PL Risk Blog

The Evolution of a Cyber Broker: A retrospective

Written by Drew Smith | Nov 4, 2022 2:00:00 PM

The evolution of the cyber industry and the related risks have been almost supersonic in the last few years. Companies had to pivot during the pandemic to a remote workforce and at the same time cyber criminals were increasing their attacks. This resulted in increased ransomware attacks prompting cyber carriers to raise rates and put a larger focus on network security underwriting. The modern Cyber insurance broker has had to adapt to these changes, learn more than just coverage and truly embrace the role of a specialist. This article address what has changed in the role of the cyber broker insurance broker and how far it has come from the days where coverage was limited and often only an afterthought.

The beginnings

While cyber criminals and “hackers” were a known issue to businesses for quite some time, perhaps the tipping point for cyber liability was when Target was breached in 2013. Prior to then, there had not been a widespread focus on the amount of data that these companies were collecting or how they were protecting it. There were upwards of 70 million compromised in the Target breach that occurred during the Holidays and retailer’s busiest time of the year The response needed was massive. Prior to this national exposed breach, most companies thought about security but not to the extent that this one breach did. It brought to light the need for the tighter controls and new and evolving cyber coverage. Unfortunately, this breach was followed by breaches at other companies such as Equifax, Home Depot, Marriott and many others bringing the risks associated with these breaches to the forefront.

Evolution of cyber crimes

The number and types of cybercrimes have evolved tremendously in the past few years with these types of large targets. In 2010, there were only 662 breaches reported, whereas there were over 1,000 reported in 2021 alone. (1) Before this, cyber criminals used to brute force their attacks, through either viruses or their own technology. As the years have passed, hackers have realized, they do not need to force their way into systems if they can trick users themselves. As a result, terms like phishing and spear phishing, have entered parlance. Many smaller businesses were slow to realize these events can happen to them and ignorant of the risks their businesses face. These businesses were often convinced that such hacking only occurred at the largest companies that made the news.

Biggest Changes in coverage

Fast forward to today, cyber criminals are no longer just targeting large Fortune 100 retailers, rather they focus on small/middle market businesses that have not yet invested heavily in their IT infrastructure, so called low hanging fruit. The evolution of the pandemic and new hacking techniques have brought this security risk to every day small and medium sized businesses that were and are ill prepared for the cost or systems necessary for securing their data. These companies believed they had some level of coverage buried with their GL policy but are now starting to realize the need for a true stand-alone cyber coverage and significant changes to their infrastructure to protect their company and their client’s data. Cyber insurance forms are not ISO standardized and require a great deal of technical knowledge and expertise to understand, prompting the evolution of a cyber broker.

Additionally, new attacks are evolving daily which make many cyber policies obsolete to address current risks. Delays in insurance filings to keep up with current cyber risks further complicate carriers and broker’s ability to address evolving risks. Brokers must stay on top of evolving threats, changes in coverages and regulatory requirements. They now must have a better understanding of their clients’ systems and processes and specifically what impact they might have on coverage options. In one sense it is like a property broker that must understand the impact of vacant property, flood zones and sprinklers might have on premiums and coverage. However, unlike standard property coverages, risks change every day.

We are now starting to see carrier restrict or limit who gets coverage and under what terms and conditions. In prior years, brokers could shop carriers for the best coverage and price. The prudent cyber broker must now understand that some risks are simply uninsurable (similar to insuring a building without sprinklers or fire exits) and other risks have very limited options (similar to property insurance in Florida or a flood zone). Unlike most property/ liability policies, cyber coverage is not written on ISO forms. As such there is no standardization among the carriers. This creates additional risk for the broker in fully understanding each carrier’s coverage, limitations and restrictions in a daily changing environment. Further, the definition in a one policy may not mean the same thing as the same word in another carrier’s policy. Continuous broker training is therefore essential.

New acronyms such as MFA and EDR are now commonplace. However, understanding such other terms as Bricking, dependent systems, encryption, Privileged Account Management (PAM) and social engineering are equally as important.

Cyber Brokers as a Risk Manager

Cyber brokers have become more specialized in the last few years. Although their role in placing insurance for their clients has evolved, they must continually monitor the mark and update their skills. Cyber insurance has evolved from an afterthought type of insurance to one of the most key coverages a company must have. As the demand for this product has spiked, so has the need for a more specialized broker to assist clients in protecting their business.

Cyber brokers are now not only required to know the insurance business, but they also must completely understand client systems and controls. They are being charged with the responsibility to educate clients on what controls they need in a more of risk management capacity than a broker. This has not been the traditional role of an insurance broker.

Some additional areas where a broker must understand client cyber risks includes dependent systems, business interruption, types of EDR, types of encryption, back-up procedures, employee, and other network access

Matt Culkin, Assistant Vice President of Sales of PL Risk Advisors, echoes this sentiment, saying “Cyber used to be a relatively low touch product requiring minimal underwriting or product expertise on behalf of the broker. Fast forward a few years and cyber brokers have become much relied upon an advisor or consultant than ever.  We now spend a significant amount of time on conference calls counseling our retail agents and their insureds about minimum security requirements, renewal expectations and how to achieve the best possible outcome from the marketplace before submitting their account to market.”

Future of Cyber coverage

The two things that will be consistent in the future is that the cyber insurance market and the role of the broker is that it will continue to evolve and require additional expertise. One week you could be looking at a phishing scam, the next it is a virus that can take over entire networks. Cyber brokers must continue to stay abreast of the industry and function in a risk management capacity for their clients to be successful.

 

To learn more, download our free guide: Best Practices: To Safeguard Your Insured's Business Against Cyber Security Threats.