for identifying vulnerabilities in a client’s cyber defenses. Tools like those provided by At Bay and Coalition offer comprehensive reports that scan a business’s digital environment for weaknesses. These scans can identify issues such as open ports, missing security patches, or outdated software—common entry points for hackers.

Once a risk assessment is completed, producers can work with clients to address these vulnerabilities, often leading to lower premiums and better coverage. In fact, some insurers offer discounts to clients who take proactive steps to improve their security posture.

The Importance of Proactive Cyber Security

 In addition to risk assessments, many insurtech providers now offer built-in security features, such as endpoint detection and response (EDR) and multi-factor authentication (MFA). These tools help clients mitigate their risk and reduce the likelihood of a cyber incident.

For example, some insurers make EDR mandatory before binding a policy, while others offer it as a value-added service. These proactive measures not only help clients avoid costly cyber incidents but also reduce the frequency of claims, which can lead to more favorable renewal terms and lower premiums in the long run.

Leading with Cyber in Sales Conversations

Storytelling and Case Studies

One of the most effective ways to sell cyber insurance is through storytelling. Clients need to understand how real-world cyber incidents could affect their business. Using case studies, such as the invoice manipulation example mentioned earlier, can help clients visualize the potential impact of a cyber event on their operations.

For instance, discussing how a $750,000 invoice manipulation claim nearly crippled a government contractor can drive home the importance of having the right coverage. Real-world stories make the risks more tangible and help overcome objections.

Leveraging Technology for Prospecting

 Producers can further enhance their sales efforts by using coverage comparison tools and vulnerability assessments during prospecting. These tools allow producers to present concrete data about a client’s current vulnerabilities and coverage gaps, making it easier to engage clients in meaningful conversations about their insurance needs.

For example, when making marketing drops, producers can use risk assessment reports to highlight specific vulnerabilities in a client’s cyber defenses, such as open ports or outdated software. This approach not only opens the door for conversations about cyber insurance but also positions the producer as a trusted advisor who can provide real value.

Conclusion

The growing prevalence of supply chain disruptions, ransomware, and invoice manipulation in 2024 makes cyber insurance more critical than ever for businesses of all sizes. As a commercial insurance producer, it’s your responsibility to educate clients about these risks and ensure they have the right coverage in place to protect their operations and their bottom line.

By leveraging tools like coverage comparisons and risk assessments, producers can differentiate themselves in the marketplace while helping

marketing

Email Marketing Strategies That Actually Work for Insurance Agencies: From Segmentation to Conversions

Email marketing is often treated as an afterthought in the insurance industry. Producers focus on cold calling, referrals, and in-person meetings—but overlook one of the most powerful tools already sitting in their hands: their email list.

If you’re an insurance producer or agency principal and you’re not actively leveraging email marketing to drive revenue, retain clients, and expand your footprint, you’re missing a golden opportunity. When executed properly, email marketing delivers unmatched ROI, enables targeted cross-selling, builds credibility, and enhances retention—all at a fraction of the cost of other lead-generation tactics.

Read More »
Insurance

Beyond the Buzzwords: How Insurance Leaders Are Using AI, Voice Tech, and Community to Drive Real Innovation – A Conversation with Christopher Luiz

The insurance industry is evolving at a rapid pace, and the lines between technology, relationships, and service delivery are blurring more every day. As InsurTech continues to capture the attention of carriers, agents, MGAs, and startups alike, the challenge has shifted from finding new tools to figuring out which ones are actually worth using. Too often, insurance professionals are overwhelmed by noise—buzzwords like “AI-driven,” “revolutionary,” or “disruptive” are plastered across every product demo and sales pitch. But for forward-thinking insurance professionals, the real focus isn’t just on adopting the newest thing—it’s on building ecosystems where people and technology thrive together.

Read More »
Insurance

Solving Insurance Back Office Bottlenecks: How Automation and Compliance Tools Empower Agencies and MGAs

The insurance industry is undergoing a quiet transformation. While headlines often focus on the flashy front-end tools and direct-to-consumer disruption, the real revolution is happening behind the scenes — in the back office. From agency onboarding delays to outdated compliance workflows and manual licensing tasks, these friction points cost MGAs, carriers, and agencies valuable time, revenue, and relationships.

Read More »
Employee

Why Employee Ownership is the Key to Sustainable Agency Growth and Talent Retention

In an increasingly competitive commercial insurance landscape, agency owners are struggling to find long-term solutions for succession planning, talent retention, and business perpetuation. Many have considered private equity sales, others offer limited equity to top producers—but a growing number are discovering a more powerful alternative: the Employee Stock Ownership Plan (ESOP).

Read More »
Sales

How to Reverse Engineer Your Sales Funnel and Crush Your Q4 Insurance Production Goals

As we enter the fourth quarter, many commercial insurance producers begin to panic. Whether you’re behind on your goals or just trying to hit that final sprint, the Q4 crunch is real. But the producers who consistently win don’t treat Q4 as a Hail Mary. They plan with precision, reverse engineer their goals, and execute with ruthless consistency.

In this post, we’ll break down how you can reverse engineer your sales funnel, identify your revenue gaps, and finish the year stronger than you started. Whether you’re writing workers’ comp or cyber liability, these strategies apply across all middle market verticals.

Read More »

Responses

Killing Commercial Login