As cyber threats continue to rise, enterprises can rely on unexpected allies for support: their insurance brokers. Brokers are not only able to secure robust cyber insurance coverage, they are uniquely positioned to act as liaisons between cyber insurance providers and businesses, and champion comprehensive, forward-thinking and strategic approaches to cybersecurity.
This proactive stance is essential in today’s risk environment, given the ever-increasing frequency and severity of cyberattacks. High-profile breaches impacting large enterprises, including Disney, AT&T, Boeing, and T-Mobile, underscore that even the most fortified organizations are vulnerable. This rising threat landscape has led businesses to adopt multi-layered defense strategies, combining cyber insurance with other protective measures to identify, mitigate, and respond to attacks effectively.
The cyber insurance market itself reflects this demand. Munich Re estimates the market reached $14 billion in 2023 and anticipates growth to $29 billion by 2027. However, there is no singular solution; enterprises must blend the right mix of preventive and mitigation tactics that can help them to:
- Decrease their attack surface;
- quickly identify any malicious activities if these slip through the net;
- rapidly respond with the right approach to minimize damage;
- and recover quickly should attacks ultimately be successful.
This is where brokers can add strategic value. As more businesses embrace comprehensive cybersecurity strategies, the broker’s role extends beyond policy provision. They are critical allies in guiding companies as they look to learn about and adopt more comprehensive and proactive cybersecurity strategies.
How can brokers help mitigate SME cyber risk?
Critically, brokers can position themselves as key advisers, educating their customers to embrace best cybersecurity practices. Robust cyber hygiene doesn’t just lower claims frequency and the amount of losses, it also can help businesses secure more favorable terms when seeking cyber insurance coverage, for example.
The opportunities for win-win partnerships are clear. Here are six strategic areas where brokers can help clients adopt effective, multi-layered security strategies:
#1 – Encourage robust cyber hygiene practices: Brokers should advise clients on foundational best practices, including multi-factor authentication (MFA), regular password updates, encryption policies, routine software updates, and 3-2-1 backup strategies. These combined practices are essential for defending against increasingly diverse and sophisticated threats.
#2 – Highlight the importance of training and awareness: Brokers should emphasize the importance of continuous education and training programs, with instructions on essential actions such as verifying email addresses and immediately reporting potential breaches to appropriate staff. According to CISA, more than 90% of successful cyberattacks start with a phishing email. With generative AI now aiding threat actors in creating increasingly convincing social engineering ploys, firms must ensure that their employees are always alert to potential threats.
#3 – Outline the key components of an incident response plan (IRP): Having a response and recovery plan is essential for minimizing damage if an attack bypasses defenses, particularly as ransomware continues to be a prevalent threat. For clients without a cyber IRP, brokers should provide a template covering core components such as communication protocols, legal considerations, and clearly defined roles and recovery procedures.
#4 – Guide companies to the right solutions and partnerships: Cyber insurers no longer just offer financial security. Many also work with cybersecurity analysts and consultants to help customers formulate IRPs. Brokers should look to showcase such partnerships by highlighting some of the free risk prevention services that firms might expect to receive, from AI-backed vulnerability assessments and threat intelligence tools to cyber training assistance.
#5 – Stress the importance of continuous assessment and improvement: Cybersecurity is an ongoing process. As cyber threats evolve, companies need regular cyber risk assessments to identify and resolve potential vulnerabilities. Brokers should advise clients on best practices, from periodic vulnerability scans and penetration tests to continuous network monitoring techniques capable of uncovering potentially malicious or suspicious activities.
#6 – Ensure clients manage third-party risks: A lesser understood yet increasingly important aspect of cybersecurity is the risks posed by partners. As companies are becoming increasingly digitally interconnected, the weaknesses of one enterprise are increasingly likely to impact its clients, suppliers and partners. For this reason, it is critical that brokers advise companies to enquire about the security posture of their service providers and product vendors. Do they encrypt data? Do they have an IRP in place that is regularly tested? Questions such as these can help to determine the security risks associated with key partnerships.
Undoubtedly, brokers are an invaluable asset within the insurance ecosystem, helping to deliver the most suitable financial protection solutions for their customers. Moreover, they can play an active role in our national cybersecurity by partnering with experts to provide even greater value to clients seeking cyber insurance.
About the Author
Matthieu Chan Tsin is VP, Cybersecurity Services at Cowbell, a leading provider of cyber insurance for small and medium-sized enterprises. Matthieu holds a Ph.D. from Purdue University and is an expert in cybersecurity and intelligence. Before working at Cowbell, he held senior positions at AIG, in the Intelligence Community, and in Academia. He has authored and contributed to academic and government reports on cyber and military topics. Matthieu has lived and worked in over 11 countries.
Matthieu Chan Tsin can be reached online at https://www.linkedin.com/in/mtthchntsn and at our company website https://cowbell.insure/
Source link
