The world of cyber insurance can be incredibly complex, and choosing the right broker can make all the difference in adequately protecting your business. Recently, we had the pleasure of hosting a highly informative discussion featuring cyber insurance expert David Derigiotis, President of Flow Specialty Brokerage. Our conversation delved into many facets of cyber insurance, including the selection of brokers, understanding policy inclusions, and how to ensure you're getting the best coverage for your needs.
The Importance of Choosing the Right Cyber Insurance Broker
To give a quick overview - when you look at the overall value chain of securing Insurance, whatever it may be, especially specialty insurance, you have a buyer and they'll typically be represented by an independent insurance agent. The independent insurance agent can either go directly to an insurance carrier to place that business, or sometimes they need to access a wholesale broker. When selecting a cyber insurance broker, it is crucial to understand their expertise and the value they bring to the table. It's important to verify whether your existing broker specializes in cyber insurance.
A wholesale broker should also be offering a deep level of expertise because a wholesale broker needs to do more than just be that pathway to an insurance carrier. They should be providing white glove service, a consultative approach, and offering expertise in terms of guiding the insurance process.
A significant red flag: if your broker has never mentioned cyber insurance, they may not be equipped to provide the specialized services you need.
Also, ensure that your independent insurance agent either has direct access to specialty carriers or is partnered with a wholesale broker like Flow Specialty to provide the necessary market access and expertise.
Questions to Ask Your Broker
To ensure you’re working with an informed and competent broker, David suggested a series of crucial questions:
- Market Access: How many carriers does your broker have access to, either directly or through wholesale partners? How large of a world do you operate in as it relates to cyber insurance?
- Experience: How well-versed is your broker in the cybersecurity landscape? Do they understand the specific threats and coverages relevant to your business?
- Understanding Your Business: Turnthe tables a little and ask them how well they know and understand about your particular business and what you should be considering or concerned about.
- Additional Services: What proactive cybersecurity services are included with the policy or services, if any? As a small business, if you don't have the resources to implement cybersecurity yourself, some insurance providers also do some of the security themselves. This could range from training and MFA (Multifactor Authentication) implementation to access to a cybersecurity operations center (SOC).
Knowing the whole scope of what you're getting is really important. If you're just looking at the price and coverage you may think you're paying less but you didn't realize that you're not getting all the benefits you actually need, whether you want it or not.
The Importance of Multiple Bids
Gaby also encouraged business owners who are doing this for themselves for the first time is to educate themselves through the process. Specifically, he suggested setting up several meetings with different providers to see what each says and build off each meeting adding to your knowledge through the discussions. Comparing quotes from at least three different carriers will provide a comprehensive view of the options available. As a bonus you're getting a good view of the different offerings available to give you a better opportunity to find the coverage that is best for you.
Coverage Inclusions and Exclusions
Understanding what's included in your cyber insurance policy is as important as understanding what is not. Policies can vary widely, and some may provide proactive services that others do not. It is essential to be clear on:
- Policy Inclusions: Coverage for ransomware, social engineering attacks, data breaches, and more.
- Policy Exclusions: Look for exclusions like "failure to maintain security standards" and "cyber war exclusions," which could prevent a payout in specific scenarios.
Transparency and Continuous Improvement
Transparency with your broker is vital. If they ask detailed questions about your cybersecurity measures, don't see this as a red flag but rather as a sign of thoroughness. The more your broker knows about your current security posture, the better they can tailor a policy that fits you.
For ongoing improvements, document any enhancements to your cybersecurity measures, as this can influence your premiums positively over time. Discuss with your broker how these improvements could affect your renewal rates and coverage terms.
Cyber insurance is very unique being that it is more proactive than insurance traditionally is. Insurance is reactive. You have a loss. You tender a claim and there's some type of financial reimbursement that takes place. That's the whole nature of insurance. Cyber insurance is unique in that before there's a loss, before there's a claim, your policy can actually work for you.
Utilizing Broker and Carrier Resources
Take advantage of the extensive resources your broker and insurance carrier offer. Many carriers provide added value through training, compliance assistance, and even technology solutions to improve your cybersecurity posture.
Some ways cyber insurance policies can do this includes:
- Helping with compliance by ensuring certain privacy policies are in place
- Creating written information security plan along with incident response, and other affiliated resources
These all can help your business be more resilient, can help with training, and can work for you before there's a claim.
Claims and Reputation
One critical aspect is understanding how a carrier handles claims. Ask your broker about the carrier’s reputation for paying claims and if they handle claims internally or outsource them. Publicly available statistics on claim payouts can be limited, so rely on your broker's experience and expertise for this information.
Is Less More?
Is it a good idea to just go with the carrier that doesn't require a lot of information? Not really. For one, you may end up paying for more than you need. If a broker is asking a for a lot of information that can be a positive sign that they're being thorough in understanding your risks and needs.
It's important to be as transparent as you can share where you're strong, answer the questions with regards to your security posture, because if there are gaps and there are weak spots they may be able to help you plug those holes. They may be able to match you up with a cyber insurance writer that will provide those services for you and make you a better risk, a better insured in the long run.
Always be transparent, always be honest and open. Because again, it can round out your overall organization.
Final Thoughts
In wrapping up cyber insurance should not be seen as a standalone solution but part of a comprehensive cybersecurity strategy. Using the available resources from your insurance policy can significantly improve your security posture and reduce the risk of incidents.
If you’re interested in exploring cyber insurance options or need more tailored advice, don’t hesitate to reach out to industry specialists like David at Flow Specialty. Their expertise can guide you through the labyrinth of options to secure the most suitable and beneficial policy for your company.
Remember, while cyber insurance is crucial, maintaining robust cybersecurity practices internally is indispensable. The goal is to minimize the risk, not just mitigate the fallout.
For more information or to get in touch with David, contact him at David@flowspecialty.com. Stay
Need new Phishing Simulation template ideas? Check out our featured Phishing Email monthly series.
