Cyber Essentials: Practicalities for brokers by Jack Elliott Frey
The past month has been a busy one for insurance brokers operating in the cyber risk class, due to the launch of a joint initiative by the Government and the insurance sector to help cement the UK's position as the global leader in cyber security insurance.
This new initiative builds on the 10 Steps to Cyber Security guidance published in late 2014, and the Cyber Essentials Scheme which is designed to encourage basic cyber security practice within businesses.
One of the key points that stands out from an insurance broker's perspective is the recommendation that participating insurers include Cyber Essentials (CE) accreditation as part of their risk assessment for SMEs. Marsh has outlined plans to launch a cyber product for SMEs to do this, and absorb the cost of CE certification, which the government encourages other insurance brokers to follow.
But what is the reality for brokers who may be deciding whether to offer CE certification as part of an insurance solution?
Brokers should offer up a ‘cyber assurance' statement themselves, to let clients know that they have implemented best practice and have the knowledge required to deliver complex, technical cyber solutions.
Many businesses are in the dark about this risk - brokers need to assure clients that they are not.
Although a cyber insurance policy may absorb the cost of CE accreditation, this should not be the key reason for choosing to utilise a specific insurance solution or underwriter.
The client and broker need to carefully consider the exclusions within the policy; For example some cyber policies don't cover terrorism if it comes in the form of a cyber attack, and so it is crucial to know what is covered and what is not.
Understand what it is you want to achieve by offering CE certification as part of a product. Are you trying to target a certain industry sector i.e. healthcare, manufacturing or retail?
If so, there are varying regulations that apply, as well as certain insurance markets that will or won't write cyber (depending on the sector); so ensure your product targets a sector where there is sufficient underwriting appetite.
Consider what the product will be covering aside from the cost of CE accreditation. There are numerous types of cyber risk, from cyber extortion through to physical asset damage and business interruption. The coverage is only going to broaden as this Cyber Essential initiative encourages the market to widen the scope of cyber insurance to cover other forms of attack. Much like exclusions, terms of coverage will be equally important when creating an attractive product.
Finally, the most important aspect of any product: price. Cyber policies are considered to be relatively expensive.
This is due to the complex nature of the risk as many insurers don't understand how to effectively price their offering. Brokers need to have a proper, thorough understanding of the risk your product covers and clients/insurers alike will respect this and be able to price accordingly.
Jack Elliott-Frey is a broker at cyber insurance experts Safeonline.