I mentioned in my post right before Thanksgiving that the Independent Insurance Agents of Georgia’s Young Agents Committee (“YAC”) had won the 2015 Outstanding Communications Award given by the Independent Insurance Agents and Brokers of America (“IIABA”) “for achievement in establishing and maintaining an excellent communication vehicle for the young agents in their state.” In that post, I failed to name the chair of YAC’s Communication Committee, who played a big part in overseeing the activities that led to YAC’s winning the award. Her name was Emily Earp, which I learned when I listened to a webinar presented by IIABA a couple of weeks ago in which the Immediate Past Chair of YAC, Jarrett Bridges, explained what YAC did to win the award. (The webinar is supposed to be posted on IIABA’s website for Young Agents, but it hasn’t yet made it to that website. When it does, it can be found here.)
As I listened to the webinar, which also included Jonathan Tease, who is the IIAG liaison for YAC as well as IIAG’s Digital Marketing Administrator, the thought struck me that what YAC was doing was marketing itself to young insurance agents in Georgia and giving them reasons why they should join the committee and take part in its events. This is not much different from what an insurance agency wants to do in marketing itself to potential customers. YAC’s coördinated use of newsletters, social media, e-mails, testimonial videos, direct mail, and even text messaging could be a marketing plan for any insurance agency. In the case of YAC, it led to a 50% increase in attendance at its 2015 Sales and Leadership Conference and the largest attendance yet at that event.
This multi-channel approach to contacting and then staying in touch with its target market, young agents, was the same sort of approach that most commentators have recommended for some time for insurance agencies. Georgia’s YAC has also taken the next step of segmenting its target market, so that it can send e-mails and other marketing materials that are customized for the interests of their recipients. For example, it posts its newsletters and other publications online at its website and then sends e-mails with links to specific sections of those publications to the different segments of its target market. Doing so, encourages those who may be interested in one subject to click through to the website to read about that subject, when they may not have taken the time to read through a complete newsletter that had been e-mailed to them. It also gets those people to the website where they may find other things of interest.
The last piece is YAC’s ability to track the responses to their e-mails and other communications. They know how many people open those communications and how many of those actually click on any links in them. This information lets them know what topics are of greatest interest to the different segments of their target market and allows them to tweak their communication/marketing strategy to achieve greater effectiveness with those segments.
If Georgia’s YAC can do all the above with a volunteer run organization, there is no reason an insurance agency cannot do the same. For help in getting started, those agencies who are members of IIAG may want to contact Jonathan Tease.
Last week, I wrote about the challenges facing independent insurance agencies to protect their confidential data from hackers. The reality of agencies’ exposure to cyber attacks was made clear at a cyber security event hosted by Travelers last Fall. At that event, the head of Travelers’ cyber insurance unit stated that 60% of all cyber attacks in 2014 were against small to medium sized businesses and that half of all small businesses contacted reported being the target of a such an attack.
While the above facts should concern all agency owners, they also provide an opportunity for agencies to sell cyber insurance to their business customers, who are subject to at least the same and depending on the industry, even greater risk of cyber attack. As might be expected health care, financial services, and retail businesses are the top three targets of such attacks. According to the head of Travelers’ cyber insurance unit, less than 20% of all businesses have cyber insurance. That leaves a lot of room for growth in the sale of what will become, if it is not already, as much-needed an insurance coverage for every business as the BOP policy.
Because it is a relatively new risk exposure, many business owners do not fully understand the extent of that risk. According to the 2015 NetDiligence Cyber Claims Study, the average cyber-related insurance claim was almost $675,000 ($4.8 million for a large company and $1.3 million per claim in the healthcare sector). The study also reported the average cost to a business for every record taken by hackers was about $964. Such costs can be enough to cripple, if not destroy, a small or medium-sized business and should be a wake up call to your business customers.
A recent article in the Property Casualty 360 discussed six best practices to follow when approaching a business customer about the purchase of cyber insurance. The first and probably most important practice is to make the purchase of cyber insurance the main reason for the meeting, instead of the last item discussed at the end of a normal customer review. As with any type of insurance, before the meeting, the agent should do their homework on the possible cyber exposures that exist for the customer, so at that meeting, the agent can use real world examples involving similar businesses to show the customer they are vulnerable and the potential cost to them of a cyber attack.
The agent should also take this opportunity to correct common misconceptions about cyber attacks, the main one being that all that is required to protect against such attacks is better security for their computer network. In fact, many cyber attacks that result in data breaches are due to human error by the employees of the business (e.g., employee responding to phishing e-mails), or a third-party vendor (in one case now in litigation, a vendor hired by a health care company to store its data did not take even the basic steps of changing the default password on some of its software or regularly updating that software as security patches became available). Your business customers also need to know that they remain responsible for a data breach due to the mistakes of a vendor they may have hired to store or protect their data. Any indemnities in an agreement with such a vendor are only as good as the vendor’s insurance coverage or financial condition.
The premiums for cyber insurance coverage in 2015 were over $2 billion and some commentators expect that number to rise to $20 billion by 2025. In such a relatively new and wide open market, there is money to be made by those agents who seize the opportunity presented.
I hope all my readers had a safe and enjoyable Holiday Season. I thought it would be a good idea to start the New Year by writing about a topic that was the subject of a lot of commentary last year and promises to be even more of a hot topic this year. The massive data breach at Anthem Insurance (over 78 million consumers affected) at the beginning of 2015 was followed by many other breaches, large and small. Given the potential for large damage awards to consumers whose identities may be stolen by using such information and financial institutions that incur significant losses due to having to write off bogus credit card charges that were enabled by the data breach, not to mention the cost of complying with the various federal and state notification laws, there was a great demand for insurance coverage in 2015. (Click here for an article that reviews the developments in 2015 in this area.)
The need for such coverage will only increase now that the ability of the Federal Trade Commission (“FTC”) to impose sanctions on businesses that do not have appropriate cyber security policies and practices in place has been confirmed by a federal appeals court. In a case involving Wyndam Hotels, the Third Circuit Court of Appeals held that the FTC had the ability to regulate the cyber security practices of any business engaged in interstate commerce under its authority to prohibit “unfair or deceptive acts or practices in or affecting commerce.” The regulatory concerns of those businesses who handle personally identifiable health information are now the concerns of any business that collects personal information and engages in interstate commerce, which in the age of the internet is almost every business.
Although the FTC has not proposed a regulation that sets a standard for what cyber security measures a business must take to avoid regulatory action, it has issued guidance for businesses on what they should do about cyber security. This guidance discusses 10 lessons to be learned from its earlier enforcement actions. Those lessons range from the obvious (require strong passwords for access to your computer system) to the common sense (only collect the personal information you need and then dispose of it properly after it is no longer needed) to the more technical (segment your computer system so that sensitive information is not accessible from every computer on your network). The lessons are illustrated by real world examples of what businesses did wrong, so they are easier to apply to your own situation.
Agency owners should review their cyber security practices in light of the above lessons from the FTC. There is also a brochure developed by the FTC that goes into more detail on the steps that businesses should take to protect the personal information they collect. Up to 100 of these brochures can be ordered free of charge. They would make a nice New Year’s gift for your agency’s business customers. One more way to show you care and add value to your services.