“Cyber insurance pay-out rates at 99%, but uptake still far too low” warns ABI

The Association of British Insurers (ABI) has, for the first time, revealed that 99% of claims made (207) on ABI member cyber insurance policies in 2018 were paid*. This is one of the highest claims acceptance rates across all insurance products.

Despite this, the take-up rate of cyber insurance by businesses in the UK is still worryingly low, with the overall market size estimated at less than a tenth of the size of the UK’s pet insurance market**. Just 11% of businesses are thought to have a specific cyber insurance policy in place, meaning millions of businesses could be at risk.

The UK has the potential to be a world leader in cyber insurance, but the inability to access raw breach data risks limiting the potential of the market. The ABI has been asking the Information Commissioner’s Office (ICO) to make anonymised cyber breach data publicly available, which would enable insurers to price risk more accurately and manage exposure more effectively by feeding this data directly into their modelling.

Ultimately, this would make cyber insurance more widely available, more accurately priced and better tailored to each business.

Unfortunately, the ICO has yet to agree. The ABI will continue to work with the ICO to find a solution that enables both innovation and data privacy in the cyber market.

James Dalton, the ABI’s director of general insurance policy, commented: “Cyber insurance is a valuable product. The claims acceptance rates speak for themselves and the additional support a business receives, beyond dealing with the pure financial losses, is a key attribute of most cyber insurance policies, but too often overlooked.”

Dalton added: “Data is key to insurers’ ability to better understand and more accurately price cyber risk. We need the ICO to work with us to find what data can be shared to help insurers provide more cover to the many businesses that need it in this digital age.”

Cyber cover provides extensive services focused on preventing a breach from occurring in the first place, as well as helping with the recovery and management of costs associated with an attack. Recent high-profile cases of cyber breaches have included those involving British Airways and the Marriott International Group, which highlight just how important this type of cover is.

Value of cyber insurance

Cyber business interruption loss: If a cyber attack interrupts business operations, insurers will cover the loss of income during the period of interruption and beyond. This can be a critical safety net as a company looks to recover its normal working pattern

Privacy breach costs: This protection will cover the business for costs arising from dealing with a security breach. For example, notifying customers of a cyber breach, the costs of hiring a Call Centre to answer customer enquiries, the costs of public relations advice, IT forensic costs, any resulting legal fees and the costs of responding to regulatory bodies

Cyber extortion cover: This protects the business from ransomware and other malicious attempts to seize control of operational or personal data until a fee is paid. This clause will typically provide for a reimbursement of the ransom amount demanded by the attacker as well as any consultant fees to oversee the negotiation

Hacker damage: This protects a business from damage inflicted by a hacker on digital assets. In particular, it provides protection against the loss, corruption or alteration of data as well as the misuse of computer programs and systems

Media liability: This protects a business in the event that the digital media presence leads to a party bringing a claim against the company for libel, slander, defamation or the infringement of Intellectual Property rights. This is especially important for companies that rely on the transmission of digital data via e-mail, a website or a large social media presence

Cyber forensic support: This aspect of cover provides for near immediate 24/7 support from cyber specialists recommended by the insurer in the period following a hack or data breach. These specialists are able to assess a company’s systems, identifying the source of any breach and suggesting preventative measures for the future

*This is based on the 207 cyber claims that were made and settled in 2018, of which 205 were paid.

**Recent estimates suggest that there is $3.5 billion worth of cyber premium underwritten around the world – 85% of which is thought to be US risk. The ABI estimates that less than £100 million (approximately £80 million in 2017) is for UK risk, while the UK pet insurance market is more than £1.1 billion in size

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts