The increase in cyberattacks presents an opportunity for proactive agents to help mitigate the potential cyber threat to their clients.
Independent insurance agents are stuck as the bearers of bad news during commercial insurance renewals: The direct threat of cyberattacks, the costs of response and remediation, and the premiums to insure against them have all increased dramatically.
2021 saw a 15% increase in incidents—that is, violations of security policy—and nearly a 25% increase in material breaches—unauthorized access that results in theft or leak of data—reports global researcher ThoughtLab in its 2022 cybersecurity benchmarking study.
The average cost of a U.S. data breach in 2022 is $4.35 million, an almost 13% increase over 2020, according to the Ponemon Institute in its annual “Cost of a Data Breach Report" for IBM Security. Meanwhile, insurance broker Gallagher reports that the median rate increase for cyber coverage was 37% in the first quarter of 2022.
Nevertheless, this adversity presents an opportunity for proactive agents to help mitigate the potential threat that cyberattacks represent to their clients.
Inspiration from Health Care Companies
Borrowing from a health insurance concept, one approach is for agents to help clients instill a culture of cyber wellness. Just as businesses have introduced proactive measures to incentivize healthy lifestyles, such as eating habits, exercise and regular doctor checkups, the same approach can incentivize companywide cyber wellness practices.
The successful cyber health incentive program will employ the principles of andragogy, or the study of adult learning, as developed by Malcom Knowles in the 1970s. Andragogy is based on six central assumptions, among them:
- Adults best learn what matters to them, and what matters are their here-and-now tasks. Employees must understand both the rewards of the cyber wellness program and the consequences to them personally should a cyber breach occur.
- “Why" is the adult motivator. The cyber wellness program must answer these questions: Why do I need to know this? Why is it valuable to me?
- Adults are less motivated by exterior pressure. Distributing “cyber-brochure-ware" or a set of “thou shalt not" cyber commandments will not meaningfully motivate employees.
- Adults tend to be self-directed, independent learners. This means allowing employees to learn cyber hygiene in their own way, at a time that suits them and by a means that is experiential in nature.
Creating a Human Firewall
Many businesses hire cyber threat prevention firms to assess their cyber protection and provide recommendations. They tend to focus on IT system-related aspects, but changing human behavior is the make-or-break mission. Once an assessment is complete, cyber awareness training and incident prevention exercises must become the foundation of the cyber wellness program.
Consistent with Knowles' teaching, the staff must understand how the assessment's recommendations fit within the organization's operations. Their training must illustrate in an understandable way that firms that embrace solid cyberattack-deterrence practices have fewer cyber-related events. Enterprise progress should be measured using behavioral analytics, and employees should feel encouraged and rewarded as cyber wellness increases.
Insurance agents that provide workers compensation insurance are aware of how their manufacturing clients often post notices in the factory touting the number of days since the last workplace accident and celebrating milestone achievements. The same concept can apply to cyber wellness.
When your clients develop healthy cyber habits, there will be better outcomes. A successful culture of cyber wellness incorporates actionable and reasonable preventative steps that companies can take to empower their human firewall.
Bill Haber serves as co-founder of at TEKRiSQ Inc., a Ponte Vedra, Florida-based cybersecurity firm. He is a technology startup veteran and helps small and medium-sized businesses and their insurance teams to streamline foundational cybersecurity practices. Haber is a regular contributor to cyber insurance and cybersecurity periodicals, and he serves on the Security Issues Workgroup at the Big “I" Agents Council for Technology.