As cybercrimes increase worldwide, many small businesses are unprepared to deal with any form of cyberattack. Every year, over 43% of online attacks are on small businesses and only 7% of those businesses are capable of defending or mitigating the cyber threat, according to a security survey carried out by Accenture, a professional services company.

“One of the most common things that companies believe today is that they won't get hacked. Yet, even with small and medium-sized enterprises, there's a tremendous amount of cyber claims activity," says Shawn Ram, head of insurance, Coalition Inc. “No one is immune from a cyber-related event. Independent agents are now in a good position to not only assist clients in purchasing cyber insurance but also to educate clients on risk management."

“2020 was a real turning point for the market as small businesses started to perceive cyber as a tangible threat that can no longer be ignored," says Lindsay Guerrant, small commercial product strategy lead, Liberty Mutual. “And with the FBI reporting a 400% increase in cyberattacks during the pandemic, the rise in cybercrimes is a trend that isn't going away post-pandemic."

When cyber incidents occur, not only does a business suffer a loss from business interruption but its brand and reputation can be damaged, leading to a loss in customer trust.

Agents have the greatest opportunity to add value to a client relationship when it comes to selling them a cyber policy. Here are four ways:

1) Add value. “Most small businesses don't have the resources to hire third-party organizations for training or pay for other tools and services, such as web scanning that help identify potential vulnerabilities," Guerrant says. “As a trusted advisor, agents can bridge the knowledge and access gap to help clients proactively avoid a claims situation."

Some carriers will work with and assist an agent in identifying a client's risks. “We tell the client what the problem is and why it's important," Ram says. “We stand ready to help them solve the particular matter that is identified." 

2) Evaluate the business. “Insureds that demonstrate an understanding of their cyber risk, a strategy for managing it, and a company-wide commitment to security will get better deals from cyber insurers," says David Chavez, solutions product manager, information technology, Intact Insurance Specialty Solutions. “Agents should seek out and develop relationships with the insured's chief information security officer and IT security professionals. Those professionals understand the risk and can communicate their employer's efforts to manage it."

Carriers impacted by ransomware losses over the past number of years are looking more carefully at cyber risks during the underwriting process. “They are looking to make sure that they truly understand an applicant's cyber risk posture before binding," says Timothy Zeilman, vice president, global cyber products, HSB (The Hartford Steam Boiler Inspection and Insurance Company), part of Munich Re.

To provide the best possible coverage for a business, agents should evaluate not only the business but the policy being offered. “If, for example, you are looking to secure coverage for a company and they have greater exposure on the business interruption side than for a data breach, you might want to see if you can adjust limits within the policy to better serve them under those risks that are actually relevant to their business operations," says Marc Voses, data privacy and cybersecurity partner, Clyde & Co.

3) Maximize benefits. In offering the best possible coverage, agents should look to the extent a carrier offers additional services and can assist a policyholder to mitigate any threats.

“What is the value you're getting out of the insurance contract beyond coverage? The value you're getting around risk management services is a valuable addition, particularly in an area where claims frequency and severity is increasing," Ram says.

4) Be a conduit. By pairing a client with a carrier that has best-in-class claims handling, agents can position themselves as a partner when a cyberattack occurs. Desirable claims handling services include “negotiation in the event of ransomware, post-incident remediation and even facilitating customer notifications in the event of a data breach, which is a lot for a small business owner to navigate alone," Guerrant says. “Agents can help ensure clients make sound decisions during a stressful time and provide the peace of mind many clients seek when choosing an independent agent."

Olivia Overman is IA content editor.