Cyber coverage still an uphill battle in the SME market

Cyber risk may be evolving fast – but for many SME clients, cyber insurance isn’t evolving with it. That’s the view from Brian Clifford (pictured), president, West Region & executive risk at Highstreet Insurance Partners, who said the industry is still grappling with how to bring clarity, urgency and value to the SME market.

“The market is constantly in a state of flux,” said Clifford. “Something that happened six months ago, I couldn’t foresee it today. And if you asked me to sort of tell you what’s going to happen six months from now, I wouldn’t know that either.”

For Highstreet, which primarily serves small and mid-sized businesses, this uncertainty is more than a market trend – it’s a challenge to close a stubborn protection gap. “Stakeholders on all sides of the equation are really trying to solve for a market that still has a significant underinsured or uninsured problem,” he said.

Despite ongoing headlines about breaches, ransomware and large-scale disruptions, Clifford said the expected surge in cyber coverage demand from SMEs hasn’t materialized.

“Not one of the major breaches or major cyber issues, outages, hackings has led our agencies… to have the phones ringing off the hooks,” he said. “We certainly see in certain areas, ‘hey, I saw a hack in this type of business, the size of business, or in the business down the street from me, and I want to make sure I’ve addressed it’… but there hasn’t really been that ‘oh, wow’ moment.”

Clifford described the situation as both a challenge and an opportunity – pointing to a broader failure to translate cyber threats into insurance action. “In all of the things that have happened, in all of the money that has been stolen, in all of the businesses that have been interrupted… how have we not been able to say, ‘hey, you need this?’”

Education gap stalls progress

For many SME clients, Clifford said the roadblock lies in how they prioritize cyber protection. Often, it becomes a budgeting debate between prevention and insurance. “Let’s say I have $100 to prevent my cyber… is it 50/50 insurance and prevention? Is it 70/30? Is it 80/20? How do I weigh the protect against what’s happening and prevent against what’s happening?”

That split mindset, he said, creates inconsistent and often ineffective cyber strategies. “We can’t put a hundred dollars out of a hundred into prevention,” Clifford said. “And concurrently, we can’t do a hundred dollars all for insurance and none for prevention.”

The real problem, Clifford argued, is a lack of consistent education – especially in the SME space. “All I read multiple times a week in all kinds of insurance press is all about how business owners are scared of cyber,” he said. “And I jokingly want to talk to them. Like, where are these folks?”

He said many SMEs still see cyber insurance as optional, not essential. “Nobody ever says, ‘I don’t want to insure my building’,” said Clifford. “But they do say, ‘I don’t want to insure my cyber’. And that’s the problem.”

The untapped SME opportunity

Clifford sees a clear opportunity – if the industry can rethink how it approaches SME clients.

“The biggest opportunity in the cyber world is the SME clients,” he said. “It is what we all should aspire to. We don’t need to fight over the Fortune 500… if we can figure out the education, the prevention, and then cyber insurance, we are poised for a massive opportunity.”

But the product itself remains a hurdle. He said the complexity of cyber policies can be overwhelming for small business owners, especially when it comes to coverage details and terminology.

“A cyber deck page is not a simple one limit, one retention, one price type of thing,” said Clifford. “We haven’t yet probably gotten to the point where we know how to explain in a minute or a few minutes to our clients what that all means.”

That makes the broker’s role even more critical. “My job is to help our folks see the exposure and then balance prevention with insurance to come together for a holistic approach to cyber prevention and cyber hygiene,” he said.

The stakes are high. Clifford pointed to data showing that upwards of 70% of businesses that suffer a cyberattack may not recover. “These companies are the linchpins of our communities,” he said. “And if cyber is going to drive them out of business, we absolutely have to improve our game as far as preventing that from happening in any way we can.”

Clifford called on insurers, MGAs, and brokers to rethink how they frame the value of cyber insurance – and how they deliver that message. “The current way of educating our clients around cyber is very much falling on deaf ears,” he said. “It’s incumbent upon me and my peers to make sure that we change that. We have to find a new way to sing the song, or a new way to pass along the message.”