Featured Image

Stringent Cybersecurity Insurance Requirements Are Clogging Pipelines for Insurance Brokers

  • Small to medium businesses (SMBs) in the professional service industry are not known for their technical agility when it comes to managing cybersecurity. However, there are resources that make cybersecurity so easy to manage that even an intern can do it.
  • When cyberattacks increase, so do cybersecurity insurance requirements. Insurance applicants are challenged to interpret complex questionnaires filled with jargon-rich language, which take up a great deal of producer, account tech, and underwriting time to complete.  
  •  As small businesses struggle to interpret complex cybersecurity insurance requirements, insurance brokers experience a revenue problem with clogged pipelines and decreased approval rates.

Insurance brokers and small-to-medium-sized businesses (SMBs) must overcome a growing cybersecurity hurdle: how to navigate through the trenches of stringent carrier requirements. 

Just a few years ago, the process of obtaining cybersecurity insurance was significantly simpler for small businesses. However, the rising number of cyberattacks has resulted in insurance companies categorizing small businesses as high-risk entities.

The vulnerability to security breaches becomes even more pronounced when one considers that three out of four small businesses acknowledge their lack of a dedicated IT security staff member to handle cybersecurity.

As the demands for cybersecurity insurance become more stringent, small businesses face an escalating risk due to their limited comprehension and inability to fulfill the extensive requirements set by insurance carriers.

In an interview with Tony Cañas, host of the Insurance Nerds Profiles in Risk podcast, Havoc Shield’s co-founder and CEO Brian Fritton discusses how cybersecurity insurance brokers can simplify the coverage onboarding process for small businesses and increase their bottom line. 

According to Brian, insurance brokers are starting to “clamp down on the types of risks they'll take on small businesses.” As a result, the application process has become increasingly discerning. “We've seen that the two or three questions now expand to 20.”

What used to be a simple qualification process has increased to a complex questionnaire with more laborious questions leaving policyholders confused and often paralyzed.

Addressing Cybersecurity Needs in a Growing Digital Age

As consumer demand for more online services increases, businesses must adapt by becoming increasingly technologically adept. Unfortunately, the more the world shifts to accommodate this digital age, the more vulnerable both businesses and consumers are to cyberattacks.

Ransomware attacks are on the rise again in 2023. Cyberattacks are projected to increase further as the global market continues to scale digitally.

Cybercriminals know that SMBs are a prime target — even financial service providers such as cybersecurity insurance brokers must remain hypervigilant.

Cybersecurity Insurance Companies are Going into Lockdown Mode to Protect their Assets

A more stringent qualification process leads to a congested pipeline as applicants attempt to understand the complicated questions written in legal and industry jargon. Questionnaires may as well be written in a different language for SMBs that lack a designated IT security team.

As governments impose new legislation and regulations, insurance providers must shift to accommodate new mandates that mitigate cyber risk. The New York Department of Financial Services instated the first comprehensive cybersecurity regulation (23 N.Y.C.R.R. Part 500) in the US in 2017 and many other states followed the standard within three years of deployment.

Go deeper: 4 Common Cybersecurity Tests Asked in a Vendor Security Questionnaire

A Lack of Meeting Cyber Insurance Carrier Requirements Leaves Businesses Uninsured and Vulnerable

According to a 2021 global cyber risk and insurance survey, 81% of C-level executives disclosed a concern that their company is inadequately protected against cyber threats. Even with this high level of concern, only 35% of these companies are considering purchasing cyber insurance. An alarming 17% of these businesses do not understand what insurance products and services are available.

Although cybersecurity regulations have become more stringent for insurance companies and financial services institutions, it is getting more difficult for small businesses to gain adequate cybersecurity insurance. 

SMBs work with limited human resources as employees often wear multiple hats in the organization. Most SBMs do not have a designated cybersecurity expert. In addition to limited personnel, the main vulnerability leading to a lack of coverage is a deficiency of education within the organization, which leads to compliance issues. When an SMB fails to meet carrier requirements, it risks being denied coverage.

Even Cybersecurity Insurance Brokers are at Risk for Cyberattacks

Insurance brokers are commonly targeted by cybercriminals because of brokers’ abundant store of digital information. Policyholder digital files contain highly confidential information, such as:

  • Personally identifiable information (PII)
  • Financial information
  •  Employment data
  • Personal property information
  • Health data

Considering the diverse range of personal data that insurance brokers have access to, it’s no mystery why cyberattacks are so prolific in the industry. 

Cybersecurity insurance brokers play a key role in setting an example for their clients by creating a foundation of security requirements within their own organization and allowing applicants and policyholders to mirror the process by following individual industry standards.

How to Simplify Cybersecurity Management and Protect Revenues

Insurance brokers can satisfy industry compliance regulations with a suite of cybersecurity tools in a single platform. Partnering with the right provider can help brokers simplify the cybersecurity management process.

When it comes to something as serious as cybersecurity, hiring a professional to manage cybersecurity as the main responsibility or outsourcing it to a service provider for a fraction of the cost of hiring a full-time employee is ideal. SMBs can take their cybersecurity process from project management to implementation with expertly designed plans created by a knowledgeable expert.

Insurance brokers can build a robust process that trickles down to applicants and policyholders under the same platform. Recommendations should be in place to set the business up with password managers, patching antivirus, and multi-factor authentication. The benefit for insurance brokers is that they can accelerate the sales pipeline while increasing the approval rate and onboarding process.

When looking for a cybersecurity software platform, selecting one designed specifically with small businesses in mind is important. 

It’s also important to help decode insurance industry jargon, making it easier for the applicant to get through questions with ease.

In the event that an applicant doesn’t meet all the carrier’s requirements for coverage, the broker should make it easier for the applicant to take the appropriate steps to meet carrier prerequisites. Providing applicants access to dynamic tools, resources, and policies will help the organization transition easily into a platform that ensures compliance.


This blog post is based on an interview with Brian Fritton, co-founder and CEO of Havoc Shield, on Episode 288 of Insurance Nerds’ Profiles in Risk (PIR) podcast. Listen to the episode to hear more from Brian on cybersecurity insurance for small businesses.

Other posts