Struggles Presented by NCBI

Understanding Cyber Insurance: A Guide for Business Owners

NCBI

Share episode

In the fast-paced world of entrepreneurship, every challenge feels like a mountain to climb. Welcome to Struggles: Navigating Challenges, Together, the podcast that shines a light on the common problems entrepreneurs face across all industries and provides the guidance to overcome them. Hosted by business expert Kent Iler, each episode dives deep into the real-world stories of entrepreneurs who have tackled obstacles head-on. Through expert insights and practical solutions, Kent and his guests equip you with the tools you need to navigate your business journey successfully.

From leadership tips and scaling challenges to financial management and innovative problem-solving, you'll find valuable lessons and actionable advice tailored to today's entrepreneurial landscape. Whether you're a startup founder or a seasoned business owner, this podcast is your go-to resource for turning struggles into successes.

In this episode of "Struggles," Bill Brooker from Brooker Insurance Agency discusses the complexities of cyber insurance, a crucial yet often misunderstood aspect of business security. Bill, a seasoned insurance agent, emphasizes the vital partnership between cybersecurity and cyber insurance, advising listeners to ensure their cybersecurity measures are robust before seeking coverage. He outlines the key steps businesses should take, from consulting knowledgeable insurance agents to honestly completing applications with accurate information. The discussion highlights various types of cyber insurance coverage, such as social engineering fraud and cyber extortion, and underscores the importance of understanding policy terms and conditions to avoid denied claims. Through detailed guidance, Bill aims to educate business owners on navigating the challenging landscape of cyber insurance to protect their operations effectively.

Key Topics Discussed in This Episode:

  1. Introduction to Cyber Insurance [00:00:00]
    Kent Iler highlights the importance of working with knowledgeable agents in the ever-evolving field of cyber liability insurance.
  2. Guest Introduction: Bill Brooker [00:00:54]
    Meet Bill Brooker, a 17-year veteran of the insurance industry and a commercial insurance specialist.
  3. The Importance of Cybersecurity in Business [00:02:10]
    Bill discusses why getting your cybersecurity house in order is essential before applying for cyber insurance.
  4. Filling Out a Cyber Insurance Application [00:03:35]
    A step-by-step guide on how to complete the application process with your IT team and insurance agent.
  5. Breaking Down Cyber Insurance Policies [00:06:51]
    Bill walks through different types of cyber insurance coverages like funds transfer fraud, cyber extortion, and reputational harm.
  6. Understanding Policy Terms and Definitions [00:11:46]
    Learn about terms and conditions that could affect your coverage and what to watch out for.

Tune in, subscribe, and share Struggles: Navigating Challenges, Together with others who might benefit. Your journey as an entrepreneur is challenging but rewarding, and we're here to ensure you never have to navigate it alone. Would you like to share your story or discuss a challenge you've faced? We'd love to have you as a guest on a future episode!

Keywords: Entrepreneurship, Business Struggles, Leadership Tips, Scaling Challenges, Financial Management.

Let us know what you are struggling with as a business owner

Support the show

We work with obviously a lot of different clients. We've got over 250 clients and we see all types of different insurance agents because cyber liability is a fairly new policy and there are some that have never worked with it before. So making sure you've got someone like Bill that understands this is huge. And if you go back to your agent and you ask them about cyber liability and they don't know, that's a good sign that you need to find someone that does know. And so there are a number. We have had several clients that do have great agents. We have some that have never sold a cyber liability insurance policy. And those are the ones you've got to be careful with because if you're trusting them to cover you and they don't know it inside and out because it is changing, those are things that is really putting your company at risk. Welcome to another episode of Struggles presented by ncbi, the podcast where we navigate challenges together. Thank you, guys. Just to introduce myself, I'm Bill Brooker with the Brooker Insurance Agency. I've been a licensed insurance agent for 17 years. Four of those were as a student at the Ohio State University. Five of those years I worked at Grange Insurance as a property claims adjuster in their claims department. And then the last eight years has been at our family agency in Strongsville as a commercial insurance specialist. Typically, I'm working with small to mid sized businesses under 100 million in revenue. I've been published in Rough Notes magazine. I'm the chairman of the carrier relations committee for the Ohio Independent Agents Association. But most importantly, I'm the fourth generation of my family to work at our agency. My great grandfather started our business in 1938 after the family farm had to be sold during the Great Depression. And I just think that it's important to remember where you come from. And today we're four generations later and going strong as ever. To kind of give you guys a roadmap here of how this process works, it's important to recognize that cybersecurity and cyber insurance really are a partnership. It has to happen in tandem. We really need both sides of the coin to really complete the puzzle. So step one, I tell people, is you have to get your cybersecurity house in order. I will really not even give you a cyber insurance application unless I know you either have in house it that's handling your security or you're working with an MSP or a third party partner that's handling it for you. Because if I hand you a cyber insurance application and you don't have either of those things. You're not going to be able to fill it out. You're going to be tempted to make things up that you don't have. It's just not good to start with the insurance side. So get things taken care of on the security side first before you dive deep into the insurance piece. Step two is you need to call your agent. Hopefully you have on a first name basis with them. As a business owner, this is what they're there for. They should be able to answer your questions and say, hey, I've heard some horror stories about cybersecurity. I know that I need to be protected if something were to happen. Can you show me some options and show me some quotes for cyber insurance? Step three and step four is what I'm going to focus on mainly today. It's completing the cyber insurance application with your agent and your cybersecurity team. It's important that both of those entities are involved and it's important that you are involved. Step four, the insurance agent is going to come to you with hopefully a few options for quotes and you're going to review those quotes with your agent and then ultimately purchase coverage. And then five would be to stay engaged. It's not something that you buy once and then forget it. You should be. When you do your regular insurance review, ask about cybersecurity. Ask about the guy down the street that had a breach. Ask those types of questions of your insurance agent. It doesn't have to be, you know, every quarter you're talking to your insurance agent about this. But as things come up, please call them, talk to them, stay informed. So we're going to jump to step three. Let's assume that you know, you got your house in order, you called your insurance agent, they've handed you this application, you work with your agent. So hopefully your agent didn't just give you an application and say figure it out. Work with your agent and your IT team to complete the whole application. So if you there are going to be things on there that are IT related, you are not going to be able to answer because you know you have your IT team handle that. There are also going to be questions that you have to answer because your IT team doesn't know the answer to them. It could be total number of employees, it could be total amount of revenue, those types of business related questions. Your IT team probably doesn't know the answer to those. So it's, it is a team effort and the questions are sometimes difficult to interpret. So a big Problem in cyber insurance is the lack of standardization. They have the same application for a $2 million revenue business as they do a $100 million revenue business. So they're trying to really get an idea of who you are while keeping the number of questions to a minimum. You'll laugh when you hear me say a minimum because it's a pretty lengthy application, but they're trying to make it so that it's accessible to people. You need to answer every question honestly. Claims are denied based on people providing false information on these applications. If you don't have MFA yet, don't check that you do, because, oh, yeah, I'm going to get that in a few months. Because when you don't and then your cyber insurance company comes and they said, hey, where's your mfa? You said that you had this, and you're like, yeah, I never got around to it. There's a really good chance that your claim could be denied because of that. So answer them honestly. When in doubt, play it safe. Explain to your insurance agent, hey, I was kind of between these two items. I'm not sure exactly how much credit. How many credit card numbers I actually have on file. I think it's around this number. Talk to your agent about that. They'll work with you. They should be able to explain where you should be. Keep in mind that these questions are going to be somewhat difficult to answer. Ask your insurance agent for clarification. They can always go to the underwriters and provide more information. Lastly, I say eat the frog. That's just a phrase that I use about, you know, get the tough thing done. You know, you're not going to want to fill this application out. Okay, I get it. When it's on your mind, do it. Okay. Get it done. It's the part. Once this part is over, it's all on your insurance agent and the underwriters to put the quotes together. This is the difficult part. Just get it done. One of the best things now, though, is depending on your level of risk, some of them actually don't have a lot of questions. Right, right. That's a good thing. It's coming down and also depends on the limits that you're purchasing and things like that. But we know that it's a burden. We're trying to get some more standardization in the market. But just bear with us because it is a very evolving field. Okay. Once your insurance agent comes to you with quotes, a lot of people say, I, quote, unquote, have cyber insurance. What is cyber insurance? The reality is that Cyber insurance is an umbrella term to really describe, you know, a dozen or so different types of insurance policies that are under there. Okay, I'm going to talk about some of them that you maybe have heard before, some of them maybe not. But really it's. You don't necessarily buy cyber insurance. You buy funds transfer fraud insurance and you have a specific sub limit for that. You have social engineering fraud. Sometimes insurance carriers, you know, lump those into the same limit. Sometimes there's different limits for those, but that's coverage for fraudulent transfer of funds. They talked about social engineering. Somebody you know in your office gets an email, oh, hey, can you send, you know, $350,000 for this construction project to this new account we're using? They send it over. Turns out that was somebody that was in your email watching every interaction. They have the logo of the construction company and next thing you know, that money's gone. So definitely be aware of that. Whether you're doing transfers of $5,000 or$350,000, you're at risk. So just make sure that you check that. Sublimit, Cyber extortion and ransom. It's coverage to pay the ransom. If your system is hijacked and you're locked out. One of the things that I'll just mention on here, pay attention if your policy is pay on behalf of or reimbursement, okay? They may lock you out and say, we want you to send us 2 bitcoin to this account. If you don't have a bitcoin wallet, okay, what are you going to do? You're going to have to take money from your bank, create a bitcoin wallet, move the funds into there, then move it into the account that they're demanding that you put it into. That's gonna take time if you're a manufacturing operation. If you need to be running constantly, that's additional days that you're down. So just know that if your insurance policy is on a reimbursement basis, you are gonna be expected to pay that ransom if it's ultimately determined that you need to. If your policy is pay on behalf of, that means the insurance company is gonna say, hey, we just wanna get you up and running. We're gonna pay that upfront once it's determined that it's a worthwhile expense. So those are the little terms to just pay attention to when you're evaluating this and ask your insurance agent about that contingent business interruption. So again, people are so focused on themselves. Do you have a vendor that if they went down because of a Cyber attack, you would be in bad shape. Is that a bottleneck in your business that some CRM company that you work with, it could be a material supplier that you're dependent on. Okay, if they went down, what would the impact be on your business? It's hard to get limits on this, but it's a significant risk that you should be aware of. You can't control whether they have an attack, but if they have an attack, it's going to impact your business. You want to get paid for that lost downtime if that happens. Reputational harm. So this is one that's a little bit scary because the coverage isn't great that you can get for this. But if you had to send a letter out tomorrow to all of your customers saying that their personal information has been compromised and that you were the responsible party, how many of those customers are going to come back to you? Okay, you're going to lose a lot of customers in these situations. It's not pretty. It's why the return rate for small businesses is so bad. You want to get as much coverage as you can. This reputational harm extends your business interruption insurance to handle, you know, customers leaving because, you know, your reputation has been tarnished because of this. There's going to be, you know, PR money available within the insurance company. They're going to try to help you retain customers as best as possible. But the reality is that, you know, what would you do if you found out your bank, for instance, you know, lost all your personal information? You'd probably change banks. It's a similar situation with our customers. Unfortunately, like I said, coverage is very difficult to get for this. But it's something that if you feel you're particularly at risk for, you should ask your agent, what's my reputational harm? Sublimit? What's the period of indemnity? And are there any stipulations? Some insurance companies will only pay if there is a news article written about you that specifically names you as. As someone, because then they can kind of point to that adverse publication. Other insurance companies don't require that. So maybe those are things that maybe ask your insurance agent about. Lastly, I just kind of put in here, you know, terms and definitions. These insurance policies have terrible terms and definitions. Okay. I'm not going to sugarcoat it. You absolutely need cyber insurance coverage, but it's not as broad as your general liability coverage or your property insurance. Okay. It's very. There's very difficult to read interpretations of the definitions. Just make sure you're working with an insurance agent that's willing to get into this with you. Because a lot of them, a lot of insurance agents out there just don't give it the time of day, which is really unfortunate. But there's, you know, software update penalties. There's, you know, insurance contracts that say if you're not updating your software every 30 days and it goes into day 35, your coverage gets cut by 50%. And then every day following that, it gets worse and worse. There's double deductibles, where you may think you have a $2,500 deductible, but actually, you know, that's just the first deductible. Then you also have one for a ransomware attack, or you also have a different one for social engineering. So be aware of that. Short periods of indemnity, for example, on reputational Harmony, they may say, yes, you've got a million dollars of reputational harm coverage, but your period of indemnity is only 30 days, meaning that you only get to collect on business that's lost in the first 30 days of an attack. And it might take you 30 days to even figure out how to get your arms around this thing. So just be aware of those terms and conditions. They're predatory. It's very difficult. 27% of cyber claims that are filed are limited in part or in full because of some exclusion or term that's in the policy itself. So just, you know, be smart. Rely on your insurance agent to help you with that. Buy the coverage, but know that, you know, you need to do certain things. 50% of people that buy cyber insurance need to make some sort of material change to their cybersecurity in order to even be eligible. So just be aware. That's why I tell people, you know, start with these guys, then come to me. Because it's just, it's coverage that, you know, is difficult to get. You gotta have your house in order in order to entertain it. Thanks for tuning in to this episode of Struggles presented by ncbi where we navigate challenges together. Don't forget to subscribe, listen and share this podcast with others who might benefit. We'd love to hear about the struggles you're facing or have overcome, and we'd be thrilled to have you as a guest on a future episode. Let's continue this journey together.