With Munich Re anticipating huge demand in the cyber insurance market –  predicting growth figures of $29 billion by 2027, up from $14 billion in 2023 – brokers are bracing for a busy few years ahead. But their jobs won’t start and stop with securing robust cyber insurance coverage. American businesses are increasingly turning to their brokers for more than financial protection, and also seek guidance, expertise and support to strengthen their cyber defenses. 

This shift makes sense for two key reasons. Firstly, adopting a proactive multi-layered defense strategy – that includes cyber insurance and protective measures – has become crucial in the current risk environment. As time goes on, cyberattacks are becoming more frequent, severe, and sophisticated. Taking advantage of interconnectivity, automation and emerging tools like AI, cybercriminals are affecting businesses of all sizes. On one end of the spectrum, the most fortified, large enterprises, such as Disney, AT&T, Boeing and T-Mobile, are being targeted because of their vast data and complex operations. On the other end, the smallest SMEs are attractive targets because of their limited cybersecurity resources and the role they play in the supply chain. Secondly, brokers are uniquely positioned to act as liaisons between cyber insurance providers and businesses.  

Acting as liaisons between expert cybersecurity teams and businesses, brokers and agents can facilitate the exchange of knowledge on effective and forward-thinking tactics that can help businesses decrease their attack surface, quickly identify malicious activities that bypass defenses, respond rapidly to minimize damage and recover efficiently if an attack succeeds. 

As well as reducing the frequency and severity of claims, adhering to robust cyber hygiene practices can also help businesses secure more favorable terms for cyber insurance coverage, lower premiums and ensure compliance with regulatory requirements.  

These are benefits not only favorable for the business but also for the broker; strengthening client relationships, enhancing their reputation, improving retention and renewal rates and opening up opportunities for referrals and cross-selling. 

Six Broker-Led Strategies to Help Clients Bolster Cybersecurity 

To equip SMEs and larger businesses with the insights and resources they need to protect themselves in this evolving threat landscape, brokers should look at promoting the following strategies: 

1. Strong cyber hygiene measures: Brokers should guide clients on implementing a range of key best practices, such as multi-factor authentication (MFA), frequent password changes, robust encryption protocols, consistent software updates and the 3-2-1 backup rule. These should be implemented simultaneously to create a layered defense that strengthens resilience against increasingly sophisticated and diverse cyber threats. 

1. Ongoing employee education: Continuous cybersecurity training programs within businesses should be encouraged by brokers. With the right education, employees will have the skills to verify email addresses and promptly report potential breaches to the appropriate teams. This is of particular importance given the advances in AI, which have empowered threat actors to craft increasingly convincing social engineering schemes. 

1. Incident response plan (IRP): An IRP that is kept up-to-date and in line with the current threat landscape is essential for minimizing damage if an attack bypasses defenses. For businesses lacking a robust cyber IRP, brokers should offer a comprehensive template that comprises communication protocols, legal considerations, clearly defined roles and recovery procedures. 

1. Leverage cybersecurity partnerships: Many of America’s top cyber insurers work with cybersecurity analysts and consultants. Brokers should leverage these partnerships to help clients formulate IRPs and make use of free risk prevention services, such as AI-backed vulnerability assessments, threat intelligence tools and cyber training assistance. 

1. Continuous assessment and improvement: As cyber threats continue to evolve by the day, companies’ cybersecurity measures must be ongoing and constantly updated. Brokers should advise clients on best practices, such as continuous network monitoring to detect suspicious or malicious activities, as well as regular cyber risk assessments, periodic vulnerability scans and penetration tests to identify and address potential vulnerabilities.​​ 

1. Secure the supply chain: As businesses become increasingly digitally interconnected, the risks posed by partners, clients and suppliers grow significantly. Brokers should advise companies to evaluate the security measures of their partners by asking critical questions such as: ‘Do your partners encrypt data?’ and ‘Do they have a regularly tested IRP in place?’ These inquiries are essential for identifying and understanding the security risks linked to key partnerships in the supply chain.