The Association of British Insurers has, for the first time, revealed that 99% of claims made (207) on ABI-member cyber insurance policies in 2018 were paid. This is one of the highest claims acceptance rates across all insurance products.
Despite this, the take-up rate of cyber insurance by businesses in the UK is still worryingly low, with the overall market size estimated at less than a tenth of the size of the UK’s pet insurance market. Just 11% of businesses are thought to have a specific cyber insurance policy in place, meaning millions of small businesses could be at risk.
The UK has the potential to be a world leader in cyber insurance, but the inability to access raw breach data risks limiting the potential of the market. The ABI has been asking the Information Commissioner’s Office (ICO) to make anonymised cyber breach data publicly available, which would enable insurers to price risk more accurately and manage exposure more effectively by feeding this data directly into their modelling. Ultimately this would make cyber insurance more widely available, more accurately priced and better tailored to each business.
Unfortunately, the ICO has yet to agree. The ABI will continue to work with the ICO to find a solution that enables both innovation and data privacy in the Cyber market.
James Dalton, the ABI’s Director of General Insurance Policy, commented: “Cyber insurance is a valuable product – the claims acceptance rates speak for themselves and the additional support a business receives, beyond dealing with the pure financial losses is a key attribute of most cyber insurance policies, too often overlooked.
“Data is key to insurers’ ability to better understand and more accurately price cyber risk. We need the ICO to work with us to find what data can be shared to help insurers provide more cover to the many businesses that need it in this digital age.”
Cyber cover provides extensive services focused on preventing a breach from occurring in the first place, as well as helping with the recovery and management of costs associated with an attack. Recent high-profile cases of cyber breaches have included British Airways and Marriott International, which highlight just how important this type of cover is.
What is the value of cyber insurance?
- Cyber business interruption loss: If a cyber-attack interrupts your business operations, insurers will cover your loss of income during the period of interruption and beyond. This can be a critical safety net as you look to recover your normal working pattern.
- Privacy breach costs: This protection will cover your business for costs arising from dealing with a security breach. For example, notifying customers of a cyber breach, the costs of hiring a call centre to answer customer enquiries, the costs of public relations advice, IT forensic costs, any resulting legal fees and the costs of responding to regulatory bodies.
- Cyber extortion cover: This protects your business from ransomware and other malicious attempts to seize control of your operational or personal data until a fee is paid. This clause will typically provide for a reimbursement of the ransom amount demanded by the attacker as well as any consultant fees to oversee the negotiation.
- Hacker damage: This protects your business from damage inflicted by a hacker on digital assets. In particular it provides protection against the loss, corruption or alteration of data as well as the misuse of computer programmes and systems.
- Media liability: This protects a business in the event that your digital media presence leads to a party bringing a claim against your business for libel, slander, defamation or the infringement of intellectual property rights. This is especially important for companies that rely on the transmission of digital data via email, a website or a large social media presence.
- Cyber forensic support: This aspect of cover provides for near immediate 24/7 support from cyber specialists recommended by your insurer in the period following a hack or data breach. These specialists are able to assess your systems, identifying the source of any breach and suggest preventative measures for the future.