Despite repeated negative headlines exposing companies that experienced data breaches in recent years, most businesses continue to have the “it won’t happen to me” mindset. As a result, they put off purchasing cyber insurance, believing cyber criminals will target the much higher volumes of valuable data found in larger organizations. However, Symantec’s 2016 Internet Security Threat Report shows that phishing campaigns targeted small businesses 43% of the time.
Most companies, however, hesitate to purchase cyber coverage because they’re confused about the gaps and exclusions outlined in many policies, according to a study by Deloitte Center for Financial Services. No “standard” policy exists, and companies have a hard time knowing how big of a risk they face or how much coverage they really need. As a result, many companies are passing on buying cyber insurance.
Reassuring Potential Policyholders
Carriers have an opportunity to attract businesses that are on the fence about purchasing coverage by addressing the perceived ambiguities and educating organizations on why, no matter how big or small, they need to protect themselves from cyber risks.
Granted, most businesses do not go “shopping” for cyber or data compromise coverage apart from their standard business, liability and workers compensation insurance. However, carriers and agents are ignoring the all-important add-on sale if they’re not discussing cyber coverage with their clients.
The importance of educating clients on the risks and assuring them of the type and amount of coverage they need is key to earning their confidence. It starts with content that addresses their pain points and helps them understand why the need is real, including topics like:
Cyber Security Training
The number one factor that leads to cyber crime is human error. If companies want to protect data, the best thing they can do is provide training for their employees to minimize the risk.
Developing sample standard operating procedure (SOP) templates for businesses as it pertains to computer security can arm employees with the tools and information they need to proactively combat cyber crime. The National Cyber Security Alliance has many resources available to help develop SOPs around particularly vulnerable areas including:
- Passwords creation and maintenance
- System backup procedures
- Downloading programs
- Email best practices
- Mobile device best practices
- Account security and protection
- Website security beyond “payment” procedures
- Cyber Security Response Plan
Many companies aren’t sure what steps to take if a breach occurs. Do they call the police? Homeland Security? Their webmaster? A company needs to have a response plan in place to move as quickly as possible. Failure to do so can lead to financial devastation, even bankruptcy. In fact, a 2016 study from IBM found the average data breach will cost a company $4 million—a staggering loss from which many businesses will not recover.
Develop content that offers step-by-step guidance on what a business needs to do if they suspect cyber fraud. There are many stages to a proper response plan—from detection and analysis to notification and recovery—and each needs an outline of the steps that need to occur, including getting Homeland Security involved for breaches of larger magnitude.
For businesses that have purchased cyber security coverage, the insurer can provide access to technical support, consultants, legal referrals and other digital security services to aid in recovering and restoring data and, of course, help minimize the financial impact for covered losses.
Most insurance companies rely on a third party vendor, or reinsurer, to provide recovery services for their policyholders. These vendors have experts on cyber threats and the processes and procedures necessary for addressing breaches. Because it’s “what they do,” they often have a library of current and relevant resources. Co-branding with their existing materials can save time and money, and ensure that the content you offer is in accordance with the coverage you’re providing.
Cyber insurance won’t protect a business from cybercrime, only from the potential financial impact. A business needs to implement sound practices to secure its data, and its carrier can play an important role in educating them to do so.
For more tips on providing relevant content and building an inbound strategy for B2B insurance and financial services, check out the guide below.