Background & Challenge
A mid-sized construction firm with $80 million in annual revenue faced significant challenges during its cyber liability policy renewal. The firm had a history of cyber incidents, including:
- A network security breach that locked up payroll functions.
- A business email compromise (BEC) incident where bad actors sent fraudulent emails impersonating the CFO, leading to attempted invoice manipulations.
Although the financial losses from these incidents were not catastrophic, they revealed gaps in the firm’s cybersecurity controls. Despite recent investments in improving their security posture, the firm faced steep premium increases, higher retentions, and the threat of reduced coverage from their incumbent carrier. Specifically, their renewal terms proposed:
- A $3 million limit with a $100,000 retention (up from $25,000).
- A premium increase from $30,000 to $65,000.
The incumbent carrier’s stance made it clear they no longer saw the firm as a desirable risk, providing what is often termed a "go-away" quote.
Flow’s Approach
Our team took a comprehensive, multi-step approach to turn the situation around:
- Understanding the Client's Security Enhancements
We conducted an in-depth review of the firm’s recent cybersecurity upgrades, including:
- Upgraded firewalls and mobile device management policies.
- Quarterly employee training sessions on phishing and credential hygiene (up from annual training).
- Implementation of phishing simulations and internal newsletters highlighting cyber threats.
- Engaging the Client and Their Agent
We collaborated with the firm's agent and leadership team to build a unified strategy, emphasizing the significant improvements in their risk management practices.
- Targeted Marketing Strategy
Given the challenges with the incumbent carrier, we decided to go to the full market. Our focus was on:
- Highlighting how past claims were addressed through strengthened controls.
- Showcasing management buy-in and a top-down approach to cybersecurity improvements.
- Demonstrating the firm’s proactive steps to improve vendor security, including requiring key vendors to carry errors and omissions (E&O) insurance.
- Finding the Right Carrier Partner
We targeted carriers with experience in the construction industry, emphasizing the firm’s evolving security posture and commitment to mitigating risks.
Outcome
Through our efforts, we achieved a more favorable renewal outcome with a new carrier that provided:
- Lower premium: A $3 million limit with a $25,000 retention for $35,000 (vs. $65,000 with the incumbent).
- Increased coverage options: A $5 million limit with a $50,000 retention for $50,000.
- Value-added services: The new carrier offered ongoing risk management resources, including:
- Vendor security reviews.
- Phishing campaign assessments.
- Credential testing and policy recommendations.
These improvements not only reduced costs but also positioned the firm to better handle evolving cyber threats while maintaining comprehensive protection.
Key Takeaways
- Cyber risks are evolving rapidly across industries Construction firms face unique risks like payment fraud, ransomware, and supply chain vulnerabilities, requiring tailored insurance solutions.
- Proactive risk management pays off Highlighting cybersecurity improvements and aligning them with carrier requirements can mitigate premium increases and enhance coverage.
- The right partner matters Selecting a carrier experienced in industry-specific risks ensures tailored coverage and access to additional support services.
- Collaboration is key Engaging insureds, agents, and carriers in a transparent and strategic process can transform challenging renewals into opportunities for better protection and savings.
Contact us to learn more about how partnering with Flow can protect your business.
.webp)
.webp)
.png){kind=small}
