An effective sales strategy can transform these challenges into competitive advantage, but it needs to be built on a strong understanding of the evolving cyber risk landscape.

Cyber threats in the region are on the rise. Malware risks are reported to be 37% higher in Asia Pacific than the global average, and the prevalence of Ransomware is 40% higher than the global average. The highest encounters for both threats are currently seen in Southeast Asia. [Microsoft Security Intelligence Report Volume 24]

This reality, along with fast-moving regulatory changes, are expected to boost the demand for education and related cyber solutions among individuals, small enterprises, corporations and governments in the region.

The introduction of cyber insurance to an insurer’s portfolio requires them to navigate the local legal environment, set up an accumulation management framework,  establish pricing engine and underwriting guidelines, and – critically – implement a robust sales strategy.

Every market has its own mechanism, level of cyber maturity and product requirements that need to be considered in conjunction with the following four components that make up a successful knowledge-centric sales strategy:

1. Solution offering
   An important part of a successful sales infrastructure is to have adequate coverage adjusted to the market environment. Any new cyber offering is generally more abstract than a traditional insurance product like property, where loss is predictably tangible. As a result the underwriting process and policy wording needs to be simple to be meaningful for a customer. Evidence of this approach is seen in the demand for our SME-specific pre-underwritten product.
   
   Another important area to consider is claims incident response management. This capability has become a key sales component as it provides a strong reason to purchase a cyber policy.
   
   
2. Sales channels
   Sales are driven through various distribution channels such as a broker, online channel, agency force or alternative distribution. One challenge with cyber is that insurers need to embed complex technical knowledge quickly into the sales channel mix. From our experience, we see that successful strategies are based on a company’s established sales channel and leveraged effectively, instead of embarking on a new sales channel for this purpose.
   
   
3. People
   Ensuring the sales force – which remains a dominant channel in Asia - is educated, incentivized and supported to position and sell the solution offering is a key priority. It’s also advisable to integrate cyber solutions with the agents’ core offerings so that they are considered “on par” with other established lines is important to achieve credibility and value for the business line.
   
   
4. Technology
   The role of technology is also crucial. For example, we have introduced an automated underwriting engine which can be loaded with a country factor and integrated to the distribution channel for brokers, sales agents or direct customers. This kind of solution can be designed to bring several hundred sales agents up to speed on Cyber and to be able to install direct multiplier solutions with brokers.
   
   In summary, embedding a new insurance product like cyber takes a high degree of effort and adaptation of knowledge that must begin with understanding the market, creating awareness and equipping stakeholders along the insurance value chain with the right information and tools.
   
   By getting the right balance across the four components of the sales strategy (solutioning, sales channels, people and technology) insurers will be well positioned to respond to the growing demand for cyber and to create the right partnerships that can tackle the challenge of the increasing threat landscape and changing regulation.
   
   At Munich Re, our clients can leverage our global network of more than 120 Cyber specialists to help them develop strategies based on strong product specifics, wordings, pricing, marketing or business planning support. They can also harness the power of our automated underwriting platform CyRUSS, which can be onboarded via an API. In the event of an incident, we connect them to a full service recovery ecosystem comprising IT Forensic Services, Legal Services, Claims Services well as reputation management expertise, so that ultimately they can focus on serving their clients’ needs.
   
   It is our commitment to continuously evolve with our clients, so that together we can achieve adequate insurability of cyber and realise our growth potential.

Various regulations are shaping the risk environment:

Last year the Singapore Personal Data Protection Commission imposed the highest fines to date in respect of cyber-attacks while Vietnam passed a law to empower authorities to investigate users of online content and China revised and introduced more cybersecurity laws.

As witnessed in Europe the introduction of GDPR spurred a change in attitude among corporates towards cyber security: strict legal requirements and increased awareness prompted corporates and small and medium enterprises to invest in a risk transfer to cyber insurance. This year in India similarly strict laws are expected to be put in place.

South Korea has introduced compulsory cyber insurance with effect from 2020 and the Thai Personal Data Protection Act will include and introduce a mandatory breach notification of 72 hours from May, similar to that of GDPR requirements.