Many additionally face challenges round qualifying for cyber insurance coverage in the event that they fail to satisfy the minimal info safety insurance coverage necessities. And in the event that they do meet insurers’ stringent necessities, many forgo the acquisition of cyber insurance coverage as a result of prohibitive price limitations. Cyber insurance coverage premiums have elevated anyplace from 25-400% over the previous 12 months for insureds with or with out cyber declare historical past.
“The submit to bind ratio [for small business cyber insurance policies] is around two out of 10 – and that’s for companies under $1 billion in annual revenue,” stated Kurt Suhs, founder and CEO of Concierge Cyber. “If only 20% of small businesses buy cyber insurance, what do the other 80% of companies do in the event that there’s a cyberattack? Often, even those that have cyber insurance don’t know what to do, or who to call, particularly if they suffer a ransomware attack.”
Read subsequent: Personal cyber dangers – poor behaviors stay
Suhs – a cyber insurance coverage veteran, who used to steer the cyber divisions of Ironshore and Liberty Mutual – launched Concierge Cyber in 2019 to supply small companies and personal purchasers (with or with out cyber insurance coverage insurance policies) with entry to related info and instruments for earlier than and after a cyber incident happens.
He described the low-cost membership platform as being “like roadside assistance, but for cyber”. Members are assured emergency response to a cyberattack or knowledge breach by a staff of high-quality suppliers, on a pay-as-you-go foundation and at considerably discounted charges.
“Just like cyber insurers, we have a panel of companies, including 20 law firms, 16 cyber security firms, all three credit bureaus, and crisis management firms, and our members receive 35-50% off the street rate for their services,” defined Suhs. “We also provide a ransom hostage manual [which shows users] what to do pre-, during-, and post-ransomware attack. Members get access to 12 security policy templates, and they receive two hours of priority access with an on-call chief security officer.”
While Concierge Cyber is closely centered on incident response, the agency additionally gives pre-loss providers, together with safety consciousness coaching to forestall frequent assaults like enterprise electronic mail compromise (BEC), social engineering, and phishing.
This is especially essential, Suhs stated, as carriers have launched minimal safety necessities – similar to enabling multi-factor authentication for electronic mail and distant entry, and probably even utilizing end-point detection and response (EDR) know-how – earlier than they’ll even contemplate writing a coverage.
Read extra: Closing the disconnect between cyber threat consciousness and motion
“People get the analogy of roadside assistance for cyber,” Suhs instructed Insurance Business. “With cyberattacks, it’s not a matter of if, it’s not a matter of when, it’s how big? There’s a 100% chance you will have an attack; I don’t know the frequency or severity, but I can tell you it’s going to happen.”
Concierge Cyber has gone to market on to prospects and thru varied re-seller companions, together with brokers and brokers, commerce teams and associations, and extra just lately by insurance coverage carriers. There are three pricing tiers for firms with annual revenues as much as $10 million, from $10 million to $50 million, and over $50 million, with annual membership charges of $250, $490, and $995, respectively.
Suhs stated brokers and brokers are a vital cog within the chain as a result of small companies and personal purchasers typically look to them as their “outsourced risk manager”.
“Initially, we were working with brokers and MGUs, but now we’re opening it up to carriers, not to be on their cyber panel, but to offer Concierge Cyber to maybe professional liability [policyholders], where their policy may exclude cyber, or directors’ and officers’ (D&O), or property,” defined Suhs.
“Think of it like the employment practices liability (EPL) hotline for D&O. That’s how we market it. It’s a value-added service, which provides dedicated incident response, because again, the majority of small businesses don’t have cyber insurance or access to professional resources in the event that they suffer an attack.”