Archive | Cyber Liability Insurance RSS for this section
June 2, 2026  

Softening Insurance Market: What Businesses Need to Know

After several years of rising insurance costs, business owners may finally be seeing some welcome relief.

According to the latest Commercial Property & Casualty Market Index from The Council of Insurance Agents & Brokers, the commercial insurance marketplace is showing clear signs of softening. In fact, the first quarter of 2026 marked the first overall decline in commercial insurance premiums since 2017.

While insurance may not always be top of mind for business leaders, changes in the insurance marketplace can create meaningful opportunities or risks depending on how organizations respond.

What Is Happening in the Insurance Market?

The market is becoming increasingly competitive.

Insurance carriers are actively seeking quality business, expanding underwriting capacity, and demonstrating greater flexibility in both pricing and coverage terms. As competition increases, many organizations are seeing improved renewal outcomes.

Several major lines of coverage experienced premium decreases during the first quarter of 2026:

  • Commercial Property: -5.5%
  • Cyber Liability: -3.5%
  • Workers’ Compensation: -3.7%
  • Directors & Officers Liability (D&O): -2.1%
  • Employment Practices Liability (EPLI): -1.8%

This shift represents a significant departure from the hard market conditions businesses have faced over the last several years.

Why Is This Happening?

Insurance companies have spent years improving underwriting discipline, strengthening pricing models, and reducing exposure to poorly performing risks.

As profitability has improved in certain lines, carriers now have greater confidence to compete for desirable accounts.

Simply put, there is more capacity available in the marketplace and more carriers willing to pursue well-managed businesses.

For companies with strong loss histories and effective risk management practices, this creates opportunities that may not have existed just 12 to 24 months ago.

Not Every Line Is Improving

While many insurance buyers are benefiting from increased competition, one coverage line continues to face significant challenges: Commercial Auto.

Commercial auto premiums increased an average of 5.8% during the first quarter and remain one of the most difficult insurance segments in the market.

Several factors continue to drive losses:

  • Increased accident severity
  • Rising medical costs
  • Vehicle repair and replacement expenses
  • Distracted driving
  • Social inflation and large jury verdicts

For businesses with fleets or significant driving exposures, auto insurance will likely remain a challenge despite improvements elsewhere.

What This Means for Business Leaders

A softening insurance market does not automatically mean your company is receiving the best possible outcome.

Many organizations simply renew with the incumbent carrier year after year without evaluating alternative options or reviewing their coverage structure.

This environment presents an opportunity to:

Review Coverage Gaps

Many businesses reduced limits, increased deductibles, or eliminated coverage during the hard market to control costs. Now may be an appropriate time to revisit those decisions.

Explore Additional Markets

Increased carrier appetite often creates opportunities for more competitive pricing and broader coverage options.

Negotiate Better Terms

Premium is only one component of an insurance program. Improved coverage language, higher limits, reduced exclusions, and broader protection can often provide greater long-term value than premium savings alone.

Strengthen Risk Management

The companies receiving the most favorable treatment from insurers are typically those that can demonstrate strong operational controls, cybersecurity practices, employee training programs, and proactive risk management.

The Biggest Mistake Businesses Make in a Soft Market

Many organizations focus exclusively on lowering premiums.

While cost savings are important, the most successful insurance programs balance cost, coverage, and long-term protection.

A lower premium doesn’t help if a claim exposes a coverage gap that could have been addressed during the renewal process.

The best time to improve an insurance program is often when the market is competitive, not after a major loss occurs.

Final Thoughts

The commercial insurance market is providing opportunities that many businesses have not seen in years.

For organizations willing to evaluate their current program, review risk exposures, and engage proactively with the marketplace, 2026 may offer an opportunity to improve both cost and coverage.

If your business hasn’t recently reviewed its insurance strategy, now may be an ideal time to determine whether your current program still aligns with your risk profile and business objectives.

-JK

May 21, 2026  

Why SMBs Need Cyber Insurance for Third-Party Vendor Breaches

Small and mid-sized businesses rely heavily on cloud providers, SaaS platforms, payroll systems, CRMs, and other third-party technology vendors to operate. But as businesses become more connected, cyber risk is becoming more interconnected too.

Today, a single cyberattack on a shared technology provider can disrupt thousands of businesses at once including companies that were never directly targeted.

Why Cyber Risk Is Changing

Traditional insurance assumes losses happen independently. A fire at one business usually does not impact thousands of others simultaneously.

Cyber risk works differently.

Many businesses now rely on the same:

  • Cloud providers
  • SaaS platforms
  • Payroll systems
  • IT vendors
  • Communication tools

That means one cyber event can create widespread disruption across entire industries.

The Hidden Risk of Shared Vendors

Modern SaaS platforms are now critical operational infrastructure. Businesses depend on them for:

  • Payroll
  • Customer management
  • File storage
  • Internal communication
  • Workflow operations

This creates what insurers call cyber aggregation risk where many unrelated businesses unknowingly share the same exposure through common vendors.

A breach affecting one major provider can quickly impact thousands of downstream organizations.

Why This Matters for SMBs

Many SMBs assume cybercriminals mainly target large corporations. Increasingly, attackers focus on centralized vendors because compromising one platform creates leverage across many businesses at once.

That means your business can suffer a major cyber disruption even if:

  • Your systems were not directly breached
  • Your employees did nothing wrong
  • Your internal security is strong

Your operational resilience is now tied closely to the vendors and platforms you rely on every day.

Why Cyber Insurance Matters

Even strong cybersecurity controls cannot eliminate third-party vendor exposure.

Depending on coverage terms, cyber insurance may help businesses recover from:

  • Business interruption
  • Ransomware events
  • Data breach response costs
  • Fraud and social engineering losses
  • Regulatory and liability expenses

As businesses become more digitally connected, cyber insurance is becoming an increasingly important part of overall risk management.

Final Thoughts

Cyber risk is no longer isolated.

The bigger question for many businesses is no longer:
“Could we be hacked?”

It is:
“What happens if one of the vendors we depend on experiences a cyberattack?”

Because today, your business can suffer a significant cyber loss even when the attack did not originate with you.

-JK

October 20, 2025  

Guest Appearance: Talking Business and Insurance with Chris Chudacoff of True Point Lending

I recently had the opportunity to join my friend Chris Chudacoff on his podcast. It was an absolute honor.

Chris doesn’t cut corners. That’s immediately clear in the production quality of his podcast. It is evident in everything he does, personally and professionally.

For over 31 years, Chris has been helping clients secure the right real estate financing based on their goals and objectives. His company, True Point Lending, provides a noticeably different lending experience — one built on transparency, expertise, and genuine care for clients.

I’ve known Chris for several years, and he’s always my first call for any mortgage or real estate financing needs. I recommend him to family, friends, and clients without hesitation.

We had a great conversation about business, relationships, and the real challenges that come with building and protecting both.

👉 Watch the full episode here:

-JK

October 6, 2025  

Cyber Insurance Claims Drop 50% — But Smaller Businesses Are Now the Prime Targets

Cyber insurance claim severity dropped by more than 50% in the first half of 2025, according to Allianz Commercial’s Cyber Security Resilience 2025 report. That sounds like great news — until you dig deeper.

While large corporations are becoming harder to penetrate, attackers are pivoting toward smaller, less-protected firms — including professional services, tech startups, and manufacturers. In short: the battlefield has moved downstream.

The Shift: From Big Game Hunting to Small Business Targets

A few years ago, ransomware gangs chased multi-million-dollar payouts from global enterprises. Now, with those firms investing heavily in detection, response, and network segmentation, hackers are changing tactics.

Instead of targeting fortified enterprises, they’re going after smaller organizations with weaker defenses, faster paydays, and sensitive client data.

  • 88% of data breaches at SMEs in 2025 involved ransomware — compared to just 39% among large corporations.
  • Data theft (not encryption) is now the goal in 40% of large cyber claims — up from 25% in 2024.
  • Supply chain compromises caused 15% of large claim losses, more than doubling from the previous year.

Even more concerning: cloud intrusions surged 136%, as attackers exploit the same tools businesses rely on to stay connected.

Why Professional Services and Tech Firms Are in the Crosshairs

Professional service firms — law, accounting, marketing, and consulting — are increasingly being viewed as soft targets with high-value data.

These firms store client records, financial details, and intellectual property — a gold mine for threat actors seeking ransom leverage.

Meanwhile, human error remains the weak link. Nearly 60% of breaches stem from employee mistakes or manipulation. Social engineering and AI-generated phishing are driving credential theft.

It’s not just data loss anymore. Privacy-related litigation is exploding. There were 1,500 data privacy lawsuits filed in the U.S. last year alone.

The Silver Lining: Prevention Is Paying Off

Allianz’s data shows insured companies’ proactive measures are working:

  • Basic controls like patching, MFA, and network segmentation prevented many incidents entirely.
  • Firms with active detection and response systems saw claims costs reduced by as much as 1,000x.
  • Insured cyber losses rose only 70% over four years. This increase is small compared to a 250% rise in total global cybercrime costs.

In other words, insurance and prevention together create resilience.

What This Means for Your Business

If you’re a small or mid-sized business, the takeaway is clear: You are now the primary target.

Even if your company isn’t “big enough to hack,” your data — client files, contracts, or employee records — is.

Cyber insurance is no longer just a risk transfer tool; it’s a business continuity lifeline. Policies today not only pay for forensic recovery, legal defense, and ransom negotiation — they often include 24/7 access to cyber response teams that can contain incidents before they spiral.

Action Steps: Building Resilience in 2025 and Beyond

  1. Review your security controls: Enable multi-factor authentication across all systems and vendors.
  2. Train your employees: Human error drives most breaches. Ongoing awareness training matters.
  3. Map your vendor dependencies: Supply chain attacks are rising fast.
  4. Pair insurance with prevention: Use your policy benefits — hotlines, breach coaches, and vendor response partners — before you need them.
  5. Reevaluate your limits: Cyber claim severity may be down, but costs like regulatory fines and lawsuits are rising sharply.

Final Thought

The Allianz report confirms what many of us in the insurance industry have seen firsthand. The cyber threat landscape isn’t shrinking. It’s shifting.

For businesses that rely on client trust and data integrity, cyber insurance isn’t optional. It’s essential.

Because in 2025, the question isn’t if your systems will be tested — it’s how prepared you are when they are.

-JK

June 10, 2025  

Cybercriminals Are Targeting Small Businesses – Is Yours Next

Your Business Is Being Targeted—Even If You Don’t Realize It

It’s not just big corporations making headlines anymore. Small and midsize businesses are now prime targets for cybercriminals—and the numbers don’t lie.

Ransomware remains the most disruptive threat in today’s digital world. The newly released Cyber Threat Index 2025 from Coalition reveals how these attacks are happening. It shows why it’s time to take this risk seriously.

Startling Realities from the Report:

  • 58% of ransomware attacks in 2024 began with a breach of VPNs or firewalls
  • 18% involved remote desktop tools
  • 47% began with stolen or guessed login credentials
  • Email phishing and unpatched software rounded out the top attack methods

What This Means for Your Business

Think about the systems your team uses every day—remote logins, email, cloud apps. Now imagine they’re all frozen… encrypted by criminals demanding a six-figure ransom just to give you back control.

It’s not science fiction. It’s happening to businesses just like yours—some of them never recover.

The worst part? Most attacks succeed not because the defenses are complex, but because they’re familiar. Cybercriminals keep reusing the same tactics because they still work.

And while enterprise-level companies have IT teams monitoring for threats around the clock, many small and midsize businesses don’t. That’s where cyber insurance becomes more than a policy—it becomes a lifeline.

How Cyber Insurance Protects You:

A robust cyber insurance policy can help cover:

  • Ransom payments (where legal)
  • Digital forensics and IT recovery
  • Business interruption and income loss
  • Data restoration and rebuilding
  • Regulatory fines and legal defense
  • Customer notifications and credit monitoring

4 Things You Can Do Right Now:

  1. Harden remote access tools – Use multi-factor authentication (MFA) across VPNs and remote desktops
  2. Educate your team – A well-timed click on a phishing email can cost your business everything
  3. Patch and update software – Vulnerabilities in outdated tools are low-hanging fruit for attackers
  4. Review your cyber insurance – Your policy should reflect your current systems and risks

Final Thought:

Cybercriminals aren’t getting more creative—they’re just getting more persistent. And far too many businesses are still unprepared.

The good news? Cyber insurance remains one of the most affordable forms of protection available. This is especially true when compared to skyrocketing premiums you see in property or commercial auto.

If you’re not sure whether your coverage is enough, let’s have a conversation. Or if you don’t have cyber protection in place at all, let’s talk.

It could be the most important step you take for your business this year.

-JK

November 4, 2024  

POV: The Incredible Anxiety of a Cyber Attack

As someone who helps businesses with the placement of their insurance policies and with risk management advice, this video from Travelers Insurance hits powerfully when I watch it.

I’ve experienced this exact situation first-hand at least several times. A client calls in terror because their computer network was breached. They are either shut down to a point where not a single employee can get on the network to function. Alternatively, a hacker breaches their network and steals hundreds of thousands of dollars from their accounts.

The incredible fear and anxiety it creates is off the charts. This video is a true personification of this very circumstance.

My biggest piece of advice is please don’t think that your business is invincible to these types of circumstances. This CAN happen to any business, large or small.

The most crucial step a business can take to avoid a cyber attack is to establish a robust cyber security culture. This culture should include consistent employee training. Educate all team members on cyber hygiene practices. Teach them to recognize phishing emails. Encourage them to use strong, unique passwords. Additionally, ensure they secure their devices. Human error is one of the leading causes of data breaches. Employees who are aware of and actively follow security best practices can significantly reduce the risk of an attack.

Whether you have an internal IT team managing your computer network, or utilize a MSP (Managed Service Provider), ensure they have the proper protocols in place. These protocols should mitigate breaches within your computer network.

Also, don’t overlook a cyber insurance policy. It can help manage the costs of a cyber attack with both “1st Party Coverage.” This coverage focuses on your own losses and expenses directly resulting from a cyber incident. It also includes “3rd Party Coverage” to focus on liability to third parties affected by the cyber incident. This includes legal and regulatory costs.

The cyber insurance market is competitive as of the date of this post. This means rates are low for the coverage offered. Underwriting is also relatively soft. It’s not difficult to secure a robust policy with a low annual premium.

If you have questions about the above, reach out today. You might want to know about a recommended MSP (Managed Service Provider) for your business. Or you may have questions about the cost and terms of a cyber insurance policy.

-JK

September 26, 2024  

Cyber Risks Lead 2024 Business Concerns in Travelers Survey

For 11 years, Travelers has posted an annual Risk Index. The Risk Index is a survey that looks at the top concerns of U.S. businesses, and how they manage them.

Their 2024 survey takes a deep dive into the top concerns of U.S. business leaders from small, medium and large businesses across a wide range of industries.

Some of these risks involve well-known issues, like rising medical costs, broad economic uncertainty, and the ability to attract and retain talent.

Cyber risks are the #1 business concern in 2024 per the survey. 62% of the 1,200 or so respondents cited cyber as a top concern.

Cyber ranked higher as a concern than medical cost inflation (59%), increasing employee benefits costs (59%), broad economic uncertainty (59%), and the ability to attract and retain talent (54%). Medical cost inflation was the highest concern last year.

I included a link to the 2024 Risk Index above but here’s the LINK again for reference.

If you have questions about cyber insurance coverage or would like to see what the cost would be for a cyber insurance policy for your company, please contact me to discuss.

-JK

September 29, 2023  

Cyber Risks Remain a Top Business Concern

The 2023 Travelers Risk Index reveals that in an ever-changing world filled with fluctuating and emerging threats, cyber risks remain a top overall business concern.

The Travelers Risk Index provides an annual snapshot of risk viewpoints from over 1,200 business decision makers across the country. The 2023 survey looks at the top concerns of U.S. businesses and how companies are dealing with the risks they face every day. The survey participants represent small, mid-sized and large businesses from a variety of industries including construction, real estate, healthcare, technology, retail, transportation, wholesalers, professional services, manufacturing, banking/financial services, publicly traded, nonprofit and public sector.

Notably, 58% of survey participants say they worry about cyber risks.

The cyber concerns facing organizations include unauthorized access to financial accounts, a security breach/someone hacking into a system, system glitches, ransomware and someone using a phishing email to fool employees into transferring funds out of an organization.

See the results of the 2023 Travelers Risk Index and tips HERE.

September 13, 2023  

MGM Cyber Hack Has its Las Vegas Hotels Resorting to Cash Bars, Paper Vouchers

MGM Resorts International is a large publicly traded company with billions of dollars of annual revenues. So, reading the news about the cyber attack they’re currently facing might have you thinking that something like this only happens to those large, multi-billion publicly traded companies.

The reality, however, is that ALL businesses in today’s world, large and small, are exposed to cyber attacks in some way, shape of form.

First, a quick update to what’s going on here:

News like this takes center stage do to the notoriety of MGM Resorts International. However, let this be a lesson that the issues that MGM is facing are the same issues everyday main street businesses face from a cyber attack, just on a smaller scale.

Think about the repercussions of this cyber attack. Here’s a list to get you thinking:

First Party Damages

  • Loss of electronic data: the cost to repair damaged software or replace lost or stolen data from the cyber attack.
  • Cyber extortion: cyber criminals holding data and/or information hostage for a ransom; cost to help pay for the ransom.
  • Business interruption/loss of income: a data breach or cyber attack leaves you unable to operate your business. The lost income and expenses add up fast here.
  • Security fixes and cyber forensics: Costs of upgrading your security and investigating the data breach.
  • Notification and identity protection for affected customers: Cost of notifying customers impacted by data breaches and paying for identity protection.
  • Fraud and credit monitoring services: Cost of credit monitoring for any customers impacted by a data breach.
  • The impact on your business reputation: Costs of handling public relations and repairing the damage to your business reputation. Libel, copyright infringement, defamation.

Third-Party Liability

  • Damage to a third-party system (in case of an accidental virus transmission, for example)
  • Network Security and Privacy Liability: Liability for alleged negligence or that you failed to properly protect customer information.
  • Media Liability Claims: This includes accusations of libel, slander, fraud, etc.
  • Regulatory proceedings and or fines form regulatory bodies
  • Legal costs, settlements, and damage awards

So, what if this happened to your business tomorrow? You come to work in the morning and realize that you’re locked out of your entire network and not a single employee can get a single task done.

You have a ransom demand of $400,000 from a hacker.

Where do you start? Are you capable of doing this all alone? To pay the costs out of pocket? To deal with the IT forensics and loss of data? The network fixes and trying to get back to where you were before you shut down the night before?

If this reality hits you hard in the face, cyber liability/data breach insurance coverage is something you should consider to address these very circumstances.

Cyber insurance programs can team up with your managed IT provider to help with the list of costs and expenses to navigate through the mess caused by a cyber attack. And carriers have deep resources to help fix the mess and get you back to business much faster and more efficiently than trying to deal with this sort of mess alone.

There are many cyber insurance options out there. No two are the same. It’s important to work with a provider who knows the ins and outs of cyber insurance coverage.

Contact me today if you have questions about cyber insurance or would like to look at coverage and cost options.

Let’s hope that MGM gets this settled as quickly as possible for all involved.

May 24, 2023  

Top 9 Industries Vulnerable to Ransomware Attacks

Some industries are more vulnerable to ransomware attacks than others, both because of inherent vulnerabilities in some industries and because hackers historically have targeted these industries more often.

Looking at it from a top-down risk perspective, the industries subject to ransomware attacks the most in 2021 according to BlackFog (in descending order) were:

  1. Government
  2. Education
  3. Healthcare
  4. Technology
  5. Services
  6. Manufacturing
  7. Retail
  8. Utility
  9. Finance

This list can give a general idea of where your business or industry may fall for big-picture risk.

Ransomware is a type of malicious software (malware) designed to encrypt files on a victim’s computer or network, making them inaccessible and unusable. The attackers behind ransomware demand a ransom, typically in the form of cryptocurrency, in exchange for providing the decryption key to restore the files.

Ransomware attacks can have severe consequences for businesses, and organizations. They can result in data loss, financial losses, operational disruptions, reputational damage, and legal implications.

It is crucial to have strong cybersecurity measures in place, including regular data backups, up-to-date software, strong passwords, and security awareness training, to help prevent and mitigate the impact of ransomware attacks.

If you are looking for a reputable cybersecurity company, outsourced IT provider, or cyber insurance options, contact me and I can connect you with local trusted providers to help your business to help prevent ransomware losses from affecting your daily business operations.

Sources: “The State of Ransomware in 2021” BlackFog; Risk Placement Services, Inc

« Older Posts