Cyber Risk in Insurance: How Can Brokers Protect SMEs?

Simon Hughes, VP and General Manager at Cowbell
Simon Hughes, VP and General Manager at Cowbell, shares the 4-stage cybersecurity framework for insurance brokers to protect their SME clients against risk

As small and mid-sized enterprises (SMEs) have embraced technology and innovation over the last decade, the shift to ecommerce has been transformative. But with expanding tech ecosystems including unsecured remote devices, the risks of a breach are also growing.

The costs and consequences of a cyber breach can be expensive and paralyse business, causing lost custom, reputational damage and even worse. Yet the Government’s Cyber Security Breaches Survey 2023 reveals that only 47% of medium-sized businesses have a formal incident response plan, highlighting a greater need than ever to prevent breaches from occurring. Furthermore, a recent survey from Cowbell reported that 3 in 4 businesses don’t provide training on identifying cyber incidents. 

Simon Hughes, VP and General Manager at Cowbell believes that only by taking a proactive approach to cyber security will mid-market companies ensure that any breach is prevented or detected at the earliest opportunity, with an effective recovery strategy in place.

Hughes is a seasoned underwriter with over 13 years of experience in the insurance industry. He began his career at Lloyd's and has since gained valuable experience with the multi-national reinsurer SOVAG and CFC Underwriting, a UK-based specialty insurer. 

He shares his expert insight about supporting SMEs. 

What is the state of cybersecurity risk for SMEs?

The digital landscape offers SMEs new opportunities, but also carries inherent risks. There has been a growing trend for cyberattacks within the mid-market sector, as hackers recognise the potential for financial gain. According to a Vodafone study, 54% of SMEs in the UK experienced some form of cyber attack in 2022, with almost 1 in 5 reporting an average cyber attack could cost their business up to £4,200. 

Without the cybersecurity resources of their larger peers, SMEs are perhaps more at risk and under greater pressure to protect themselves adequately. In the face of an increasingly sophisticated and persistent cyber threat landscape, SMEs need proactive strategies to safeguard digital assets and maintain the trust of their customers. There’s never been a greater need for insurance brokers to stay abreast of the evolving threats to be able to help clients minimise their exposure and limit risk.

How are brokers stepping up to combat cyber risk?

Brokers are ideally positioned to advocate proactive cybersecurity as a strategic investment. But without taking a holistic and future-proof approach, they can leave clients wide open to the evolving costs and consequences of a cyber incident.

Many insurance brokers are stepping up to the challenge and their roles are evolving. By deeply understanding their clients’ individual risks and vulnerabilities in the context of the external landscape and continuously monitoring and adapting strategies to mitigate new threats, brokers are on the offensive in this ecosystem. Effective collaboration between SMEs and their brokers is vital to build a resilient and secure business environment.

How can brokers take a proactive approach to protecting clients against risks?

Proactive cybersecurity is a critical investment in financial protection that supports the entire business. In helping organisations fully understand their vulnerabilities, brokers will guide SMEs to implement the right protection to guard their most important assets. 

There is a 4-stage cybersecurity framework brokers should use to ensure their clients are protected for now and the future:

  1. Personalised risk assessment

Insurance brokers should first conduct a comprehensive risk assessment which is tailored to the specific needs and vulnerabilities of the client. Brokers should evaluate the nature of the business, the sensitivity of the data they handle, and current cybersecurity measures in order to develop customised solutions that meet clients’ needs.

From the insights gained from the risk assessment, brokers should work closely with underwriters to create a policy tailored to the size and industry of the client that provides comprehensive coverage. It is essential that policies cover financial as well as reputational damages.


  1. 360° cyber education

SMEs must have a clear training strategy to ensure their employees and clients are aware of cybersecurity best practices. This will ensure all individuals across the organisation fully understand the risks and can identify the signs of potential threats. This should include how to keep devices secure, implementing strong password protection, completing regular software updates, and knowing the process for reporting suspicious or unusual behaviour.


  1. Incident response planning

Brokers also need to assist their clients in developing and implementing robust incident response plans, should the worst occur. This means defining clear roles and responsibilities, establishing communication protocols, and conducting drills to test the effectiveness of the plan. In partnering with legal and compliance teams to understand the latest legislation and evolving digital protection laws, their clients will be adequately prepared for the current threat level, thereby minimising downtime and allowing faster recovery.


  1. Continuous monitoring builds trust

With a continually evolving cyber landscape, brokers should establish mechanisms for continuous monitoring of clients’ files and networks that can stop threats in their tracks. Having a detailed picture of threats also means that insurance policies remain relevant and effective. Regular communication and regular planned software updates help SMEs stay ahead of potential risks and adopt proactive measures to mitigate them. This ongoing response is critical to building trust and developing long-standing partnerships, which is essential for business continuity.


Make sure you check out the latest industry news and insights at Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024


Cyber Magazine is a BizClik brand 



Featured Articles

How Microsoft Is Helping Rural Hospitals Get Cyber Secure

Microsoft is giving rural hospitals a hand to help them get their cybersecurity up to snuff to keep them running amid the rising attacks on healthcare

SpiceRAT: Cisco Talo Sound Alarm Over New Trojan

Remote Access Trojans are resurfacing, and Cisco Talo shows they are doing so with increased sophistication

CrowdStrike & HPE: Unifying IT and Security for Secure AI

CrowdStrike and HPE are joining to integrate their Falcon platform and GreenLake cloud and OpsRamp AIOps to give an overview of AI infrastructure

Zscaler and NVIDIA Join to Upskill Zero Trust with Gen AI

Network Security

Gigamon Sound Alarm on Cloud Security as Unseen Attacks Soar

Cloud Security

Helping APAC Curb the Threat of Cyber Attacks

Hacking & Malware