For much of the past five years, the biggest worry for many commercial insurance clients has been brutally tangible: the soaring cost of rebuilding. Conversations were dominated by materials inflation, labour shortages and construction delays after COVID-19. Today, those concerns are still there – but they are no longer centre stage. Brokers are reporting that their clients’ top concern has become something less visible and arguably far more unnerving: cyber risk. In a troubling twist, the same clients are also often struggling to attract and retain the people they need to manage that threat and keep their businesses resilient.
Nick McLardy (main picture, left), CEO of McLardy McShane Insurance Advisor (MMIA), has seen a clear shift in the questions many clients are asking and the fears they’re willing to voice.
“In the past, a lot of the conversation was around the cost of building, material costs, cost of labour, largely off the back of COVID,” he said. “While that's still certainly relevant, I think most of the conversations we're having are turning to that cyber technology threat and how we tackle that.”
That evolution has been driven as much by headlines as by actuarial trends. High-profile data breaches at major corporates - like Optus or Qantas - have given SMEs and mid-market firms a stark sense of their own vulnerability. When giants with deep IT budgets and security teams are breached, smaller manufacturers, hospitality operators and professional services firms instinctively understand that they are not beneath a hacker’s notice.
For clients, this has fundamentally changed the risk hierarchy. The question is no longer only “Can we afford to rebuild?” but “Can we afford to be shut down overnight?” Cyber has moved into the core of business continuity planning, and clients are looking to brokers to translate a highly technical, fast-moving threat into practical risk transfer and risk management strategies.
Part of what makes cyber uniquely worrying for clients is that it defies the neatness of traditional insurance thinking. A fire, flood or storm is devastating, but conceptually familiar; the pathways to prevention, protection and recovery are relatively well understood. Cyber is different: it is constantly evolving, often opaque and deeply entangled with every operational process a business runs.
McLardy is frank about the limits of what any policy can do.
“It's probably a matter of “when”, as opposed to “if” your business will be impacted, whether that be you directly or through a third-party incident,” he said. “Insurance provides a level of comfort, but it's certainly not a golden ticket to cover off all the exposures you have.”
That reality is reshaping broker–client conversations. Cyber cover can provide crucial incident response, forensics, business interruption and liability protection, but it cannot, on its own, guarantee survival. For clients, the message is uncomfortable but necessary: you cannot buy your way out of cyber risk. You can only reduce its likelihood and impact – and you must assume some level of breach is inevitable.
As a result, brokers are being pushed into a broader advisory role. They are interrogating clients’ controls and vendor dependencies, pushing for staff training and incident plans, and explaining where coverage stops and operational responsibility begins. The most effective brokers are using the cyber discussion as a gateway to talk about governance, culture and resilience, not just premium and limits.
If cyber is now the sharpest expression of client anxiety, it is tightly bound up with another pervasive concern: recruitment and talent challenges. That applies not just to the insurance market but, crucially, to clients’ own businesses.
Lisa Carter (main picture, right), CEO of Clear Insurance, says the theme is remarkably consistent across her portfolio.
“Everyone is struggling with people,” she said. “For example, the hospitality industry, in particular, which is a large portion of our client portfolio, they are really struggling with retaining talent, attracting talent, and just holding on to their staff.”
For clients, this isn’t just a staffing issue; it directly increases their exposure to operational and cyber losses. High turnover and chronic vacancies undermine safety culture, increase the risk of procedural errors and weaken the control environment that underwriters rely on. New or casual staff in pubs, clubs, restaurants or frontline service roles are more likely to click a malicious link, mishandle sensitive customer information or bypass security steps in the rush to get the job done.
Remote work expectations and demands for greater work–life balance, while often positive for employees, add extra layers of complexity. Training, supervision and compliance are harder to maintain when teams are dispersed. For under-resourced clients – from regional hospitality venues to professional firms with hybrid workforces – carving out the time and budget for cyber awareness programs, incident simulations and vendor due diligence becomes a constant struggle, even as their exposure climbs.
From an industry perspective, Carter believes insurance needs to lift its game on attracting and developing talent, including through clearer career pathways and stronger outreach into schools and universities. Without that, brokers will be trying to guide clients through the most complex risk landscape in decades with too few skilled hands-on deck.
The new hierarchy of client fear – and the broker’s role
Taken together, these broker perspectives suggest a reshaped hierarchy of client worry. The old fears – construction costs, supply chain disruption, inflation – remain real. But above them now sits a twin anxiety: a relentless, partly uninsurable cyber threat, and a systemic shortage of people and skills to defend against it.
