Over the past decade, the shift towards conducting business online has been transformative for small and mid-sized enterprises (SMEs). And it’s set to grow exponentially – as a Capital One shopping report predicts global e-commerce retail sales to reach an estimated $6.31 trillion by the end of 2023.

But the digital landscape doesn’t come without new challenges and cyber insurers are now actively collaborating with brokers, to help combat cyber risk for their SME clients. SMEs are increasingly becoming targets for cyberattacks, as hackers recognise the potential for financial gain from data breaches. According to a Verizon study, 46% of cyber breaches impact companies with less than 1,000 employees. And without the cybersecurity resources of their larger peers, SMEs are perhaps more at risk and under greater pressure to protect themselves adequately.  

While the primary responsibility for assessing and managing cyber risk lies with the cyber insurer, brokers have huge potential to be catalysts for change, particularly in advocating risk management and cybersecurity as a strategic investment. But without taking a holistic, risk management-focussed and future-proof approach, they can leave their clients wide open to the evolving costs and consequences of a cyber incident.

The 4-stage cybersecurity framework for brokers to truly protect their customers against risk

Harnessing the collaborative nature of the broker-insurer relationship will be the key to navigating the complexities of the digital landscape and effectively managing cyber risks. With this in mind, the following 4-stage approach will ensure SMEs are protected for today and the future:

1. The Foundation – education

In order for brokers to protect their SME clients, they need to understand the risks and the significance of anticipating potential threats before they materialise. While the insurers and business’s CISO or risk managers bear the primary burden of evaluating and managing cyber risks, brokers play a part in educating their clients about cybersecurity best practices, and can suggest the tools and guidance needed for proactive risk assessment.

Cyber insurers are able to provide risk analysis or reports for each insured, organise training sessions or leverage educational tools and content from webinars to enhance the awareness and preparedness of SMEs. Topics such as recognising phishing attempts, securing sensitive information, and implementing basic cybersecurity measures are foundational to building a proactive framework and defence. 

2. Hyper-personalisation – solutions crafted for unique business needs

Proactive cybersecurity isn’t just an expense; it’s an investment in financial protection. A comprehensive risk assessment tailored to the specific needs and vulnerabilities of the client is a good place to start. To make this happen, cyber insurance providers can actively assist brokers in assessing the nature of a business, the sensitivity of the data it handles, and the effectiveness of existing cybersecurity measures. Again, it’s a collaborative effort that enables the development of customised solutions tailored to meet the specific needs of clients, ensuring a comprehensive and well-informed approach to cyber risk management.

With the insights gained from the risk assessment, insurance brokers can then work hand-in-hand with underwriters to craft a policy that provides coverage that is adapted to the size and industry of the client. Policies should reflect specific needs and cover both financial damages and the effects of reputational harm, for instance.

3. The After Effects – response and damage control

Beyond crafting policies, brokers should collaborate with insurance partners to assist clients in developing and implementing robust incident response plans, while helping ensure  employees are well-versed in cybersecurity.

Establishing a clearly defined incident response strategy—complete with designated roles, communication protocols, and thorough testing before any incident occurs—enables businesses to minimise downtime and expedite recovery from cyber incidents. Given the potential for significant financial losses, brokers should guide clients in comprehending the financial implications of various scenarios, ensuring preparedness for potential aftermaths. Good quality cyber insurance providers offer complimentary incident response plans, so setting up communication between SMEs and their insurers to develop a robust plan will set them up for success. They can also provide assistance to legal and compliance teams in navigating evolving digital protection laws through regular delivery of educational content and bespoke alerts. 

Considering the human error factor in many cyberattacks, particularly ransomware, promoting employee awareness regarding passwords, public Wi-Fi usage, multi-factor authentication (MFA), and security software is also paramount. Brokers can suggest enrolling employees in cybersecurity awareness training courses as an effective means of safeguarding the business against future attacks. Alongside training, recommending tools that offer real-time, continuously generated recommendations to address cybersecurity weaknesses and identify opportunities for risk improvement can further mitigate potential risks.

4. Preserving Trust – continuous monitoring and updates

Since the cybersecurity landscape is ever-changing, brokers should partner with insurers that have established mechanisms for continuous monitoring of their clients’ cybersecurity posture that will help these businesses stay ahead of potential risks and adopt measures to mitigate them. 

Cyber threats are dynamic, and the cybersecurity landscape is ever-changing. Recognising this, brokers should partner with cyber insurers who are staying abreast of emerging threats, updating security protocols, and ensuring that insurance policies remain relevant and effective. Additionally, regular communication and regular planned software updates help their clients stay ahead of potential risks and adopt specific measures to mitigate them. This ongoing response is critical to building trust and developing long-standing partnerships which is essential to maintaining business continuity.

Building Resilience – The path forwards

Operational resilience is increasingly defined by cybersecurity in the modern workplace.  In the face of a progressively sophisticated and persistent cyber threat landscape, SMEs need proactive strategies to safeguard digital assets and maintain the trust of their customers. Insurance brokers are stepping up to the challenge and their roles are evolving. By meeting clients where they are; deeply understanding both the external landscape and their clients’ individual risks and continuously monitoring and adapting strategies to mitigate new threats, brokers are on the offensive in this ecosystem. 

Collaboration between SMEs, brokers and cyber insurers is a cornerstone in building a resilient and secure business environment. Ultimately, brokers will stand as catalysts for change, advocating proactive cybersecurity as a strategic investment.

About the author: 

Simon Hughes is the VP and General Manager at Cowbell. He has over 13 years of experience in the insurance industry. He began his career at Lloyd’s and has since gained valuable experience with the multi-national reinsurer SOVAG and CFC Underwriting. He is a proven leader with a deep understanding of cyber risk and insurance and has been instrumental in driving success in all his previous roles.