For many brokers, confidently demonstrating cyber risk to clients is a challenge. Why? Unlike physical risks such as a missing car wheel or a flooded house, cyber risk isn’t immediately visible or easily understood by most people.
While anyone can spot obvious risks to a house or car, asking the average person about their cyber risk often leaves them unsure of where to start. Similarly, if a broker is tasked with selling cyber insurance to a client who’s convinced they don’t need it, where do they begin?
Who Needs Commercial Cyber Insurance?
Before delving into how to sell cyber insurance, let’s establish who needs it. The short answer: anyone with digital assets.
Whether it’s a small website or a complex digital infrastructure, any organisation using technology faces cyber risk and should consider cyber insurance.
Large enterprises often understand this. With strict regulations, larger teams, higher turnovers, and expansive digital footprints, they are acutely aware of the need for cyber protection. It’s no surprise that around 80% of large corporations (with annual revenues over $10bn) have adopted cyber insurance.
In contrast, the penetration of cyber insurance among SMEs is significantly lower—just 10% of businesses with annual revenues below $100m have coverage, according to Swiss Re.
This stark difference is alarming. While 20% of large businesses remain uninsured, a staggering 90% of SMEs operate without any cyber insurance, despite being prime targets for cybercriminals.
Who Are Cybercriminals Targeting?
It’s a common misconception that cybercriminals only go after large corporations. While bigger firms might offer higher financial rewards, hacking them requires significant time, expertise, and resources. Larger organisations also tend to have robust cybersecurity measures in place, making them harder to breach.
Instead, SMEs are a much more attractive target. With fewer cybersecurity defences, limited resources, and less awareness of risks, SMEs offer hackers an easier way to gain access to sensitive data and financial information.
In fact, research by Barracuda Networks found that employees of small businesses are 350% more likely to experience social engineering attacks than those at larger enterprises. Small businesses are also three times more likely to be targeted by cybercriminals than larger companies.
Despite these risks, many SMEs mistakenly believe, “It won’t happen to us.”
Leading with Education
When it comes to selling cyber insurance, education is key. Many brokers face resistance from clients who don’t understand the risks or believe they’re immune to attacks. For brokers, the challenge is even greater if they themselves lack insight into a client’s specific cyber risk.
Just as property insurance requires an inspection of the property and car insurance requires detailed risk assessments, clients need clear evidence of their cyber risk before they’ll see the value of cyber insurance.
The Role of Cyber Risk Assessments
This is where tools like Breach Check come into play. Breach Check helps brokers generate detailed reports that demonstrate a client’s specific cyber risks. These reports can reveal:
- Whether employee records have been leaked.
- If the client is using high-risk open services, such as RDP.
- Known vulnerabilities in the client’s systems.
- Whether their business is being discussed on the dark web.
With this information, brokers can provide clients with a cybersecurity rating, show how their risk compares to other businesses, and highlight specific steps they need to take to reduce their exposure.
Presenting Cyber Risks to Clients
Discussing cyber risks with clients—especially SMEs—can be challenging. Here are some tips for effectively communicating the need for cyber insurance:
- Keep it Simple
Avoid overwhelming clients with technical jargon. Explain risks in plain terms they can easily understand. - Don’t Scare Them into Buying
While the data may be alarming, focus on providing support and actionable advice. Help clients understand that with the right coverage and proactive risk management, they can significantly reduce their risks. - Use Real-Life Examples
When clients say, “It won’t happen to us,” counter with examples of SMEs in similar industries that have been targeted. Show how those attacks impacted their operations and the potential domino effect of not being prepared. - Engage Regularly
Don’t limit discussions about cyber risk to renewal periods. Share regular updates, risk reports, and news about recent cyber incidents. Over time, clients will become more informed and more likely to see the value of cyber insurance.
Slow and Steady Wins the Race
Some clients may take longer to understand their cyber risk and the importance of insurance. Avoid pressuring them into quick decisions. Instead, offer ongoing education, practical tips, and insights that build their confidence in your expertise.
Interested in Offering Cyber Risk Assessments?
If you’re keen to learn more about how Breach Check helps brokers increase client engagement, drive new business, and grow cyber GWP, get in touch with our team at info@dynarisk.com or visit https://dynarisk.com/products/breach-check.
With a 90%+ hit rate, Breach Check uncovers cyber risks in almost every business we scan. In fact, we’ve successfully detected attacks up to 402 days in advance.
