In just a few short years, cyber attacks have gone from being the stuff of myth and legend to real-world threats that impact organizations globally every day. Yet, while awareness of cyber threats has grown, along with the frequency and severity of attacks, there hasn’t been a concurrent rise in demand for standalone cyber insurance.
A recent Deloitte report notes that cyber insurance growth remains well below expectations. In a survey of middle-market companies, defined as having between US$250 million to US$1 billion in annual revenue, non-buyers were asked why they passed on a cyber policy. The reasons ranged from insurance product issues to distribution issues to buyer issues. For example, respondents indicated the cost was too high (41%), the broker/agent has not suggested it (22%), and they didn’t know coverage was available as a standalone policy (17%).1
Anecdotally, Canadian brokers have indicated that many clients don’t believe a cyber crime is likely to happen to them and they don’t fully understand their exposures, which adds to the challenge of selling cyber insurance to businesses.
While these barriers mean cyber isn’t necessarily an easy sell, it’s still critically important for clients to make cyber insurance a part of their cyber security strategy. Even the best defenses will sometimes fail, so businesses need to consider risk transfer options.
Here are five ways brokers can overcome challenges in the marketplace and make the case for cyber insurance:
1. Make cyber risks relevant to their business
To start, brokers can initiate a discussion with clients on the cyber threat landscape and highlight risks that are relevant to their business or industry. For example, manufacturers might be less concerned about data breaches since they don’t collect customer data. However, they could fall prey to phishing or social engineering scams and lose sensitive company data. Or, as has been a rising trend, the manufacturer could fall victim to a ransomware attack, whereby criminals encrypt an organization’s data and demand payment to restore access.
2. Build the case with case studies
In addition to outlining where clients’ exposures might be, brokers can inform them of the potential significant business impact that could follow a breach, including financial costs and reputational harm. For example, the average cost of a data breach in 2020 was US$3.86 million.2
Deloitte’s survey found that respondents who bought stand-alone policies often did so as a reaction to cyber attacks against others, including competitors, supply chain partners, and even companies outside their own industries.
This presents an opportunity for insurance companies to support brokers by providing case studies they can use to inform their clients. Afterall, storytelling is a powerful tool. As Deloitte experts note, case studies that show how standalone policies kicked in after a cyber event, as well as the challenges facing those without dedicated coverage, might make the difference between a sale and a pass, especially if it involves an event within the prospect’s own industry. 3
3. Create a sense of urgency
Like with your health, a pre-existing condition could make it more difficult to secure insurance. Discuss how difficult securing cyber insurance could be if a client has had a recent loss, given the quickly changing cyber landscape. Insurers are dramatically revising their approach—in some cases premiums are going up and coverages are tightening up across the board.
It’s also important to ensure clients protect their business as soon as possible because the longer they wait to protect their business, the longer they’re vulnerable to a possible cyber-attack – and no business is immune from the threat.
4. Educate clients on the need for a standalone policy
Insurers can help brokers, who in turn can help their clients, understand how standalone cyber policies can close possible gaps in a client’s current coverage and offer greater clarity. Some common coverages that fall under a cyber policy include security breach expenses, business interruption, crisis management expenses, and forensic investigations expenses, among others.4
Although cyber is relatively new in the insurance world, standalone products need to keep pace with the speed of change as threats continually evolve. For example, Sovereign Insurance’s new product suite, Sovereign Secure TechPro, features more precise language designed to address the unique, new and emerging risks to Canadian businesses. The product also features enhanced policy forms to offer more comprehensive coverage and modular products to provide greater flexibility.
5. Highlight value-added breach preparation and breach response services
Value-added services are another meaningful benefit of standalone cyber policies. For example, with Sovereign Secure TechPro, clients also get access to breach preparation and crisis management services, as well as personalized access to a breach preparedness website provided by our partner, CyberScout®.
While cyber insurance can’t prevent cyber attacks from happening, it can help businesses navigate a loss and get businesses back up and running again. Brokers can contact Sovereign® to find out how we can work together to bring clarity to businesses on cyber coverage.
1 Deloitte, “Overcoming challenges to cyber insurance growth,” March 16, 2020
2 IBM, “Cost of a Data Breach Report 2020,”
3 Property Casualty 360, “Standalone cyber insurers need more agents and brokers,” May 12, 2020
4 Insurance Bureau of Canada, “Protect your organization from cyber crime,”
CyberScout® is a trademark of CyberScout, LLC and used with permission.