Stringent Cybersecurity Insurance Requirements Are Clogging Pipelines for Insurance Brokers
March 14, 2022
Insurance broker cybersecurity insurance insurance application
- Small to medium businesses (SMBs) in the professional service industry are not known for their technical agility when it comes to managing cybersecurity. However, there are resources that make cybersecurity so easy to manage that even an intern can do it.
- When cyberattacks increase, so do cybersecurity insurance requirements. Insurance applicants are challenged to interpret complex questionnaires filled with jargon-rich language which take up a great deal of producer, account tech and underwriting time to complete.
- As small businesses struggle to interpret complex cybersecurity insurance requirements, insurance brokers experience a revenue problem with clogged pipelines and decreased approval rates.
Insurance brokers and small-to-medium sized businesses (SMBs) must overcome a growing cybersecurity hurdle: how to navigate through the trenches of stringent carrier requirements.
Only a few years ago, it was much easier for small businesses to apply for cybersecurity insurance. Unfortunately, with the increase in cyberattacks, small businesses are considered high risk for insurance companies.
The risk of a security breach is even higher when one considers that three out of four small businesses admit they do not have a designated IT security staff member to manage cybersecurity.
As cybersecurity insurance requirements grow, the risk to small businesses increases due to a lack of understanding and inability to meet robust carrier requirements.
In an interview with Tony Cañas, host of the Insurance Nerds Profiles in Risk podcast, Havoc Shield’s co-founder and CEO Brian Fritton discusses how cybersecurity insurance brokers can simplify the coverage onboarding process for small businesses and increase their bottom line.
According to Brian, insurance brokers are starting to “clamp down on the types of risks they'll take on small businesses.” As a result, the application process has become increasingly discerning. “We've seen that the two or three questions now expand to 20.”
What used to be a simple qualification process has increased to a complex questionnaire with more laborious questions leaving policyholders confused and often paralyzed.
Addressing Cybersecurity Needs in a Growing Digital Age
As consumer demand increases for more online services, businesses must adapt by becoming increasingly technologically adept. Unfortunately, the more the world shifts to accommodate this digital age, the more vulnerable both businesses and consumers are to cyberattacks.
Ransomware attacks increased by almost 50% in 2020 as more businesses shifted to accommodate remote work needs. It is projected that cyberattacks will further increase as the global market continues to scale digitally.
Cybercriminals know that SMBs are a prime target — even financial service providers such as cybersecurity insurance brokers must remain hypervigilant.
Cybersecurity Insurance Companies are Going into Lockdown Mode to Protect their Assets
A more stringent qualification process leads to a congested pipeline as applicants attempt to understand the complicated questions written in legal and industry jargon. Questionnaires may as well be written in a different language for SMBs that lack a designated IT security team.
As governments impose new legislation and regulations, insurance providers must shift to accommodate new mandates that mitigate cyber risk. The New York Department of Financial Services instated the first comprehensive cybersecurity regulation (23 N.Y.C.R.R. Part 500) in the US in 2017 and many other states followed the standard within three years of deployment.
Go deeper: 4 Common Cybersecurity Tests Asked in a Vendor Security Questionnaire
A Lack of Meeting Cyber Insurance Carrier Requirements Leaves Businesses Uninsured and Vulnerable
According to a 2021 global cyber risk and insurance survey, 81% of C-level executives disclosed a concern that their company is inadequately protected against cyberthreats. Even with this high level of concern, only 35% of these companies are considering purchasing cyber insurance. An alarming 17% of these businesses do not understand what insurance products and services are available.
Although cybersecurity regulations have become more stringent for insurance companies and financial services institutions, it is getting more difficult for small businesses to gain adequate cybersecurity insurance.
SMBs work with limited human resources as employees often wear multiple hats in the organization. Most SBMs do not have a designated cybersecurity expert. In addition to limited personnel, the main vulnerability leading to a lack of coverage is a deficiency of education within the organization, which leads to compliance issues. When an SMB fails to meet carrier requirements, it risks being denied coverage.
Even Cybersecurity Insurance Brokers are at Risk for Cyberattacks
Insurance brokers are commonly targeted by cybercriminals because of brokers’ abundant store of digital information. Policyholder digital files contain highly confidential information, such as:
- Personally identifiable information (PII)
- Financial information
- Employment data
- Personal property information
- Health data
Considering the diverse range of personal data that insurance brokers have access to, it’s no mystery why cyberattacks are so prolific in the industry.
Cybersecurity insurance brokers play a key role in setting an example for their clients by creating a foundation of security requirements within their own organization and allowing applicants and policyholders to mirror the process by following individual industry standards.
How to Simplify Cybersecurity Management and Protect Revenues
Insurance brokers can satisfy industry compliance regulations with a suite of cybersecurity tools in a single platform. Partnering with the right provider can help brokers simplify the cybersecurity management process.
When it comes to something as serious as cybersecurity, it is ideal to either hire a professional to manage cybersecurity as the main responsibility or outsource it to a service provider for a fraction of the cost of hiring a full-time employee. SMBs can take their cybersecurity process from project management to implementation with expertly designed plans created by a knowledgeable expert.
Insurance brokers can build a robust process that trickles down to applicants and policyholders under the same platform. Recommendations should be in place to set the business up with password managers, patching antivirus and multi-factor authentication. The benefit for insurance brokers is that they can accelerate the sales pipeline while increasing the approval rate and onboarding process.
When looking for a cybersecurity software platform, it’s important to select one designed specifically with small businesses in mind.
It’s also important to help decode insurance industry jargon, making it easier for the applicant to get through questions with ease.
In the event that an applicant doesn’t meet all the carrier’s requirements for coverage, the broker should make it easier for the applicant to take the appropriate steps to meet carrier prerequisites. Providing applicants access to dynamic tools, resources and policies will help the organization transition easily into a platform that ensures compliance.
This blog post is based on an interview with Brian Fritton, co-founder and CEO of Havoc Shield, on Episode 288 of Insurance Nerds’ Profiles in Risk (PIR) podcast. Listen to the episode to hear more from Brian on cybersecurity insurance for small businesses.