The Association of British Insurers (ABI) has, for the first time, revealed that 99% of claims made (207) on ABI member cyber insurance policies in 2018 were paid*. This is one of the highest claims acceptance rates across all insurance products.
Despite this, the take-up rate of cyber insurance by businesses in the UK is still worryingly low, with the overall market size estimated at less than a tenth of the size of the UK’s pet insurance market**. Just 11% of businesses are thought to have a specific cyber insurance policy in place, meaning millions of businesses could be at risk.
The UK has the potential to be a world leader in cyber insurance, but the inability to access raw breach data risks limiting the potential of the market. The ABI has been asking the Information Commissioner’s Office (ICO) to make anonymised cyber breach data publicly available, which would enable insurers to price risk more accurately and manage exposure more effectively by feeding this data directly into their modelling.
Ultimately, this would make cyber insurance more widely available, more accurately priced and better tailored to each business.
Unfortunately, the ICO has yet to agree. The ABI will continue to work with the ICO to find a solution that enables both innovation and data privacy in the cyber market.
James Dalton, the ABI’s director of general insurance policy, commented: “Cyber insurance is a valuable product. The claims acceptance rates speak for themselves and the additional support a business receives, beyond dealing with the pure financial losses, is a key attribute of most cyber insurance policies, but too often overlooked.”
Dalton added: “Data is key to insurers’ ability to better understand and more accurately price cyber risk. We need the ICO to work with us to find what data can be shared to help insurers provide more cover to the many businesses that need it in this digital age.”
Cyber cover provides extensive services focused on preventing a breach from occurring in the first place, as well as helping with the recovery and management of costs associated with an attack. Recent high-profile cases of cyber breaches have included those involving British Airways and the Marriott International Group, which highlight just how important this type of cover is.
Value of cyber insurance
Cyber business interruption loss: If a cyber attack interrupts business operations, insurers will cover the loss of income during the period of interruption and beyond. This can be a critical safety net as a company looks to recover its normal working pattern
Privacy breach costs: This protection will cover the business for costs arising from dealing with a security breach. For example, notifying customers of a cyber breach, the costs of hiring a Call Centre to answer customer enquiries, the costs of public relations advice, IT forensic costs, any resulting legal fees and the costs of responding to regulatory bodies
Cyber extortion cover: This protects the business from ransomware and other malicious attempts to seize control of operational or personal data until a fee is paid. This clause will typically provide for a reimbursement of the ransom amount demanded by the attacker as well as any consultant fees to oversee the negotiation
Hacker damage: This protects a business from damage inflicted by a hacker on digital assets. In particular, it provides protection against the loss, corruption or alteration of data as well as the misuse of computer programs and systems
Media liability: This protects a business in the event that the digital media presence leads to a party bringing a claim against the company for libel, slander, defamation or the infringement of Intellectual Property rights. This is especially important for companies that rely on the transmission of digital data via e-mail, a website or a large social media presence
Cyber forensic support: This aspect of cover provides for near immediate 24/7 support from cyber specialists recommended by the insurer in the period following a hack or data breach. These specialists are able to assess a company’s systems, identifying the source of any breach and suggesting preventative measures for the future
*This is based on the 207 cyber claims that were made and settled in 2018, of which 205 were paid.
**Recent estimates suggest that there is $3.5 billion worth of cyber premium underwritten around the world – 85% of which is thought to be US risk. The ABI estimates that less than £100 million (approximately £80 million in 2017) is for UK risk, while the UK pet insurance market is more than £1.1 billion in size