Before the ransomware epidemic, cyber risk brokers could more easily align themselves with a traditional definition of brokership. The absence of systemic losses, products trending towards commoditization, and favorable pricing facilitated a more transactional relationship with clients.
Many brokerage firms (and insurers) focused on efficiency and automation. They reserved deep technical advising for the most prominent clients with the largest towers. But when the hard market arrived seemingly overnight, the role of a cyber broker began to experience a paradigm shift.
With increased capital in the market, we are again seeing market conditions change, raising the question of whether there will be a temptation to return to lower touch and transactional brokering. Those brokers who realize the importance of increasing their value to clients by becoming cyber risk advisors will undoubtedly separate themselves from the rest of the pack.
As the market segments itself around risk quality, well-rounded cyber risk advisors operate with a proactive mindset in an otherwise reactive industry. They understand that each insured has a unique risk profile, necessitating a tailored approach. They know that risk transfer is only one piece of the equation, so they seek input and buy-in from across a client’s internal organization.
The best advisors are adept at framing discussions that resonate with not only their traditional points of contact in risk management but with IT, finance, and legal as well. They focus on aligning the internal priorities of stakeholders to build a common understanding of their value-at-risk and their loss tolerance. Ultimately, these are executive-level topics, and the best risk advisors will be champions of breaking down these internal silos.
Many top firms recognize this and are now either enhancing their current services or building such capabilities from the ground up. Clients are looking to their broker for guidance on technical controls, security best practices, contractual requirements/vendor management, and modeling their value-at-risk. In response, the role now requires brokers to become part IT consultant and part project manager. On a client’s journey to achieve cyber resiliency, it has become clear that having a comprehensive cyber risk advisor is just as important as having a proper patching cadence.
In some ways, the shift of a cyber broker’s responsibilities signals a maturing product line taking another step in its natural evolution. But it also indicates the dynamic nature of cyber risk and the proactive approach that it requires. To meet this new demand, modern cyber advisors are trying to stay ahead of the curve by utilizing all the available resources, including modeling tools, contextualized vulnerability scanning, and advanced threat notifications. These cyber risk advisory leaders are positioned to help their clients best manage their risk holistically by employing best practices including but not limited to:
- Quantifying your client’s value-at-risk that goes beyond peer benchmarking.
- Deploying advanced cyber risk modeling to anticipate events' potential impact and the ROI of security controls.
- Aligning the priorities of leaders in Finance, Security, and Risk Management to connect their internal organization silos. drive a holistic discussion around managing cyber risk.
- Providing visibility into your client’s vendor and third-party risk exposure.
- Driving cyber risk discussions towards holistic solutions that balance business needs with cyber resiliency.
After several years of tough renewal cycles between brokers and providers, conversations around partnership have started to ring a bit hollow. Both brokers and clients have understandably lost some faith in the process as carriers continued to raise prices to astronomical levels to match their losses. As we move forward, what it means to be a partner has become more important than ever. The modern cyber risk advisor must be a true partner to their clients and seek to align them with others who value partnership as much as they do.
We at Resilience do not take this responsibility lightly, as we view our brokers and clients as partners. The rise of the modern cyber risk advisor is something we will always support, and we are excited to be a part of the journey.
Thank you for reading. If you liked this post, please share it with your network, and follow Resilience for more thought leadership to help you build #CyberResilience.
By Michael Sayers
Michael Sayers is the North American Head of Distribution and Strategy at Resilience. Before joining Resilience in 2021, he was the Cyber Practice Leader for Marsh’s Qualified Solutions Group. Working on both the brokerage and company sides of the insurance industry throughout his career, Michael has dedicated himself to addressing cyber risk for insureds and broker partners alike.