Cyber Incident? Get Help

How to Address the Top 7 Objections to Cyber Insurance

Insurance broker discussing policies with client


Despite rising cyber crime, the adoption rate for cyber insurance remains relatively low. Many small businesses owners aren’t familiar with cyber coverage - or don’t understand the range of threats that cyber attacks pose. So it’s not surprising that business leaders are slow to embrace a new kind of insurance. 

There are compelling reasons for businesses to take action to insure themselves against cyber threats. But business leaders often need help in understanding the significance of cyber crime, the costs it imposes, and the essential value of coverage. Below are the seven of the most common objections to cyber insurance that brokers hear from clients. By acknowledging their concerns and sharing the facts about cyber crime and the value of insurance, you can help leaders educate themselves and protect their businesses.

"I'm too small to be a target"

Many business owners mistakenly assume that small companies or businesses with a “low profile” aren’t targets for cyber crime. In fact, threat actors increasingly use automated attacks to target small businesses, which often have weaker security controls.

According to a data breach investigation report by Verizon, 61% of small-to-midsize businesses experienced cyberattacks in 2021. And these attacks can be devastating. About 60% of small businesses close permanently within six months of suffering a cyber attack.

"We don't rely on technology"

Cyber crime doesn’t just affect data-rich companies. Every technology, even the most basic, introduces the risk of cyber attack. In fact, tools like email are commonly exploited for phishing and similar attacks. Online financial services, digital payments, remote collaboration, and other tools all create avenues of risk. And it's important to remember that cyber risk doesn’t just come from a business's technology, but extends to vendors, partners, and even employees’ behavior. All businesses need a plan for addressing cyber crime.

"I'm already protected from cyber threats"

Cyber security tools are an important first step in mitigating and managing cyber risk. But they’re only a first step: protections can and do fail. Additionally, cyber security tools won’t protect against exposure through vendors and third parties — or your employees. Nearly half of cyber crime is a result of human error. Organizations need a comprehensive plan to protect themselves from increasing threats. Businesses need both security and insurance to be fully protected.

"I have coverage in my existing insurance"

Traditional insurance isn’t designed to cover the broad impacts of cyber crime. Most package policies only cover third-party costs, leaving significant coverage gaps. The consequences of cyber attacks don’t stop at compensating customers for privacy violations or identity theft. Out of pocket expenses, operational interruptions, and resulting revenue loss pose major challenges following a cybersecurity attack. Cyber insurance mitigates these risks and provides solutions to help businesses rapidly restore operations at a critical time.

"Cyber insurance costs too much"

For business leaders just becoming familiar with cyber insurance, the cost of coverage may seem like a financial burden. The reality is, in the current cyber threat environment, businesses can’t afford not to have sufficient insurance. Cyber criminals increasingly target small businesses with sophisticated attacks. Recovery costs can be devastating. On average, the cost of a small business data breach is between $120,000 and $1.2 million. Business owners need a comprehensive plan for protection, including recovery, digital asset restoration, and crisis management. Note that cyber insurance is customized for an organization’s risk exposure and business needs to manage the expense.

"It's not a good time"

Prospects may say this when they don’t clearly understand the risk of cyber threats, or the value that cyber coverage offers. But considering the frequency of attacks on businesses and the average cost of recovery, it’s not a good time to postpone action. According to IBM, it takes an average of 212 days to identify a data breach and 75 days to contain the issue. This means that a prospect could already be facing a cybersecurity issue without knowing it. 

For many businesses, an attack can be too much to overcome. There’s no such thing as beginning preparations to address cyber attacks too early — but definitely such a thing as too late. Businesses shouldn’t risk their long-term viability over a simple, reversible decision they could make today.

"I need to think it over / talk to my partner / see it in email"

These responses could be a polite decline, or reflect a genuine need to better understand and digest the value and necessity of cyber insurance. Try to learn what aspects may be causing their hesitation so you can avoid pushing general selling points and directly address the relevant issues. 

Consulting a business partner or spending time evaluating significant matters such as cyber crime and coverage are understandable, valid actions. But help your client ensure that the need for discussion or consideration doesn’t slip into procrastination and avoidance; establish a plan to reconnect. Schedule a day and time for a call with the client and their business partner. This provides an opportunity to address any remaining concerns in person. In the meantime, getting the application process started can be helpful. Addressing cyber protection is a critical matter that shouldn’t be delayed.

Attune About Background

It’s understandable that business owners will have hesitations about purchasing coverage for a risk they may have only recently become aware of. Acknowledge their concerns. Listen for the specific areas of their objection. By becoming conversant in the issues underlying common objections to cyber insurance, you can help your clients understand the facts and make informed decisions. Addressing cyber risk is a step we all need to take. Cyber insurance offers broad protections against the risk of increasingly common threats.