Lost in Translation: Bridging the Cyber Policy Communication Gap with Brandy Vargas

This is a companion blog to the “The SafeHouse” podcast dated July 31, 2025.

In today’s digital landscape, small to midsize businesses (SMBs) face growing risks from cyber threats, yet many remain unprepared or unaware of how to navigate the complexities of cyber insurance. Brandy Vargas, Senior Manager of Cyber Solutions at Crum & Forster, shares invaluable insights on how SMBs can better understand and utilize their cyber insurance policies—not just as a safety net but as an active tool for prevention, response, and resilience.

Listen to the original podcast here: https://safehouseinitiative.org/lost-in-translation-bridging-the-cyber-policy-communication-gap-with-brandy-vargas/

Understanding Cyber Insurance: More Than Just a Policy

Cyber insurance is fundamentally different from traditional insurance, and this distinction often leads to misunderstandings among SMB owners. Brandy emphasizes that having a cyber policy is not merely about transferring financial risk after an incident occurs; it’s about engaging proactively with your insurer and broker to understand the full scope of coverage and support available.

“Cyber insurance is very different than other types of insurance. When you have an incident or suspect one, the best thing you can do is not just go out and get vendors on your own but call your carrier first.”

This approach ensures that the response is aligned with policy terms and helps preserve important legal protections. Acting independently without involving your insurer can jeopardize coverage and lead to costly mistakes.

Demystifying the Incident Response Process

One of the biggest challenges SMBs face is knowing what to do when a cyber incident happens. Brandy and her team at Crum & Forster work closely with insureds to guide them through incident response—helping them understand who to call, what steps to take, and how to engage with the right vendors.

She notes that many SMBs experience their first cyber incident without prior preparation, which can be overwhelming and frightening. The onboarding process and targeted workshops offered by carriers are essential to set clear expectations and help businesses feel supported during these crises.

“We try to take them through and break it down: here’s what to expect, here are the free resources available as part of your policy, and here’s how we assist when an incident occurs.”

These resources often include access to incident response vendors, law firms, forensic experts, and even ransom negotiators—all coordinated through the insurer to streamline the process and reduce the burden on the business.

Bridging the Communication Gap: Simplifying Cybersecurity for SMBs

Technical jargon and complex policy language can intimidate SMB owners. Brandy recommends using relatable analogies to make cybersecurity concepts more accessible. For example, comparing cyber defenses to home or bank security can help demystify the topic and reduce fear.

She also stresses the importance of context when answering underwriting questions, as policies often require yes/no answers but sometimes contain gray areas. Providing context helps underwriters assess the overall risk more accurately.

“Let’s cut through the marketing jargon of the products you have and talk about the capabilities and balance of risk in your own language.”

Building a strong relationship with brokers and carriers is key to ensuring meaningful conversations that clarify coverage details and help SMBs make informed decisions.

Common Misunderstandings and the Importance of Onboarding

Many SMBs misunderstand that cyber insurance is not just a financial fallback but a comprehensive service that includes prevention, response, and recovery support. Brandy highlights that the onboarding process offered by carriers is crucial for educating insureds about how to use their policies effectively.

During onboarding calls, businesses learn about:

• Incident response protocols
• Panel versus non-panel vendors
• Policy retention amounts and exclusions
• Available free resources such as phishing simulations and security awareness training

These sessions are typically short but impactful, providing clarity and confidence to businesses that may otherwise feel lost during an incident.

Leveraging Free Resources to Strengthen Cyber Defenses

Many SMBs hesitate to invest heavily in cybersecurity tools due to cost concerns. Brandy points out that cyber insurance policies often include valuable free resources that can significantly improve security posture at no extra cost.

“Investing five or ten thousand dollars into phishing and security awareness training can be a lot for SMBs. If you can get that free as part of your policy, those are things that will save you money in the long run.”

Other resources may include incident response plan templates, tabletop exercises, and access to expert consultations. Taking advantage of these tools helps businesses offset their premium costs by reducing the likelihood and impact of cyber incidents.

Why Every SMB Should Have Cyber Insurance—and Use It Wisely

Despite the risks, less than 5% of SMBs have standalone cyber insurance policies. Brandy and her colleagues see this as a critical gap that education and awareness can help close.

She urges SMBs to think beyond contractual obligations and recognize the comprehensive value cyber insurance brings:

• Coverage for forensic investigations and legal advice
• Support with ransom negotiations and payments if needed
• Costs for data breach notifications, credit monitoring, and remediation
• Protection against potential lawsuits following an incident

Brandy’s core advice is simple but powerful:

“If you are connected to the internet, you are a target. Don’t try to deal with a cyber incident alone. Have cyber insurance and make that phone call when something happens.”

Delaying or mishandling response efforts often leads to repeat incidents and greater financial loss. Early engagement with your insurer’s incident response team is essential to containing damage and ensuring a smoother recovery.

Final Thoughts: Building Cyber Resilience Through Partnership

Ultimately, cyber insurance is not just a policy—it is a partnership. SMBs must forge strong connections with their brokers and carriers to receive expert advice, leverage free resources, and navigate incidents with confidence.

Brandy Vargas highlights that the best step an SMB can take today is to reach out, ask questions, and participate in onboarding and education opportunities. This proactive approach builds resilience and helps businesses face the inevitable cyber threats with greater preparedness.

“Take the guidance and understand it. Meet with your broker and carrier, get the free consulting, and don’t shy away from asking questions. It’s one of the best things you can do to improve your security posture.”

Cyber risk is a reality for every business connected to the internet. By bridging the communication gap and embracing the full value of cyber insurance, SMBs can protect their operations, their customers, and their futures.

For more information about the SafeHouse Initiative and how you can protect your organization, visit safehouseinitiative.org.