How to handle client objections to Cyber Insurance

18 February 2021

With many businesses continuing to operate remotely, the importance of cyber protection is naturally on the radar of brokers across the country when discussing insurance needs with customers. 

By now, you may have spoken to your clients about their cyber exposures and might have even presented a quote for coverage. But perhaps they still aren’t convinced?

In this article, Lindsey Nelson, Cyber Development Leader at our Insurer Partner CFC, looks at six of the most common client objections. To help you explain your clients’ cyber exposure and the value of Cyber Insurance as a form of protection, Lindsey also provides key talking points when handling each scenario.

Objection one: “We don’t need cyber insurance. We invest in IT security…”

If you are met with this kind of a reply from a client, you may want to respond with:

  • You’re still likely exposed. Not only are cyber threats continually evolving to bypass the latest security measures, but even large corporates who spend vast amounts on cybersecurity still routinely get hit
  • People are still the weakest link in an organisation’s IT security chain. Approximately three quarters of the cyber claims we deal with involve some kind of easily preventable human error
  • Theft of funds, ransomware, extortion and non-malicious data breaches usually start with a human error or oversight, such as leaving a laptop on a train or clicking on a phishing link, which then allows cybercriminals to access your systems from the inside.
  • Cyber Insurance is a cost-effective way to not only get access to risk management tools like phishing-focused employee training programs, but also to cover the financial loss if someone makes a mistake.

Objection two: “We outsource all of our IT, so we don’t have an exposure…”

In this case, some key talking points include:

  • Unfortunately, using a third party for IT doesn’t eliminate your exposure
  • If you outsource your data storage to a third party and that third party is breached, you will still likely be responsible for notifying affected individuals and dealing with subsequent regulatory actions
  • What’s more, many businesses rely on third parties for business-critical operations, and should those providers experience a system failure, it could have a catastrophic effect on your ability to trade, resulting in a business interruption loss
  • Most third-party technology service providers have standard terms of service that limit their liability in the event that a breach or system outage causes financial harm to one of their clients.

Objection three: “We don’t collect any sensitive data, so we don’t need cyber insurance…”

In our experience, three handy talking points when tackling an objection like this are:

  • Two of the most common sources of cyber claims aren’t related to privacy at all – funds transfer fraud is often carried out by criminals using fraudulent emails to divert the transfer of funds from a legitimate account to their own, while ransomware can cripple any organization by freezing or damaging business-critical computer systems
  • Neither of these types of incidents would be considered a data breach, but both can lead to severe financial damage and are insurable under a cyber policy
  • Any business that uses technology to operate will have a range of other cyber exposures which a cyber policy can address.

Objection four: “Cyber-attacks only affect big business. We’re too small to be a target…”

In this case, it is worth explaining the reality of how it isn’t always large corporations that are victims of cybercrime. Try responding with:

  • Although cyber-attacks affecting large organizations are most often in the news, over half of all cyber-attacks are aimed at small businesses
  • This trend is continuing to rise. In 2020, 70% of ransomware attacks were against business with under 1,000 employees, and 60% of ransomware attacks were against business making under £50M in turnover
  • Cybercriminals see smaller organisations as low-hanging fruit because they often lack the resources necessary to invest in IT security or provide cyber security training.
  • Cyber Insurance is a great solution for smaller organizations because not only does it cover the growing number of cyber-attacks on these businesses, but it gives you instant access to a number of technical and legal experts needed following a cyber event, but who you might not have in-house.

Objection five: “Cyber is already covered by other lines of insurance…”

If you are met with this objection, it is worth stressing that cyber cover in traditional lines of insurance often falls very short of the cover found in a standalone cyber policy. Therefore, it may leave your clients exposed to risks. Consider highlighting:

  • While there may be elements of cyber cover existing within traditional insurance policies, it tends to be only partial cover at best
  • Property policies were designed to cover your bricks and mortar, not your digital assets; crime policies rarely cover social engineering scams – a huge source of financial losses for businesses of all sizes –  without onerous terms and conditions; and Professional Liability policies generally don’t cover the first party costs associated with responding to a cyber event
  • A standalone cyber policy is designed to cover the gaps left by traditional insurance policies, and importantly, comes with access to expert cyber claims handlers who are trained to get your business back on track with minimum disruption and financial impact.

Objection six: “Cyber insurance is too expensive…”

When met with this response, you will of course want to take your clients’ financial situation into account. However, we would advise explaining that without appropriate cyber cover in place, they could end up spending more rectifying a breach or attack. Some conversation starters include:

  • Cybercrime rates are quickly overtaking traditional crime rates, making cyber risk one of the most pressing business issues of today
  • For the sizeable losses you could be faced with – often in the hundreds of thousands – from stolen funds, lost revenue or considerable clean-up costs, it is worth the extra insurance spend
  • Cyber Insurance gives you instant access to a wide range of technical specialists who are experts at helping businesses quickly recover from cyber events. Policies also come with a range of free cybersecurity tools that you might spend hundreds or thousands on implementing yourself.

The CFC team have also produced a handy guide detailing the six common objections to Cyber Insurance and the key talking points for each scenario. You can download the PDF in the button to refer to when having discussions with your clients.

To find out more about how CFC’s Cyber Insurance can support your clients, please speak to your dedicated Network BDM, who will be happy to assist. 

Share this article