Consortium of Leading Cyber Technology and Insurance Providers Announce the Launch of SafeHouseInitiative.org
January 17, 2023
No Comments
This is a companion blog to the “The SafeHouse” podcast dated July 10, 2025.
Cyber insurance is a rapidly evolving field that many small to medium-sized businesses (SMBs) still overlook or misunderstand. Despite increasing cyber threats, the uptake of cyber insurance remains surprisingly low, often due to gaps in broker knowledge and the complexity of the application process. Drawing on insights from Ryan Mercer, Vice President of Cyber and Errors & Omissions at McGriff brokerage, this article explores why cyber insurance is not being pitched as widely as it should be, the challenges brokers face, and practical advice for SMBs looking to protect themselves.
Listen to the original podcast here: https://safehouseinitiative.org/the-broker-disconnect-why-isnt-cyber-being-pitched-with-ryan-mercer/
Ryan Mercer has been immersed in the cyber insurance space for over a decade, advising companies ranging from SMBs to Fortune 50 corporations. His journey began at AON, where he transitioned from general insurance to specializing in cyber insurance around 2016-2017. Since joining McGriff five years ago, Ryan has focused entirely on helping clients understand and navigate the complexities of cyber risk and insurance.
“I’m an adviser in the placement of cyber insurance for companies in the SMB space all the way up to the Fortune 500,” says Ryan. “I look forward to walking through a lot of the risks and trends in the cyber insurance world.”
One startling revelation is the low adoption rate of cyber insurance among SMBs—estimates suggest uptake is between just 4% and 8%. Ryan identifies several reasons for this:
Ryan sums it up well:
“There’s low uptake because the product is young, brokers aren’t always comfortable selling it, and historically the cost was a barrier. But that’s changing.”
Education is key to bridging the gap between SMBs and cyber insurance. Ryan emphasizes that brokers need to become more consultative by understanding cybersecurity basics and insurance underwriting requirements. This shift is already underway, especially given the increasingly detailed application processes.
Ryan explains:
“Brokers should seek expertise through partnerships with wholesale brokers or carriers who can provide more detailed education. Increasing the ‘Cyber IQ’ of the property and casualty industry will lead to better client outcomes.”
The cyber insurance application process has dramatically changed in recent years. Where once it might have been a simple, short questionnaire, today it can be lengthy and technical, sometimes involving network scans and penetration testing by carrier teams or managing general agents (MGAs).
Ryan outlines this evolution:
“Before 2020, underwriting was light; questions were asked but didn’t heavily influence decisions. After the market shifted, carriers began demanding more detailed information and security controls.”
However, not all SMBs face the same requirements. The underwriting process varies by company size and complexity. Automated underwriting solutions from companies like Coalition, Appbay, Corvvis, and Cowbell now scan networks digitally to streamline quoting for smaller businesses.
Experienced brokers can add tremendous value by reviewing client applications upfront and advising on potential roadblocks. Ryan gives a practical example:
“If a company with $50 million in revenue lacks multi-factor authentication (MFA) or endpoint detection and response (EDR), brokers know that will lead to poor insurance terms. Advising clients to implement these controls before applying can save money and improve coverage.”
This kind of proactive guidance helps SMBs not only qualify for cyber insurance but also strengthen their overall cybersecurity posture.
As cyber threats grow more sophisticated, brokers are being called upon to act as advisors who understand both insurance and cybersecurity fundamentals. Ryan acknowledges this expanded role but also highlights the importance of knowing professional boundaries:
“I’m passionate about brokers being consultative to help clients understand what underwriters value. But I also know when to defer to CISOs or cybersecurity vendors who have deeper technical expertise.”
One of the most actionable pieces of advice Ryan offers concerns what to do when a cyber incident occurs. Having cyber insurance is only part of the equation; timely notification to your broker and insurer is crucial for a smooth claims process and effective recovery.
“When a cyber incident happens, call your broker first or second. Keep them informed and have your incident response providers pre-arranged. This coordination reduces heartburn during claims and improves recovery outcomes.”
Cyber insurance remains an essential tool in managing today’s cyber risks, especially for SMBs. Yet, uptake is hindered by broker knowledge gaps, evolving underwriting requirements, and cost concerns. By becoming more educated and consultative, brokers can better serve their clients, helping them secure more competitive coverage and strengthening their cybersecurity practices.
For SMBs, the takeaway is clear: invest in foundational security controls like MFA and EDR, work closely with knowledgeable brokers, and have a plan in place for incident notification. This approach not only improves your chances of obtaining cyber insurance but also ensures you’re better prepared to respond if a cyber event occurs.
As Ryan Mercer puts it:
“The cyber insurance market is dynamic and growing. With the right education and partnership between brokers and clients, we can close the disconnect and make cyber insurance a valuable part of every company’s risk management portfolio.”
Stay informed, stay resilient, and make cyber insurance work for you.
For more information about the SafeHouse Initiative and how you can protect your organization, visit safehouseinitiative.org.
