For years, insurance brokers have faced an uphill battle convincing small and medium-sized enterprises (SMEs) to invest in cyber insurance. The prevailing sentiment among business owners was that cyber cover was too expensive and they were unlikely targets for cybercriminals. However, a surge in attacks - with increasing numbers now aimed directly at SMEs - is changing the cyber landscape and prompting a notable shift in attitudes. According to brokers on the front lines, the SME tide is turning.
“A lot of clients are asking for quotes and they're definitely looking to buy these new policies for the first time,” said Jono Soo (pictured, left), head of cyber in New Zealand for Marsh.
Soo said that while economic pressures remain, the awareness of cyber risks has grown, making it easier for brokers to articulate the value of cyber policies to SME clients. This increased awareness is translating into action. SMEs are no longer simply inquiring about cyber insurance - they are actively considering and, in growing numbers of cases, purchasing coverage.
“It's definitely a balance right now, especially with economic and financial challenges and finding the extra bit of money on the balance sheet to buy a new policy, but certainly there's a lot of interest,” said Soo.
Damian Schade (pictured, centre), client director of professional and financial risks at Lockton, agreed with his Marsh colleague. “As you see more claims evolve, you see more interest and you can see the light bulbs go off,” he said.
One area seeing particular growth is non-contingent business interruption (BI) coverage. “A number of insurers are providing non-contingent BI,” said Schade.
This coverage is especially attractive to SMEs that rely heavily on platforms or providers outside of traditional managed service arrangements. “So, if there's a cyber event that's not related to any of your particular vendors or service providers and that cyber impacts you and your ability to trade, there's coverage available from a business interruption point of view,” said Schade.
The unique selling point of non-contingent BI is helping brokers start deeper conversations about cyber risk with their SME clients.
When it comes to broker-client conversations around cyber, Decklyn Thomson (pictured, right), a commercial broker with GSI Insurance Partners said the nature of that engagement has recently changed.
“We're probably spending less time explaining what cyber insurance is and more time discussing with clients around limits, coverage options, some of the possible ins and outs and extensions of the policy,” said the Auckland-based broker.
This evolution reflects a maturing market, where SME clients are increasingly aware of cyber threats and are now focused on understanding the specifics of their coverage. This focus is partly driven by external pressures. “We've got a lot more clients now being asked for council contracts or government contracts to have or to hold a certain limit of cyber cover, which is, again, a good thing to see,” said Thomson.
Supply chain and contractual requirements are pushing SMEs to take cyber insurance seriously, accelerating uptake.
Despite these positive trends, some challenges remain. Many SME owners still believe that cyber incidents are unlikely to affect them personally. “Everyone understands that there are cyber threats out there but there’s still a little of that “it's not going to happen to me” dynamic,” said Schade.
Brokers are working to bridge this gap, using real-world examples and evolving coverage options to demonstrate the very real risks SMEs face.
New Zealand’s SME market for cyber insurance is in transition. “Certainly, the awareness is there and I think it's getting much easier to articulate the value of these cyber policies,” said Soo.
With brokers now fielding more sophisticated questions and seeing higher policy counts, it’s clear that cyber insurance is finally gaining some traction among SMEs - just in time to meet the growing threat landscape.
