Filed Under:Agent Broker, E&S/Specialty Business

5 ways to talk to midsize businesses about cyber liability

Here's how to better educate MSB prospects and clients about the risks to their business.

Although awareness about cyber liability is high among midsize business (MSB) owners, deep knowledge is not.
Although awareness about cyber liability is high among midsize business (MSB) owners, deep knowledge is not.

Your clients likely see daily headlines about large-scale data breaches that affect some of the nation's best-known brands. Yet data breaches aren't just an enterprise issue.

Related: 5 big cybersecurity lessons to learn from the Equifax data breach

According to the 2017 Verizon Data Breach Investigations Report, 61% of breaches last year involved businesses with fewer than 1,000 employees. That's reflected in heightened interest for cyber liability insurance, a category that saw 35% premium volume growth in 2016 alone, according to a recent report from Fitch Ratings.

Although awareness about cyber liability is high among midsize business (MSB) owners, deep knowledge is not. This gives brokers a prime opportunity to educate risk managers, building owners, property managers and other decision-makers.

Related: The 3 R’s to remedy a cyber breach

Use these five tips to better educate and sell cyber liability to potential clients:

The need remains for agents and brokers to educate midsize businesses about cyber liability coverage.

The need remains for agents and brokers to educate midsize businesses about cyber liability coverage. (Photo: iStock)

No 5: Explore your client's cyber liability needs.


When you ask your clients whether the business has cyber liability coverage, increasingly they may answer yes. But what I’ve found, especially working with many midsize hotels, resorts and restaurants, is that the existing "cyber liability" clients have offers only limited protection.

Related: What to expect: the cyber liability insurance application process

I've also talked with midsize business owners who think their Commercial General Liability coverage will cover data breach costs (and most won't).

This presents an opportunity to educate risk managers on the benefits of standalone cyber liability coverage that includes the following:

        • Coverage for both liability and customer notification costs. We advise organizations with under $25 million in revenue to consider up to $5 million in limits and at least 250,000 notifications (not a capped dollar amount).

        • Coverage of Payment Card Industry (PCI) fines and regulatory defense costs or penalties that result from breaches.

        • First-party coverage for losses from network security breaches.

        • Services such as forensic investigations that determine the breadth and scope of the breach, and crisis management that helps to protect a midsize business’ reputation during the process and ongoing credit monitoring for those affected.

Related: Emerging cyber risks

Some of your clients may not realize that their existing cyber insurance only offers limited coverage. (Photo: iStock)

Some clients may not realize that their existing cyber insurance only offers limited coverage. (Photo: iStock)

No. 4: Tell a relatable story.


Once you establish the type of cyber liability products your clients need, educate them about the risk of data breaches. You can use a big-name example (such as the 2013 Target data breach that affected 41 million consumers), but it's more meaningful to talk about what's happening in their industry.

Related: 5 essentials of a cyber liability insurance policy

Do some limited research and identify a breach the midsize business owner will recognize. Sadly, in the hospitality industry, there's no shortage of them. According to Verizon's 2017 report, accommodations (hotels and restaurants) ranked as the top industry for point-of-sale intrusions.

Cyber liability policyholders are most likely to respond to risk anecdotes from their own industry. (Photo: iStock)

Cyber liability policyholders are most likely to respond to risk anecdotes from their own industry. (Photo: iStock)

No. 3: Make it personal.


After establishing the need for cyber liability with a powerful illustration of what can happen to a midsize business that's victimized by a data breach, it's time to ask thought-provoking questions. If a breach like that happened to you, what's the first thing you would do? Who would you call? What kind of response would you need? How long would it take? What would that mean for your business? Then listen empathetically to each answer and look for that a-ha moment.

The reality is that most midsize business owners wouldn't know what to do if a breach occurred. So, this is your best chance to provide details that will help ease your client's concerns. For example, I find most hospitality businesses don't realize notification provisions vary by state and are based on the state where the affected customer lives, not by the state of the physical facility that was breached.

Related: Top 10 writers of cybersecurity insurance

At this point, I also like to discuss the value of crisis management. No business can afford to lose trust with its consumers. So I let potential clients know how a solid public relations strategy (the costs of which are included in a standalone cyber liability policy) will help manage the reputation of the business, respond effectively to any media coverage, and rebuild customer trust.

The reality is that most midsize business owners wouldn't know what to do if a breach occurred. (Photo: iStock)

The reality is that most midsize business owners wouldn't know what to do if a breach occurred. (Photo: iStock)

No. 2: Dive into the details.


Because cyber liability is relatively new, your clients may not know all their potential liabilities. For example, a franchisee for three locations of a midsize national hotel chain may not realize the franchisee may be held liable for a data breach within the brand's online reservation system even though a third party operates that system. The franchisee could be brought into a suit because the franchisee made the decision to hire the management company. A building owner may give insurance decision-making power to a property manager, but the owner may not know whether that property or hotel manager actually has cyber liability coverage.

Related: Cyber insurance must be a priority for small- and mid-sized businesses

The exposure is greater than the reservation system as well. There are numerous other point-of-sale transactions at a hotel for example (restaurant, gift shop, front-desk or parking, for example).

Related: The top 5 risks businesses and consumers worry about most

In addition to the limit of liability, many clients aren't sure of the size and scope of a potential data breach, so they don't know what number of notifications to choose. I coach hotels to prepare for a six-month breach and tell them to base that on the number of customers, number of rooms and standard occupancy rates.

Many clients aren't sure of the size and scope of a potential data breach, so they don't know what number of notifications to choose. (Photo: iStock)

Many clients aren't sure of the size and scope of a potential data breach, so they don't know what number of notifications to choose. (Photo: iStock)

No. 1: Know it may take time.


Most midsize businesses will see cyber liability as a good idea, but many aren't yet required to have it. You’ll need to continue good storytelling and help potential clients understand that having a smaller, defined cost for a standalone cyber liability policy is better than the enormous potential cost of a data breach. And remember, if they don't have a current cyber liability policy, you don't have to wait until the next renewal cycle to continue the conversation.

In today's connected world, data breaches are serious business. By offering comprehensive standalone cyber liability coverage and telling a relatable story to illustrate what can happen, you’ll give midsize business owners some much-needed peace of mind.

Kurt Meister is senior vice president of National Sales and Business Development director at Distinguished Programs. To contact this author, send email to KMeister@distinguished.com.

See also:

6 ways cybersecurity changed in 2017

5 things to know about the NAIC's new cybersecurity model law

4 trends shaping cybersecurity in 2017

Featured Video

Most Recent Videos

Video Library ››

Top Story

20 safest airlines to fly with in 2018

To recognize those leading the way, AirlineRatings.com released its annual list of the world's safest airlines. Of the 409 airlines it monitors, 20 stand out as the 'best of the best.'

Top Story

11 ways cars will be smarter in 2018

Connected vehicle technology, better electric batteries, and 'infotainment' systems are just three of the trends for insurers and claims specialists to watch.

More Resources

Comments

eNewsletter Sign Up

Specialty Markets Insight eNewsletter

Receive updates and analyses on hard to place and challenging coverages. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.