Insure TV: Exploring Cyber protection in the UK with Rachel Stone

Rachel Stone, Regional Cyber Trading Lead at Aviva, shares her journey in the cyber industry and her insights on making cyber insurance accessible for SMEs in the UK.

Take a look at this latest catch-up with Mark Colegate at Insure TV. 

Please enable your browser JavaScript to view the video

Transcript  for video Insure TV: Exploring Cyber protection in the UK with Rachel Stone

Mark Colegate: To discuss the cyber protection needs of small and medium-sized enterprises in the UK I'm joined now by Rachel Stone. She is a regional cyber trading lead at Aviva. Rachel, thanks for joining us just to kick things off. Can you tell us a little bit about your role? How did you sort of come to take it up as a job?

Rachel Stone: So my background's actually in broking. So I did that for 12 years. 11/12 years. Took an interest in cyber, probably about five years ago. So I got involved in the broking area, and then ended up working CFC. Now, I'm at Aviva, absolutely loving it at Aviva, but yeah, mainly broking, to be fair. So underwriting for the past 2-3 years, I think, if even that.


Mark Colegate: So it's very much if I say a real-world background rather than being a computing whizz from day one.


Rachel Stone: You don't really have to be an IT expert to work in it. I think that's a misconception. Probably plays into the lack of confidence that a lot of people have discussing Cyber, is the conception that I have to be an IT whizz. It's definitely not the case.


Mark Colegate: Well, in that case, I mean, when you're out and about talking to brokers about cyber, what are the responses that you tend to get because you're implying they sort of see it or some of them see it as a very different world and culture.

Rachel Stone: Yeah, definitely. I think that's one of the main things I get. It's definitely a lot around the confidence piece. So I mean, it was certainly the same for me when I was broking. It was, OK, I sort of have an understanding of cyber, but I'm not confident enough to discuss it. And I think there is the misconception, as I said that you have to have a really in-depth knowledge about IT and how I think, you know, networks work in such detail. But I think that's something we're trying to combat, and I try and combat with them and say, look, it is a very difficult topic to discuss, you know compared to other lines of insurance that have been around much longer. But I try and give them key points to remember to talk about and bring up with with clients. You know, you definitely don't have to, you know, be an IT with to be able to sell it really or discuss it.


Mark Colegate: Well, given that, what are some examples of real-world cyber risks that I suppose, to your point, you shouldn't think of a cyber risk they're just risks to your business.

Rachel Stone: Yeah. So I think quite a good one to use is the business interruption side of things. Because that's something a lot of brokers know about anyway, from, you know, commercial lines, so that's a good thing. So, for example, you get into work on a Monday and all your systems are shut down. What are you going to do? That's usually the one I go with, because most people are like 'call the IT department. I think that's what I do', or they don't know, so it's things like that. And also, I always say to brokers, if you've got a certain trade that you are trying to sell cyber to, try and find a claims example or something, you know, exposure for them specifically to make it relatable to them because at the end of the day, I think that's the best way to sell anything is by making it relatable.


Mark Colegate: Do you think for a lot of clients that that's probably becoming easier with cyber? I mean, in all of our own lives, you know, you get warnings about scams, whether it's from your bank, you know, you get WhatsApp messages from people who are your best friend. But you think I'm pretty sure I've never met you before? I mean, is it quite easy to translate that from that to a business setting?


Rachel Stone: Yeah, definitely. It's definitely become easier, because the thing is, you know, as I've sort of alluded to, it's making it relevant to whoever you're speaking to. So I think it certainly helps as you say that a lot of people get personal, you know, attempted cyber attacks. I have thousands of emails in my junk mail or my personal hotmail account, you know, which are clearly fraudulent. So I think it helps then translate that if you're speaking to a business owner as a broker or speak to a broker, they're like, OK, it's the same thing. But what is the impact of this on my business? That's going to be arguably a lot bigger.


Mark Colegate: We've been talking quite broad terms around cyber, but when you bring it back specifically to the SME market, what's the Aviva proposition? Why have you structured it that way?

Rachel Stone: So I think we came into the cyber market quite late compared to some of our competitors, which has actually worked quite well because it's given us the opportunity to look and say, OK, what has worked? What could we potentially implement that the other markets haven't done? And very much our aim is to make cyber accessible. Our biggest competitor and, well, most insurers is actually, apathy to cyber from clients. So rather than sort of attacking, business with our brokers that's held by the insurers, we are very much more angled to try and make it just accessible which is why obviously, as we'll discuss later, we've developed the Cyber Respond product. But that's very much our stance is just to, you know, clients need cyber. It's quite a serious thing so we want to lead the way in terms of that.


Mark Colegate: But is accessibility about the premium size or lack of size is accessibility about what you offer in, you know, to provide should somebody make a call?


Rachel Stone: It's a bit of both. I think premium is definitely a big blocking point for those smaller end customers because if you've got a tradesman paying 500 quid for his tradesman package, he's not going to be likely to think 'OK, Yeah. I'll splash out 1200 quid on cyber policy'. We've tried to make the Cyber Respond product accessible financially, to those smaller owned businesses, whilst also not cutting back cover, that is, you know, gonna really negatively impact them. What I would say is that any cyber cover is better than none. So we've tried to design a product that's going to be suitable for that smaller end business, at a more suitable price.


Mark Colegate: But when you look at the thrust of the policy, is it about helping clients not be on the receiving end of a cyber incident in the first place? Or is it much more about, I suppose taking the view that cyber incident is not inevitable but quite highly likely to happen so what you really need is help afterwards?


Rachel Stone: So it's a bit of both, so we obviously would always like to help clients to prevent a cyber incident whether that's discussing, you know, as underwriters, discussing that with them, we do have, risk management team as well. But in terms of the Respond product, it's very much focused on the instant response. So what instant response is, it's part of the policy, sort of the equivalent to an emergency plumber. So something goes wrong, you want the experts out to help you hold your hand so, like I said, going back to you know, you come into work on a Monday and all your systems are down. You want that expert team to be able to rely on to sort it out for you. You're not necessarily going to know what to do yourself. That's what we focused on for that small business.


Mark Colegate: And is the idea that over time, if you're a broker and you go for this sort of basic level of package, if your client gets comfortable with it, you can then talk to them about their more specific needs and you can build other elements of cover over time.


Rachel Stone: Yeah, that's exactly it. And I think it's, once they're on board, it's a much easier sell, and then they will hopefully see the benefit you know, I'm not saying hopefully they get a claim and see the benefit of a cyber policy. But once they have it in place and understand a bit more about it through discussions with the brokers and ours, then obviously they can then you know, at renewal whenever it is upgraded to our cyber complete product, which is the whole package, which you would, you know in terms of cover, that's what you expect to see across the market.


Mark Colegate: But if I put my really sceptical hat on and said, well, if I were a broker, I might say it all sounds great in theory, but these are you're talking about very small premiums. That means there's very little commission in it

I'm really not gonna get paid enough to make it worth my while to do this. And my client may well be running a very small business. And as you said earlier, £500 is a lot to pay on insurance. I spend a lot of time having a conversation that they just can't afford to buy this cover. I should ignore it and move on.


Rachel Stone: So there's two angles, maybe more angles, that come from here. So first is obviously a broker has a duty to their client to point out gaps in insurance. So I think especially cyber at the moment, you know, it's in the media everywhere, and then the other side of it, in terms of, you know, the whole commission argument is we've made this very easily tradable. So it's all online on our Fast Trade platform, which is on the website, and you can do it through Acturis which is a platform that a lot of brokers use. In terms of if you're thinking commission versus effort, I mean, yes, there's effort in having to bring it up with the client to push the sale, but in terms of actually trading it, we've made it as easy as possible to do so.


Mark Colegate: You've described a world of quite small premium business. I suppose I just raise the question is Aviva genuinely committed to this part of the market for the long term?


Rachel Stone: 100%. I think our key thing is sustainability We see the importance and the rising importance of cyber insurance. We very much want to keep that forever really. A cyber risk is only going get worse as we increasingly rely on IT in our lives and business so we're very much committed to keeping this momentum going with this smaller product and the rest of our products across the market, and just continually developing them.


Mark Colegate: Final question. What's your top tip for a broker? If you say well, I get that I should be getting involved in this as a conversation with my clients, but it just still feels, it feels tougher than going and talking to them about renewing the fleet insurance or buildings and contents Insurance.


Rachel Stone: Yeah. I think the key thing from a personal level from my broking experience is just practise. Just pick up the phone, bring it up with your clients. If you get stuck,you know we're here. This is what we're here for is to help.  To help brokers grow that confidence. But you really do just have to push yourself. Probably took me a good six months or so when I was broking to really get into a position where I felt comfortable talking about cyber. And unfortunately, there were some difficult questions clients asked me where I thought, Oh, my gosh, I really don't know the answer, but that's obviously how you learn. So I'll just say, keep pushing, and we're obviously here to help.


Mark Colegate: We have to leave it there. Rachel Stone, Thank you.


Rachel Stone: Thank you.



Want to find out more?

We're here to support you in providing cyber cover to your clients, speak to your usual Aviva Underwriter or visit our cyber page.

Find out more >