Below are some common objections to cyber insurance with suggestions on how brokers can respond.

"Cyber insurance is too expensive."

The perceived price of cyber insurance often overshadows the potential cost of a cyber incident. It's important to highlight the financial repercussions of data breaches, such as legal fees, notification costs, reputational impacts, and business interruption losses, which can far outweigh the premium of a cyber policy. Providing actual claims examples can help illustrate the value and cost-effectiveness of cyber insurance.

"I have never experienced a cyber incident, so I don’t need insurance." 

Just because an insured hasn't experienced a cyber incident, it does not mean they are immune. In fact, according to IBAC, 43 percent of cyber attacks are aimed at small businesses.¹ Brokers should emphasize the growing frequency of cyber threats and the increasing sophistication of attacks. Sharing statistics about cyber incidents in their industry and presenting claim scenarios can help clients appreciate the importance of being proactive rather than reactive. Get Cyber Safe is a great resource for sharing information: https://www.getcybersafe.gc.ca/en

"I’m unsure about what exactly is covered and what isn't."

Providing examples of what is and isn't covered can give better understanding. It's also beneficial to highlight any additional services included in the policy, such as risk assessments, incident response planning, and post-breach support, which add significant value beyond paper coverage. 

"I’m confused about privacy regulations."

It’s crucial to provide details on how cyber insurance can help meet regulatory obligations. The Office of the Privacy Commissioner of Canada has a range of useful resources to help with PIPEDA compliance.

"My business is not a target for cyber attacks."

It's important to dispel the myth that only large corporations or specific industries are targets. According to Canadian Federation of Independent Businesses, nearly half of small businesses experienced a random cyber attack in the past year.² Showing real-life examples of incidents that have occurred in the client’s industry, and showcasing how cyber insurance has responded, can provide better perspective. 

"I’m not convinced about the effectiveness of the incident response provided by the insurer."

Emphasize the comprehensive nature of the incident response services included in the policy. Provide details about the incident response process, the expertise of the response team, and case studies where swift action prevented substantial losses. Assurance of robust support can alleviate such concerns.

A business owner who lacks understanding of cyber risks can potentially harm their own business. The broker’s role is to support them with information to answer each objection, helping to foster greater confidence and adoption of cyber insurance.