Cybersecurity threats are an ever-evolving challenge for businesses of all sizes. Data breaches, malware attacks, and other cyber incidents can inflict significant financial losses, reputational damage, and legal consequences. 

Aviva research reveals that one in five UK businesses have experienced a cyber-attack or incident, with nearly one in 10 (9%) small businesses experiencing this in the last year. This number rises to 35% of large corporate businesses, showing the increasing risk that cyber presents. [1]

In this rapidly changing landscape, cyber insurance has emerged as a crucial risk management tool. However, the current placement approach taken by many brokers and insurers has limitations, leaving companies vulnerable and hindering the true potential of cyber insurance. 

What’s wrong with the status quo? 

Traditionally, obtaining cyber insurance usually involves the client completing a proposal form, relying on their knowledge of IT to correctly understand and answer the questions presented. Brokers share this information with insurers who use this information to assess risk, present terms and bind cover. 

Cyber insurance often focuses on reactive measures after a breach occurs. Policies are primarily designed to cover post-breach costs like legal fees, data recovery, and notification expenses. 

While these components are all important, this approach falls short in addressing the proactive need for preventative measures at the outset, so all parties have transparent and accurate information about the risk and have the correct cover limits to protect against losses.

Limitations of the traditional approach:

Proposal forms: the risk capture process varies across the market, with insurers requiring the completion of risk data. If the client or broker doesn’t understand what is being asked of them or the implications of their answer they are at a disadvantage from the outset. 

Inconsistent application: Underwriting processes vary across different insurers and can be subjective, leading to inconsistent coverage and pricing. 

Cover gaps: If the client, broker, or insurer can’t validate the information provided there could be gaps in cover because parties don’t understand where the claims will come from. 

Knowledge gap: Lack of understanding between brokers, insurers, and clients can hinder communication and risk assessment.

Limited risk mitigation: Reactive approach provides limited tools to prevent breaches from happening in the first place.

All these factors can result in buyers not buying or buying a policy that won’t be effective if they have a loss, neither outcome is beneficial to the client or broker. There has to be a better way to prepare the client for cyber insurance and that is exactly what we are proposing. 

How looking at cyber from a different angle works (the Infoprotect Approach) 

Infoprotect proposes a unique approach to cyber insurance that emphasises both prevention, resilience and protection. However, this approach recognises the importance of risk identification and mitigation pre-placement as the key driver to achieving better customer outcomes. Our placement process delivers accurate risk information to the client, broker and insurer allowing the client to see their cyber risk posture, the broker to deliver a detailed presentation of the risk to market and the insurer will see the detailed and validated information allowing them to see where the risk is, where claims are likely to come from to price and cover the risk as required. This is a different approach and one that has the following key components. 

Key elements of the Infoprotect Approach:

We know that the process we’ve provided to brokers and their clients makes it easier to get the cover they need at an affordable premium.

Comprehensive pre-placement risk assessment: Deep-dive analysis of a company’s cybersecurity posture, identifying vulnerabilities with shortfalls and recommending improvements.

Focus on preventative measures: Offering resources and suggesting the approach to strengthen cybersecurity defences, reducing the likelihood of a breach. Because we are cyber experts we can also advise on areas where clients may not be able to comply with a requirement but offer up alternative mitigating factors that make the risk still acceptable to insurers.

Transparency: All the information gathered as part of our cyber risk assessment is shared with the client, broker, and insurer so all parties know what information the risk is based on, and this can be critical if there is a dispute later, particularly when there is a claim. 

Validity of data: This is crucial to the success of our service, that is that all the information collected and provided to insurers is accurate and validated. We usually rely on the information being collected by completing a proposal form, if that information is unintentionally incorrect or incomplete this could impact the client’s ability to get cyber insurance, the adage that you don’t know what you don’t know, could be costly.

Collaboration:  Our process is a collaboration between all parties, what we offer is a 1:1 service where we get the best results when we work hand in hand with the clients IT team to take them step-by-step through the risk assessment process, after all we are here to help them and not to cast any judgement on their work, which is usually excellent! 

Data-driven underwriting: Clients, brokers and insurers can use the data in the report to provide more consistent and accurate risk assessments and pricing. It is clearer where the client’s cyber posture is and what is being done to improve it so underwriters can be confident that they have accurate information that allows them to better predict where claims will come from and enable them to give the cover the client needs at the right price. Over time our approach should reduce claims incidents.

The Infoprotect UK Cyber Risk Assessment in Practice

How a Unique Risk Profiling System Secured Affordable Cyber Insurance for a Motor Dealership

Challenge: A UK motor dealership faced difficulty obtaining affordable cyber insurance due to the industry’s high-risk nature and lack of standardised risk assessment methods.

Solution: Infoprotect unique risk profiling system, utilising the FortMesa platform, provided a detailed and accurate analysis of the dealership’s cyber risk posture. This included identifying vulnerabilities and recommending improvements.

Result: The dealership secured comprehensive cyber insurance coverage at a significantly lower cost than previously offered. This comprehensive coverage protects against data breaches, ransomware, and other cyber threats, enhancing the dealership’s overall cybersecurity posture and meeting regulatory requirements.

This worked because we were able to use standardised and detailed cyber risk assessments that can help businesses obtain affordable cyber insurance. The process was a collaboration between brokers, insurers, and risk management experts that led to better outcomes for everyone involved. The brokers value added proactive cyber risk management is essential for businesses to mitigate risks and ensure business continuity.

A process which delivers results for everyone

This process is a win-win for broker, client and insurer, here’s why.

OutcomeClientBrokerInsurer
Gives you the widest risk profile report you’ve seen
Knock the socks your chosen cyber underwriter  
Build your credibility in the market  
You’ll never have to send out another cyber proposal form 
Obtain more cover, better terms and premium from insurers 
Transparency between broker, client and insurer, giving a report on responses to questions
Board level cyber position report, risk matrix, and action plan  
Increased credibility with own customers and stakeholders 
Cyber insurance cover with the cover that is cost-effective
Clearer view of where claims will come from.


The Infoprotect approach represents a paradigm shift in cyber insurance. By integrating prevention, protection, and continuous engagement, it fosters a collaborative ecosystem that benefits brokers, insurers, and clients alike. This approach creates positive outcomes for all parties, helping businesses build a more resilient and secure digital future.

How can we help you? 

We’d love to talk to you in more detail about the Infoprotect approach and how it can help you to proactively manage your cyber risk placement strategy. Contact us today for a no obligation, confidential consultation.

Sources

[1]https://www.aviva.com/newsroom/news-releases/2023/12/One-in-five-businesses-have-been-victims-of-cyber-attack-in-the-last-year/

Why Are Cyber Insurance Claims Denied?

Read more

Why a Fractional CISO Could Save Your Business

Read more

Why Every Business Needs a Holistic IT Managed Service 

Read more

Safeguarding Your Business from Email Compromise in Six Easy Steps:

Read more

Selling Cyber – Creating A Kick-ass Sales Process

Read more

Transforming Cyber Insurance: The Infoprotect Revolution

Read more

Why Move to the Cloud ?

Read more

Cybersecurity Insurance

Read more

Managing Human Risk in Phishing

Read more

10 STEPS to CYBER RESILIENCE

Read more

SMALL BUSINESS GUIDE to CYBER SECURITY 

Read more

Take the fight to email impersonators

Read more

Cyber Insurance – MFA and SaaS

Read more

Phishing – Lets Educate & Upskill the users

Read more

Answer yourself truthfully… Can your business afford LAN/WAN downtime?

Read more

Into lockdown & post Brexit: Business as usual for Infoprotect UK.

Read more

The Hidden costs of cybercrime over and above the economic impact.

Read more