Improving trust: how carriers can bridge the gap with SME cyber policyholders

Lack of trust between small businesses and insurers over cyber cover and insurers being opaque when dealing with a breach are two key issues constraining cyber insurance adoption.

Both were addressed at a panel on how to add value in cyber insurance on Tuesday, April 21 at Intelligent Insurer’s Cyber Risk & Insurance Innovation conference in Chicago. 

Taking part in 'From Policies to Partnerships: Adding Value in Cyber Insurance' were: Emily Selck, senior director and national practice leader cyber, The Baldwin Group; Keith Tagliaferri, head of cyber insurance claim practices, The Hartford and Riley Brant, vice president Northeast cyber technology practice, Lockton. The panel was moderated by Raphael Da Costa, product line leader cyber/tech E&O, Markel. 

Brant said rising cyber insurance premiums during the hard market – when “prices went through the roof” – dented client trust and led to a belief that cyber policies never paid out. That, he said, “is a misconception. These policies are paying out”.

Tagliaferri and Brant agreed carriers need to provide transparency and guidance on cyber risks and best practices. How they approach risk management can build client trust and confidence, said Brant. 

“Having a carrier come in and say, look, if you were to invest in ABC… those are the most likely things that are going to provide risk [reduction] ... I think that's a benefit to insureds,” said Tagliaferri. 

However, he said there was a danger in swamping SME clients with offers of threat intelligence services, which can come across as mere marketing.

Tagliaferri went on to say much of the value of cyber coverage comes within 24 to 72 hours after an incident.

“They don’t really know what they’re getting or what they’re paying for until they’re in the middle of a ransomware attack or have a data breach,” he said, “and they pick up the phone,  call a carrier and all of a sudden the carrier says, ‘Look, we understand this… we’re seeing hundreds of these, you know, every year as an industry, even thousands. So, we do this all day, every day. So, we’re going to explain to you, provide clear next steps as to how this is going to work’.”

The panel agreed policies and duties in the event of a claim need to be clearer and less bespoke, that claims processes should be explained in advance (whom to call, what happens next, who’s involved) and that panel/vendor rules need to be transparent and handled before an incident, not negotiated mid-breach.

Selck and Brant discussed the challenges of aligning client relationships with carrier-approved panels in particular, and emphasised how important it was to have pre-approved tech vendors when things go wrong and upfront discussions to avoid delays during a cyber incident.

“I think carriers need to do all they can to make the process as simple as possible for our insureds,” said Selck. “The more that we make that really easily accessible to clients in a way we can explain to them exactly what their duties in the event of a claim are, I think that is really helpful.”

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.