Brokers Packaging Cybersecurity with Cyber Insurance
Insurance retailers are teaming up with tech wizards to sell cybersecurity along with cyber coverage as a means of trimming premiums and winning over customers in a vastly underserved market: small and mid-sized businesses.
Coalition, a San Francisco managing general agent, last week announced that it will cut policy deductibles in half, up to $10,000, for customers that implement multi-factor authentication to protect business email.
Next week, another San Francisco brokerage, Zeguro Cyber Safety, will announce the launch of a service that allows customers to find out how much cyber insurance will cost if they do nothing, with the option of reducing the premium if they sign up for Zeguro’s cybersecurity training, monitoring and compliance platform.
The need for cybersecurity for small and mid-sized organizations was made clear in August when 20 Texas municipalities were hit by ransomware attacks. Earlier this month, the Oklahoma Law Enforcement Retirement System announced that hackers stole $4.2 million from its pension fund for state troopers and other law enforcement officers.
A report released in June by AM Best, quoting research from Hiscox, said only 14% of SMEs had cyber policies, up from 2% in 2014. The total number of policies is force increased to 3 million at the end of 2018, up from 2.6 million the year before, according to AM Best.
The total number of cyber claims increased 39% in 2018 and exceeded $10 million for the first time. AM Best said that is evidence that a growing number of small and medium sized enterprises are purchasing cyber insurance.
Shawn Ram, head of insurance for Coalition, said coupling cybersecurity services with insurance is the best way to reach the small to mid-sized market. The incentive that Coalition announced last week to customers who implement multi-factor authentication is latest in a package of lures that encourage policyholders to take an active role in cybersecurity.
Although Coalition is only an agent, it actually writes the policies that are underwritten by Swiss Re. For example, suppose hackers shut down a flower shop’s computers shortly before Valentine’s Day in what is known as a denial-of-service attack. A typical policy would pay business interruption costs until for losses starting from eight to 12 hours after service was denied. Ram said Coalition can write a policy to start coverage for losses as soon as one hour after a denial of service attack.
Ram said 75% of Coalition’s employees are engineers, and the majority of them are former employees of the Central Intelligence Agency and the National Security Administration.
“We look at cyber as an adversary and that’s how we underwrite,” Ram said.
Ram said Coalition can offer the enhanced coverage because it constantly monitors the Internet to protect them. The company monitors domain names to see if any websites are created that mimic its customers’ domains. For example, to launch a spear-phishing attack against Abracadabra Flowers, a hacker may create an Abricadabra Flowers website. Ram said that would generate an alert warning its customer to be on alert for suspicious emails.
Ram said the dual-factor authentication incentive is an easy fix that will block 99.9 percent of automated cyberattacks. Business email accounts for 36% of claims by Coalition policyholders,with an average loss of about $160,000. The company, citing research by Duo, said 28% of people use multi-factor authentication to protect their accounts.
By comparison, Zeguro’s approach looks more like a conventional cybersecurity service, with a unique tie-in to a brokerage that sells Munich Re cyber policies. Zeguro sells its cybersecurity services separately, but offers an opportunity to purchase coverage at a discount.
“By using technology like web app monitoring and tailored compliance in our cyber safety platform, we can lower cyber insurance premiums for an organization based on their unique, evolving, company profile,” said Ryan Sommer, Zeguro’s public relations manager, in an emailed statement.
None of the company’s executives could be reached for comment last week. California Department of Insurance regulations show that the company was licensed as a broker-agent in 2016.
The company’s website says its Cyber Safety Package includes a cybersecurity skills assessment and targeted training for all enrolled employees. The company also performs ongoing monitoring to control security and offers helps customers stay in compliance with cybersecurity regulations.