Tag Archives: gdpr

Cyber Insurance: Coming of Age in ’17?

2016 was definitely the year of cyber insurance emergence. As large-scale attacks and disclosures of massive data-breaches were recurring, we realized once again that allocating tremendous efforts and resources to your cybersecurity defense does not provide any guarantee you won’t experience an incident.

Executives and security professionals are gradually accepting that it is not a matter of if but a matter of when their organization will be hit by a cyber-attack. With this understanding, many businesses acknowledge cyber insurance as an important tool in the multilayer cybersecurity defense approach and declare it is an essential part of their risk mitigation strategy.

See also: 10 Cyber Security Predictions for 2017  

Here are some of my personal predictions for the cyber insurance market this year:

  1. An increasing number of security vendors will provide insurance guarantees. 2016 signaled a new path in the cybersecurity industry as few emerging startups started to offer a cyber insurance coverage of as much as $1 million per organization that will be fully covered with their defense solutions (e.g. SentinelOne and Cymmetria). I expect this trend to intensify through 2017, and well-established vendors will gradually follow to offer a bundle of protection plus insurance.
  2. We will see an increase in the number of insurance companies that will start to offer cybersecurity services. As cyber insurance is emerging and as many new insurance companies are entering the market (currently, approximately 70 insurers offer stand-alone cyber insurance products), there is a race for the best cybersecurity talent to assess the risks and provide pre- and post-breach services as monitoring, incident response, forensics, etc. In this atmosphere, insurers will acknowledge the revenues they can make from cyber insurance and adjacent security services to their clients, and will (and already do) expand their teams with the cybersecurity professionals and tools through aggressive hiring and M&As.
  3. Cyber extortion coverage will take the lead as the most demanded cyber insurance product. Ransomware is exploding across geographies, industries and all sizes of businesses. Following the massive distributed denial of service (DDoS) attacks on Krebs on Security and Dyn, the IoT world is open to a new world of DDoS attacks that no load balancer can mitigate. I expect that cyber extortion will become the biggest problem for organizations and individuals and that it will surpass data breaches as the main threat.
  4. Adoption of advanced tools for risk assessment will increase. There is a high demand for tools that will give insurers an accurate, scalable and affordable risk assessment that will streamline the entire (mainly manual) questionnaire-based risk quantification methodology that is the common practice today.
  5. New regulations will be introduced and will support the expansion of the cyber insurance market. There are high chances that more U.S. states will introduce regulations that support internal risk assessments on a regular basis of third party vendors and enforce security policies on organizations as suggested by the new NY proposal for the big financial institutes that was released last September.
  6. The penetration rate of cyber insurance among SMBs will be the driving force in the industry. As awareness of cyber-attacks increases among small- and medium-sized business, they’ll realize that cyber insurance is an essential security tool, particularly because of their limited cybersecurity resources. I expect to witness higher percentages of the SMB segment that will purchase cyber insurance coverage, leading to an increase in total market size, as current estimates rely on low adoption rates in these segments.
  7. Insurers will introduce personal cyber insurance coverage. As ransomware becomes a threat to any operating system and any device, it is forecasted that it will gradually become a serious problem for individuals, as well, and will lead cyber insurance companies to offer personal cyber insurance coverage.

Cyber insurance is here to stay, and insurers, brokers, business and individuals will benefit as this market continues to evolve. Growth will be sustained mainly in the U.S. market and is highly likely to expand worldwide, especially in the EU as GDPR starts to be effective.

See also: Understand the Nuts and Bolts of Cyber

No matter which part of the IT security eco-system you fit into, you should explore the benefits cyber insurance can bring to you — revenues, financial hedge and cyber peace of mind.

Missed Opportunity for Customer Insight

Customer insight (CI) teams can take different forms in different businesses (partly rightly, to reflect the needs of that business). One such variation is reporting line. Some CI teams report into operations, sales, IT or even finance. However, by far the most common reporting line is into marketing.

See also: 3 Skills Needed for Customer Insight  

That makes sense to me, as over the years I have seen more and more applications for customer insight across the marketing lifecycle. Increasingly, marketing teams are realizing that use of data, analytics, research and database marketing techniques is part of their role. Sadly, these technical teams are, too often, still separated. But at least there are signs of collaboration.

Marketing Automation:

Companies and leaders also recognize different applications of insight to marketing. Some focus on early-stage roles in strategic decisions, some on proposition development and some on campaign execution or marketing measurement. Very few appear to use customer insight in all they do.

Meanwhile, one of the trends of recent years has been the adoption of marketing automation systems. In some cases, the term has almost been used to replace the infamous customer relationship management (CRM) system. But, for many businesses, it is more about bringing a structured workflow, resource management and quality controls to the work of marketing teams. Talking with consultants who specialize in helping businesses implement marketing automation systems (none appear to work straight out of the box) reveals a sadly lacking focus on customer insight.

This is such a missed opportunity. The marketing workflow needed by today’s business requires input, validation, targeting or measurement at almost every stage. But it seems that marketing automation designs are not routinely embedding customer insight deliverables into marketing processes.


It is perhaps surprising that more focus has not been put on automating routine use of insight in marketing, given the regulatory environment.

Whether you consider certain vertical markets (like the role of the Financial Conduct Authority), or the higher hurdles coming to all data uses (with the adoption of general data protection regulation, or GDPR, principles), marketers will need more evidence. Those data marketers keeping up-to-date with their professional responsibilities will realize they need to evidence suitability of their offerings, targeting of their communications and appropriate use of data.

Where’s the gap?

So, in what parts of the marketing lifecycle are marketers neglecting to use customer insight? Where are the most important gaps?

Based on my consultancy work, often helping companies design their customer insight strategy, I would identify the following common gaps:

Participation decisions:

  • Either not having a clear understanding of market segments, or not making participation (product categories or distribution channels) based on segment fit or size of appeal.

Communication design:

  • The use of insight generation has grown for product design (as per our recent series), but too few marketing teams also use that same insight generation to design their communication.

Communication testing:

  • Quite often this is left to ad hoc qualitative research, with insufficient use of techniques like eye-tracking or quantitative experimentation at concept stage.

Event triggers:

  • Identified as important to targeting in two recent research reports, from the DMA & MyCustomer/DataIQ, event triggers deserve to be more widely used in targeting marketing campaigns. For further thoughts on why you don’t just need propensity models, see previous posts on both events and propensity models.

Holistic marketing measurement:

  •  As more and more marketing directors are expected to report on their return on investment (ROI) or return on marketing expenditure (ROME), once again insight can help. Not just the traditional role of database marketing practices, in reporting incremental return against control groups, but also, increasingly, the design of holistic measurement program (converging evidence from brand tracking, econometrics and other data sources). This previous post shares some more detail on that.

Will you be insightful or ignored?

In closing, I’d encourage all customer insight leaders to get closer to those leading marketing in their businesses. Marketing will become increasingly challenging over the next 12 months. CI leaders have the potential to become trusted advisers who can support marketing directors in navigating those choppy waters.

See also: The 4 Requirements for Customer Insight  

To return to the theme of regulation. I once more advise readers to not underestimate the potential impact of the EU’s general data protection regulation (GDPR) on their businesses. Despite Brexit, every commentator seems to agree that this regulation will affect U.K. businesses. The most eye-catching element may be the scale of potential fines (as much as 4% of global annual revenue), but the changes to consent may affect marketers more. The new hurdle will be proving positive unambiguous consent. Many businesses may conclude they need to move to opt-in for all marketing content.

So, going forward, the biggest threat to marketers (those not embedding insight into their processes) may not just be losing customers. It may be losing the right to talk to them!