Mastering Cyber Risk: Key Insights for Commercial Insurance Producers – A Conversation with Michael Phillips

Cyber Risk

Cyber risks are at the forefront of every business leader’s mind. As more companies digitize their operations, the threat landscape expands, creating a critical need for comprehensive cyber insurance. For commercial insurance producers, the growing demand for cyber protection offers both a responsibility and an opportunity. This post dives deep into key insights from a conversation with Michael Phillips of CFC, highlighting the importance of cyber insurance, effective selling strategies, and overcoming client objections.

The Evolution of Cyber Insurance

Early Days of Cyber Insurance

Cyber insurance started as a niche product, designed to cover the emerging risks of the internet age. Companies like CFC were pioneers in this space, offering some of the first policies in the market. Michael Phillips, leader of the U.S. cyber underwriting practice at CFC, explained that their company began as “Click for Cover” in 1999, targeting early cyber risks. Back then, businesses were only beginning to understand the potential dangers of cybercrime, and policies were less complex.

Current State of the Cyber Insurance Market

Fast forward to today, and cyber insurance has become a cornerstone of risk management strategies for businesses of all sizes. The cyber insurance market has evolved significantly, with more robust policies tailored to specific industries and risks. Insurers, like CFC, have developed sophisticated underwriting tools to address emerging threats such as ransomware, phishing, and other forms of cyberattacks. As Phillips noted, companies are now far more vulnerable to digital risks, requiring policies that not only cover financial losses but also provide emergency response services.

Key Cyber Risks Facing Businesses Today

Cybercrime & Geopolitical Tensions

Cybercrime is no longer limited to hackers working in isolation. Geopolitical tensions, including state-sponsored cyberattacks, have complicated the landscape. Phillips highlighted how offensive cyber operations are increasingly impacting businesses worldwide. This is not just a concern for Fortune 500 companies—small and medium-sized businesses (SMBs) are also at risk, with over 61% of SMBs reporting cyberattacks in the past year, according to the Verizon Data Breach Investigations Report.

The Financial Impact of Cyberattacks

The financial consequences of a cyberattack can be devastating. Phillips mentioned that the average cyber claim today is around $4 million, a figure that could cripple many businesses. Without cyber insurance, even a relatively small attack could lead to significant losses, including business interruption, legal liabilities, and reputational damage. For small and mid-sized companies, a major cyber incident could result in bankruptcy within months if they are uninsured.

Cyber Risk

The Role of Cyber Insurance Beyond Financial Coverage

Incident Response: The 911 of Cyber Insurance

One of the key differentiators between traditional insurance and cyber insurance is the inclusion of emergency services. Phillips compared modern cyber insurance to “911 for businesses,” providing immediate technical, legal, and financial support in the event of a breach. In addition to covering financial losses, cyber policies often come with built-in incident response services, including forensic investigation, public relations support, and legal guidance.

Risk Management & Prevention Tools

Another critical element of cyber insurance is its focus on risk prevention. Many insurers, like CFC, offer proactive risk management tools, such as vulnerability scanning and threat intelligence services. These tools can help businesses identify potential risks before they lead to a breach. CFC even provides a ransomware calculator that helps quantify potential losses from a ransomware attack, allowing businesses to make informed decisions about the amount of coverage they need. This proactive approach to cyber risk management can help businesses avoid costly breaches altogether

Overcoming Client Objections to Cyber Insurance

Common Client Pushbacks

Despite the clear need for cyber insurance, producers often face pushback from clients who believe they don’t need it. A common objection is, “We don’t have enough data to be a target,” or, “We’re too small to get hacked.” As Phillips pointed out, this couldn’t be further from the truth. Small businesses are often seen as easy targets because they typically lack the robust cybersecurity defenses of larger organizations.

Using Case Studies to Educate Clients

One of the most effective ways to overcome objections is by using case studies to illustrate the real-world impact of cyberattacks. For example, Phillips shared a story about a company that fell victim to an invoice manipulation scam. The business thought it was paying a legitimate vendor, only to find out that they had been sending payments to a hacker. This type of storytelling can help clients understand that they are vulnerable and why cyber insurance is critical for their protection.

Strategies for Selling Cyber Insurance Effectively

The Importance of Leading with Cyber

Many producers wait until the end of a sales conversation to bring up cyber insurance, thinking it’s a lower priority than property or general liability. However, as Phillips and Carothers emphasized, cyber risk should be addressed early in the conversation. Given the significant financial and operational risks posed by cyberattacks, it’s essential to position cyber insurance as a core part of any business insurance portfolio.

Cyber Risk

Partnering with Managed Services Providers (MSPs)

Another effective strategy for selling cyber insurance is partnering with Managed Services Providers (MSPs). MSPs handle the IT infrastructure of many small businesses, making them natural allies in the fight against cybercrime. As Carothers explained, he often collaborates with his MSP to offer clients a complimentary Dark Web scan as part of his sales process. This not only demonstrates the client’s vulnerability but also opens the door to a more in-depth conversation about their cybersecurity needs.

Quantifying the Value of Cyber Insurance

Tools to Help Clients Understand Their Risk

One of the biggest challenges in selling cyber insurance is helping clients understand the potential financial impact of a breach. Fortunately, there are tools available to help quantify this risk. For example, CFC’s ransomware calculator uses real data from past claims to estimate the potential costs of a ransomware attack. Producers can use this tool during client meetings to show exactly how much a breach could cost and explain why adequate cyber insurance coverage is essential.

The Cost of Not Having Cyber Coverage

The cost of not having cyber insurance far outweighs the premium. As Carothers pointed out in the podcast, “If you can’t afford the premium, you certainly can’t afford the claim.” A single cyber incident could wipe out years of profits, especially for small businesses. By offering cyber insurance, producers can help clients avoid catastrophic losses and ensure the long-term survival of their business.

Conclusion

In today’s digital world, cyber risk is no longer something businesses can afford to ignore. Commercial insurance producers play a crucial role in protecting their clients from these evolving threats. By educating clients, leveraging tools like ransomware calculators, and leading with cyber in conversations, producers can help businesses navigate the complex cyber risk landscape and provide valuable protection against financial losses.

Cyber insurance is not just a policy; it’s a comprehensive solution that includes incident response, risk management, and financial protection. Now is the time for producers to take the lead and ensure their clients are adequately covered against the rising tide of cyber threats.

Responses

Killing Commercial Login