For brokers, the biggest obstacle in selling cyber insurance to clients might not be what you think.
Traditional roadblocks to a sale include price, board approval, and executive complacency. But here’s an unlikely naysayer that’s making the rounds of brokerage watercooler chat — corporate IT departments.
Turns out IT departments are the Number 1 obstacle to overcome when it comes to selling cyber policies, according to a poll of nearly 300 Canadian brokers conducted by specialist insurance provider CFC. Released earlier this month, the poll found 37% of Canadian brokers reported encountering a challenge from their client’s IT lead or department, stating they didn’t need cyber insurance.
“There’s a long-held misperception amongst IT professionals that cyber insurers are pitching insurance as a replacement for security controls, when in fact the reality is vastly different,” Philippa Berry, CFC’s cyber product leader, said in a press release.
“Just as putting locks on your doors doesn’t negate the need for property insurance, strong IT security measures don’t negate the value of cyber insurance. A good cyber policy will not only transfer the financial risk associated with a cyber event, which can be substantial, but also offers an additional layer of proactive services to help prevent an attack from happening in the first place.”
Price is often a pain point for brokers selling cyber coverage. According to CFC’s poll, Canadian brokers cited cost as the second-biggest obstacle to overcome after IT departments. One-quarter of respondents reported “clients felt cyber insurance was too expensive.”
Berry acknowledged price “is always an issue,” but the cost of a cyber claim is so much greater. “Ultimately, cybercrime is costing Canadian businesses of all sizes, but in particular smaller organizations, billions of dollars each year.”
Rather than being at odds with one another, IT departments and cyber insurers should work hand-in-hand to give businesses the best possible protection and price, she said.
Employees, particularly at smaller companies, are often the weakest link when it comes to cybersecurity. That’s because they often have no visibility into their corporate networks, little or no budget for cybersecurity, and no data recovery or response plan in place, cyber experts told Canadian Underwriter earlier.
“Hackers aren’t wasting time trying to hack your firewall and get detected when all they have to do is send a crafted email to one of your employees and have them click on a link they’re not supposed to,” said Terry Cutler, an ethical hacker and CEO of Montreal-based cybersecurity firm Cyology Labs.
Feature image by iStock.com/gilaxia