Brokers must lead clients beyond risk transfer and into true cyber resilience.
“If you want to be resilient, you need to have readiness.”
That was the message from Margaux Weinraub (pictured), cyber practice leader at Graham Company, a Marsh McLennan Agency company, who said many organizations are still stuck in a narrow mindset – treating cyber insurance purely as a transfer mechanism, not as a proactive resilience tool.
Too often, she said, the broader value embedded in today’s cyber policies goes unused. “There’s a myriad of available resources,” Weinraub said, pointing to pre-breach services like forensics, legal counsel, compliance support, tabletop exercises, and access to vetted vendors. “There is so much value in having a cyber policy – not just when the incident happens.”
But the biggest risks today aren’t always direct breaches. They’re systemic. And most organizations still don’t fully grasp what that means.
Weinraub warned that reliance on external vendors introduces vulnerabilities that ripple far beyond the initial point of failure. “What about the hundreds, or thousands, or tens of thousands of organizations that rely on a vendor that’s been compromised?” she said. “Companies need a response plan for when their key service providers go down.”
That concern is no longer theoretical. The market has already been rocked by high-profile outages in 2024, including CrowdStrike, CDK Global, and Change Healthcare – incidents with sweeping downstream effects. “What if those went on longer?” Weinraub asked. “Ensuring that cyber policies can respond is what we’re constantly working at.”
Despite the rising tide of cyber claims, the industry still struggles with data immaturity. “Cyber insurance is less than 30 years old,” she said. “We don’t have multiple decades of data to model systemic exposures or aggregation risk.”
That lack of actuarial history complicates catastrophe modeling – but Weinraub also sees opportunity in the industry youth. “It’s driven a level of collaboration that we rarely see in more established lines,” she said. “Sharing data helps us leverage analytics and empowers organizations to make smarter, faster decisions.”
On the capacity front, she added, the market is expanding – not retreating. “We’re seeing supply chain perils being considered. Bodily injury is being discussed. We’re seeing creativity and uniqueness in underwriting, even from traditional players who are reevaluating policy language.”
Rate relief has followed in some quarters, but that’s no excuse for complacency. “A policy written in 2025 looks very different than one written in 2022 or 2015,” she emphasized. “That’s how quickly coverage is evolving.”
The list of exposures continues to grow – biometric data, cybercrime, AI-powered attacks. Even the traditionally rigid war exclusion is being amended and refined, with carvebacks now a more common feature.
Much of this change accelerated during the pandemic, as companies expanded their digital footprints and became more reliant on cloud and SaaS providers. “When the pandemic hit, it expanded how organizations maintained their footprint,” Weinraub said. “There were more locations, more vendors, and more IP addresses in play.”
Yet amid this growing complexity, speed remains the defining success factor when a breach occurs. The first 24 hours are critical.
“Time is of the essence,” she said. “That’s how we ensure an effective incident response.”
Brokers, she stressed, need to be on the frontline – not just arranging policies but guiding clients through the triage process. “We are their risk management consultants,” Weinraub said. “We are their fearless and relentless advocates when a cyber event occurs.”
That means knowing the client’s reporting process, understanding which policies (beyond cyber) could respond, and helping bridge gaps with insurers, vendors, and legal teams.
Information sharing must also keep pace with the threats. Real-time collaboration across insurers, MGAs, government agencies, law firms, and forensic firms is no longer optional – it’s critical.
“That information sharing is creating a more resilient cybersecurity ecosystem,” Weinraub said.
She cited the industry’s ongoing response to Scattered Spider, a sophisticated threat group targeting financial institutions, as an encouraging example of evolving coordination. Still, she warned, the work is far from done.
“Organizations don’t just work with one vendor anymore,” she said. “They have layers of redundancy, but that also means more risk. And that exposure will continue to expand.”
