Selling Cyber – Creating A Kick-ass Sales Process

The cyber insurance market is booming, making it one of the fastest-growing sectors in the insurance industry. However, despite the increasing threat of cybercrime, many small businesses remain unfamiliar with cyber coverage, underestimating their own cyber risk and its potential consequences, a recent report by CFC estimated that only 15% of SMEs in the UK are buying cyber insurance and a study by the Department of Science, Innovation and Technology in April 2023 found that only 6% of micro businesses and 11% of small businesses buy cyber insurance [1]. These low take up rates present a challenge for insurers and brokers who want to give their clients the best advice, but how do we convert the non-believers?

In this blog post, we will delve into the art of selling cyber insurance, focusing on overcoming objections through the insights and high-level training, delivered by Infoprotect UK CEO, Brad Fraser.

Understanding the Cyber Landscape

Cyber threats are evolving at an unprecedented pace, posing substantial risks to businesses of all sizes. As technology advances, so do the tactics of cybercriminals. Understanding this dynamic landscape is crucial for insurers, brokers and their clients. Beazley reported an easing off on software vulnerability attacks, but business email compromise attacks are up 17% often targeting professional services. In this type of attack your employees are the first line of defence although companies are more commonly introducing multi-factor authentication (MFA). [2]

The first step in selling cyber insurance effectively is grasping the ever-changing nature of cyber risks and the potential consequences of not being adequately protected and then being able to confidently explain this to clients with clarity using relevant examples.

Challenges of Selling Cyber

While the demand for cyber insurance is growing, small businesses often lack awareness of their cyber risk, underestimate the impact of cyber incidents, or face financial constraints that hinder their ability to invest in cybersecurity measures. Overcoming these hurdles requires a tailored and strategic approach to sales.

Being able to effectively handle client objections, in the context of selling cyber insurance, is one of the ways you can improve your sales process. Here are some of the objections we see and how to tackle them;

Cost Concerns

Cyber insurance premiums can be relatively high, and some business owners may find it challenging to allocate funds for insurance when facing other financial priorities.

The case for insurance: Conduct a thorough risk assessment to demonstrate the potential financial impact of a cyber incident. Highlight that the cost of recovery without insurance could be significantly higher than the premiums, the reputational damage is also potentially business ending. Cisco reported that 60% of victims go out of business within 6 months of an attack. [3]

Perceived Low Risk

Some business owners may believe that their industry or business size doesn’t make them a significant target for cyberattacks, leading them to perceive the risk as low. However, evidence suggests that smaller businesses are at risk of an attack, cybercriminals are also targeting smaller companies in the supply chain of larger firms as a way in through the back door.

Many small businesses don’t have cyber insurance simply because they lack visibility into the volume of sensitive information they’re responsible for protecting. The cold hard truth is that they probably have significantly more risk than they think.

Share real-world examples or case studies where cyber insurance played a crucial role in mitigating losses and helping businesses recover after a cyber attack. Concrete examples can make the benefits more tangible. Ask, could you afford not to have access to your computer network, billing systems, email, and phone, at any time?

Our IT Team Have This Covered

Right? Wrong. Many of your clients will have an IT team or person, looking after their day-to-day technology requirements but most IT staff are generalists and while they are great at supporting your network, software, cloud storage and back-ups, few will have the cyber security expertise at a level that it needs to be to avoid something that could trip up a client. Ideally what they need to do is interrogate the environment with a thorough cyber risk assessment, that checks the complete cyber landscape of a business and is not just focussed on multi-factor authentication, password security and back-ups. While these are all important components of a comprehensive cyber insurance strategy, clients can fall into the trap of believing their Microsoft 365 data is secure and backed up when it is in fact up to the users to perform these activities.

Policy Understanding

Cyber insurance policies can be complex, and business owners may find it challenging to understand the coverage details, exclusions, and limitations. The complexity could deter them from investing in something they don’t fully understand.

Create Clarity – Provide clear and transparent communication about the coverage, exclusions, and limitations. Work closely with the business owner to ensure they fully understand the policy and its benefits.

Provide relevant information about cyber insurance and how it addresses the specific concerns raised. Highlight the coverage, risk mitigation, and financial protection cyber insurance offers in the event of a cyber incident. Cyber insurance is only one element of a broader risk mitigation program that you deliver for your client.

Inadequate Coverage

Business owners might be concerned about the potential exclusions or gaps in coverage that could leave them vulnerable to certain types of cyber threats.

The very nature of insurance means that not everything can be covered by insurance, however most insurers now offer customisable policies that address specific risks faced by the business. Working with the client to create a policy that aligns with their unique needs and potential cyber threats is essential to build customer trust and deliver peace of mind.

Risk Mitigation Measures Instead of Insurance

Some business owners may prefer to invest in cybersecurity measures and risk mitigation strategies directly and see insurance as an alternative to that investment.

Emphasise that cyber insurance is not a replacement for cybersecurity measures but complements them. Highlight that insurance can provide an additional layer of protection beyond preventative measures.When we work with clients there is a process of a cyber assessment to view their cyber posture, then a program of remedial work before we collate the risk data for the insurer (our report is often accepted instead of a traditional proposal form due to its comprehensive nature) and then we take the risk to market. It is also important to highlight that a cyber risk assessment is not something that is done once and never again, you should be encouraging your clients to perform regular checks on their cyber security posture to check for gaps or vulnerabilities.

In essence, insurance is just one tool in your cyber security protection program, and insurance is there to stop a bad situation from getting worse. It isn’t going to prevent an attack but can help you recover faster afterwards and with a team of experts to help in your corner.

Lack of Past Incidents

It’ll never happen to me. We get it, it’s difficult to put yourself in someone else’s shoes. If a business has not experienced any significant cyber incidents in the past, the owner might question the necessity of cyber insurance, assuming that they are not likely to face such issues in the future. Sadly, all the stats point to most businesses suffering a loss at some point.

Insurance is a product you buy hoping you will never need it, but we find that stressing the importance of taking a proactive approach to cybersecurity, highlighting that insurance is a safety net for unforeseen events, even if historical incidents are limited. There are some public examples of companies who have been a victim of cyber-attacks available to use as examples.

Adapting Your Strategy to Selling Cyber Insurance

To succeed in selling cyber insurance, it’s essential to adapt your strategy to the unique challenges posed by objections. By addressing each objection with clear and compelling arguments, you can build trust, provide education, and collaborate with businesses to tailor solutions that meet their specific needs.

Examples of Success Stories

Real-world success stories can be powerful tools in your sales arsenal. Share examples where cyber insurance proved invaluable in mitigating financial losses and aiding businesses in their recovery after cyber incidents. These stories add credibility and demonstrate the practical benefits of investing in cyber insurance.

In Summary

Turning objections into opportunities is an art that requires a nuanced approach. By shifting the perspective from viewing objections as barriers to recognising them as entry points for education and collaboration, insurers and brokers can build stronger relationships with clients.

The key is to build the story around the proactive nature of cyber insurance and the role it plays in a comprehensive risk management strategy.

What Next?

For insurers and brokers looking to enhance their cyber proposition, we’re here to help. Contact us to explore how our cyber risk assessment solution can transform your client proposition and help clients build a comprehensive cyber risk management strategy.