Cyber: Client objection tips

We’ve put together some of the most common client objections along with key talking points to help you respond in handling each.

Cyber Article 1 min 15 Feb, 2024

 

By now, you may have spoken to your clients about their cyber exposures and perhaps even presented a quote for coverage. But they still aren’t convinced.

To help you explain their cyber exposure and the value of cyber insurance as a form of protection, we’ve put together (and updated for 2024) some of the most common client objections along with key talking points to help you respond in handling each.

  1. We don’t need cyber insurance. We invest in IT security…

    When a business puts locks on their doors to reduce the chance of theft or installs sprinkler systems to mitigate the risk of fire, they will still usually purchase property damage insurance in case those precautionary measures fail. The same point holds true when it comes to cyber security. Investing in IT security is a great precautionary measure, but hackers can often bypass security measures and exploit human error.  Cyber insurance is there to act as a valuable safety net in the event that these measures fail to prevent an attack.

    Theft of funds, ransomware, extortion and non-malicious data breaches are often caused by human error or an oversight like losing a laptop or clicking on a phishing link, which then allows cybercriminals to access your systems.

    Ultimately the cyber landscape is everchanging and no matter how much a company invests in IT security, they will never be 100% secure. Cyber insurance is there to add another layer of protection and respond in the event that the worst happens.

  2. We outsource all of our IT, so we don't have an exposure...

    Unfortunately, using a third party for IT doesn’t eliminate your exposure.

    If you outsource your data storage to a third party and that third party is breached, you will still likely be responsible for notifying affected individuals and dealing with subsequent regulatory actions.

    What’s more, many businesses rely on third parties for business-critical operations, and should those providers experience a system outage caused by a cyber event or system failure, it could have a catastrophic effect on your ability to trade, resulting in a business interruption loss.

    Most third-party technology service providers have standard terms of service that limit their liability in the event that a breach or system outage causes financial harm to one of their clients.

    Most cyber insurance policies will extend to cover data and systems hosted by third parties, as well as business interruption losses caused by system outages at third-party IT providers.

  3. We don't collect any sensitive data, so we don't need cyber insurance...

    You don’t need to be collecting sensitive data to have cyber exposure. In fact, any business that relies on computer systems to operate, whether for business critical activities or simply electronic banking has a very real cyber exposure. 

    Two of the most common and costly sources of cyber claims are ransomware and funds transfer fraud.
    Funds transfer fraud is often carried out by criminals using fraudulent emails to divert legitimate fund transfers to their own accounts, while ransomware can cripple any organization by encrypting or damaging business-critical computer systems.

    Neither of these types of incidents needs to involve a data breach, but both can lead to severe financial losses which are insurable under a cyber policy. 

  4. Cyber attacks only affect big business. We’re too small to be a target…

    Cyber attacks impacting large companies tend to make the news, but just because cyber attacks on small businesses are less newsworthy doesn’t mean they aren’t happening. In fact, the majority of cyber attacks are aimed at small businesses.

    Cyber criminals see smaller organizations as low-hanging fruit because they often lack the resources necessary to invest in IT security or provide cyber security training. Ultimately, cyber criminals will target the most vulnerable companies, not just the most valuable.

    Cyber insurance is a great solution for smaller organizations because not only does it provide financial protection against the growing number of cyber attacks on these businesses, it also provides access to a whole range of technical and legal experts who are effectively on retainer to the policyholder through their purchasing of a cyber policy, which many small businesses might not otherwise be able to afford. 

  5. Cyber is already covered by other lines of insurance...

    Cyber cover in traditional lines of insurance often falls very short of the cover found in a standalone cyber policy. While there may be elements of cyber cover existing within traditional insurance policies, it tends to be only partial cover at best.

    Property policies were designed to cover your bricks and mortar, not your digital assets; crime policies rarely cover social engineering scams - a huge source of financial losses for businesses of all sizes - without onerous terms and conditions; and professional liability policies generally don’t cover the first-party costs associated with responding to a cyber event.

    A standalone cyber policy is designed to cover the gaps left by traditional insurance policies, and importantly, comes with access to expert cyber claims handlers who are trained to get your business back on track with minimal disruption and financial impact.

  6. Cyber insurance is too expensive...

    The cost of cyber insurance is influenced by the increased severity of cyber claims and the innovative risk management services that come with the policy, making cyber insurance one of the best investments any business can make.

    The size of ransom demands in particular has grown exponentially in recent years. Then there’s the business interruption loss to consider, as well remediation and recovery expenses, legal fees, regulatory harm, and so on. 

    Given the significant financial losses organizations can be faced with, it’s no surprise cyber risk is a top business exposure - with cyber insurance key in mitigating this risk.

    More than offering cover for financial loss, cyber insurance gives you instant access to a wide range of technical specialists expert in helping businesses quickly recover from cyber events. At CFC, our cyber security team works around the clock to monitor, detect and prevent cyber attacks from happening in the first place.