While addressing a room full of Government officials, peers and industry leaders alongside Baroness Neville-Jones (former chair of the Joint Intelligence Committee), James Dalton, the director of general insurance policy at the Association of British Insurers (ABI), has stepped up the ABI’s calls for access to anonymised breach data from the Information Commissioner’s Office (ICO).
Dalton was speaking at the launch of the Digital Policy Alliance’s primer on cyber insurance, which is aimed at increasing awareness and take-up of cyber cover among British businesses. He called for a redoubling of efforts to enable industry’s access to the necessary data, which has been well received across Whitehall.
“One of the most significant issues with cyber insurance pricing and underwriting is the lack of robust data on cyber risk,” asserted Dalton. “Unlike colleagues in the property insurance sector who can rely on hundreds of years of claims experience, cyber underwriters do not have such a wealth of information. Progress in delivering this access with the ICO has not been as swift as we would have liked. Ultimately, a healthier cyber insurance market is good for businesses, good for the economy and, most importantly, good for all of us as customers of businesses dealing with ever-increasing amounts of our data.”
Dalton stressed: “Our ‘ask’ is for a refocusing of minds and a redoubling of effort to get a meaningful sharing of the ICO’s data over the line.”
Dalton also reiterated his firm rebuttal to suggestions of product standardisation across the cyber market. “There have been proposals from various stakeholders to impose product standardisation in the cyber insurance market. In our view, these must be firmly resisted. Cyber risk is constantly changing and evolving. As a consequence, insurers need to frequently adapt and change their policy wordings, question sets and underwriting approaches in order to ensure that they’re best serving their customers, while at the same time managing their exposures prudently in line with their regulatory responsibilities.”
Dalton added: “It’s misguided to attempt to impose standards on the cyber insurance market, and especially one that’s in its relative infancy and needs flexibility to respond to an ever-changing cyber risk landscape.”