Pssst.. let me share with you a story...

I remember the first time my father taught me how to ride a bike, how to shoot a basketball, and how to sell cyber insurance. Most of these firsts are classic father and son endeavors but selling cyber insurance!?

My father founded his insurance agency in 1972 and this year celebrated 50 years of insurance excellence and success. But it was only in 2016 when he started offering his small and middle market business (SMB) clients cyber insurance solutions. He was quite frustrated with the initial results as the application process was very technical and the customers did not really understand the need, how much they needed to buy or how they can get better terms.

After I got a phone call from my father asking for help on the matter - we drove to one of the firm's clients - a small private university about 20 minutes out of town to meet with the head of IT. He did not seem happy to talk about cyber. They were already insuring property and liability insurance through my father’s agency but the CFO asked for cyber insurance after suffering not one but two (!) ransomware events within the previous 12 months. It was a very difficult moment for the university and they realized that they must find some financial protection for a possible third attack and a service that will help them to restore operations. My father thought it would be a good idea to take me along given my 20 years of experience in cyber security and was hopeful that together we could finally crack the process and help the customer get the policy they needed so much.

Indeed, the cyber insurance application form was full of technical questions about firewalls, encryptions, SOC, NAC, backups, training, patch management, PII, third-party vendors, and many, many more. Multiple application pages put both the broker and the customer at a big disadvantage. Some of the questions, even for an IT person were difficult. Keeping in mind that this was a small educational institution, with a relatively limited IT budget, already hit by two events, and with little or no understanding by the IT person of what cyber insurance could or should cover, you can imagine that the meeting, to say nicely, was challenging.

“We don’t need Cyber Insurance”, he suddenly told us. I was surprised. “I know my job and we have never seen any data stolen, only ransomware”. Clearly he did not understand the potential financial impact an additional cyber attack may have on his business, including financial fines, third-party lawsuits, data restoration costs, notification costs, and more.

I got a couple of lessons from this meeting. First, SMBs generally have no knowledge regarding the cyber risks posed to their businesses, how to deal with them or how much they could actually cost them. Second, very few insurance brokers are cyber experts, and they need a tool to help them mitigate this gap to be able to effectively convey cyber to their customers. In this case, the broker did not have the tools at his disposal to explain to the customer how financially dangerous the situation was and what will happen if their data were to be stolen, manipulated, or deleted, for example.

I remember going back to my office and thinking how different the cyber risk management environment is for an SMB compared to a corporate cyber security department. SMBs do not usually have the budget, tools, HR, access to data, or a clear idea about cyber risk in the modern age. It is a shame I thought to myself. There needs to be a way to explain cyber risk with a simple report, in a way that would make visual sense and resonate with both brokers AND customers. This tool should enable the broker to propose an appropriate cyber insurance policy, by conveying graphically to the customer their actual risk exposure and help them improve their security posture at the same time. Such data was usually available only to large corporates.

I knew it could be done and stayed up all night, trying to build an example report for that specific customer, collecting data from all around the internet about the applicant. I searched, compiled, analyzed, and synthesized cyber intelligence, attack surface information, security controls (or lack thereof), vulnerabilities, business data, information from the dark web, and more, all gathered into a one-page risk report. This is the stuff that is available to large corporates, but SMBs would usually not be able to get their hands on it because it’s expensive, and complicated to understand and they would have no idea where to start from. I crafted a one-pager containing the data with basic explanations.

I was elated but something was missing I thought to myself. It was almost morning, and I turned on the TV to watch the news to take my mind off the problem for a moment. The news was really just background noise until I heard the newscaster say: “A fire rambling in northern California, damages in the hundreds of millions affecting homes and businesses alike”. It was the missing piece; We needed to provide an estimate of the economic impact a cyber attack would have on their business, not just the technical data. Predictive analysis for each business on the potential dollars that would be lost in case of a breach.

When we presented these findings to the University’s management a week later, uncertainty and doubt faded away and they bought the policy, but not before adding a few essential security measures which were recommended as part of the report.?The CFO said this was the most compelling presentation regarding the need for cyber insurance he has ever seen. They were convinced and the policy was purchased.

From this “homemade” solution it took some time, about two years to be exact, but with the help of my colleagues and our investors at Cyberwrite, we developed the platform that can now research, analyze, calculate and communicate cyber risk clearly and quickly to business owners and enable brokers to sell them cyber insurance in real-time. The platform is now used by brokers in the US, Italy, France, Germany, the UK, Australia, New Zealand, Singapore, India, and about 20 other countries to analyze cyber risks and sell cyber insurance to SMBs with speed and simplicity in a language they can understand.

In addition to the brokers utilizing this unique platform, some of the world’s largest carriers and reinsurers are utilizing the platform to support underwriting decisions and collect data for catastrophe and accumulation modeling. Using our API they get real-time data about any applicant or insured in real-time and on-demand.??

Since our initial launch, we have added automated security recommendations for risk improvement, drill-down into technical findings, dedicated underwriting algorithms, risk benchmarking, and API access. Today, a broker can request a Cyberwrite report for any company, worldwide, and within a span of a couple of minutes, a tailored report will be available branded with the broker’s logo, comparing the risk of the company to industry peers, presenting key findings, and predicting the potential economic impact of a cyber-attack, based on what happened to other companies in the same business sector as well as simulate the costs of breach response; not an easy task. The risk analysis AI algorithms R&D is orchestrated by Rami Parient, who previously served as a Chief P&C Actuary for 15 years and the Chief Risk Officer of an insurance group for 5 years, and as a University professor of statistics in the early years of his professional career.

There are a few things that make me happier than onboarding a new insurance broker to our platform, and getting their feedback after a few weeks. “We love the simplicity and the fact we can use it to sell any type of insurance, not just cyber”, said one broker, while another mentioned, “our customer wants to understand the bottom line of the potential damage, how much a breach could cost them. That’s what they want to know and that’s what Cyberwrite gives them”. My favorite however was a broker with 45 years of experience that told us “I never thought I would be able to sell cyber, but using this platform I am”.

Recently, Cyberwrite launched a new offering: a combination of a policy + technology + cyber health. US brokers get an annual perk worth over $50,000, through access to the Cyberwrite platform when selling Cyberwrite policies. Such access was previously available only to large carriers and brokers on a fee basis. Now even the smallest brokerage operation can get access and even better than that, each customer that's insured through Cyberwrite is monitored and alerted during the policy period to help prevent a possible breach. If we see something we say something, that’s us, and we don’t charge you extra for it either.

It is now easier than ever to sell cyber insurance, help customers manage cyber risk, quote, bind, and issue new policies in less time while selling more policies. Cyberwrite is currently issuing more than 250,000 cyber risk profiles for businesses a year.

For me, insurance is not only about large multinational conglomerates in need of 400-million-dollar insurance limits. It is about the mom and pop who needs a BOP and someone to help them navigate the complexities of cyber risk. Today more than ever they need Cyber insurance policies to protect them in the digital age and this is what Cyberwrite is here for.

Join our family of brokers –?[email protected]??

Read my previous post on Five Cyber Insurance Predictions You Should Know About for 2023