As cyber insurance begins to show its worth, Liz Booth looks at how it can achieve greater market penetration
As big names in the market start to announce plans to change the way they approach cyber cover, the Association of British Insurers (ABI) has, for the first time, revealed that 99% of claims made on ABI member cyber insurance policies in 2018 were paid.
The news comes as both Allianz and AIG have said they would not automatically include cyber cover in other policies -- the so-called silent cyber. The insurers, who are expected to be followed by others in the run-up to 1 January reinsurance renewals, said they would make it clear to clients whether cover was affirmed or excluded in a variety of policies including property and casualty.
The ABI figures revealed that standalone cyber cover has been working well, the trade body stated. A spokesperson for the organisation said that 99% of claims being paid made it one of the highest claims acceptance rates across all insurance products.
However, it said that despite this, the take-up rate of cyber insurance by businesses in the UK is still "worryingly low", with the overall market size estimated at less than a 10th of the size of the UK's pet insurance market. Just 11% of businesses are thought to have a specific cyber insurance policy in place, meaning millions of small businesses could be at risk. There remain some challenges for insurers, with the inability to access raw breach data risks being just one.
£2.8bn worth of cyber premium is underwritten around the world -- less than £100m is for UK risk
The ABI has been asking the Information Commissioner's Office to make anonymised cyber breach data publicly available, which would enable insurers to price risk more accurately and manage exposure more effectively, by feeding this data directly into their modelling.
Ultimately, this would make cyber insurance more widely available, more accurately priced and better tailored to each business.
The ABI explained that standalone cover protects insureds when there is:
- Cyber business interruption loss: If a cyber attack interrupts business operations, insurance covers loss of income during the period of interruption and beyond.
- Privacy breach costs: This protection covers costs arising from dealing with a security breach. For example, notifying customers of a cyber breach, the cost of hiring a call centre to answer customer enquiries, the cost of public relations advice, IT forensic costs and any resulting legal fees.
- Cyber extortion cover: This protects against ransomware and other malicious attempts to seize control of operational or personal data until a fee is paid. This clause will typically provide for a reimbursement of the ransom amount demanded by the attacker, as well as any consultant fees to oversee the negotiation.
- Hacker damage: This protects against damage inflicted by a hacker on digital assets. In particular, it provides protection against the loss, corruption or alteration of data as well as the misuse of computer programmes and systems.
- Media liability: This protects a business in the event that its digital media presence leads to a party bringing a claim for libel, slander, defamation or the infringement of intellectual property rights. This is especially important for companies that rely on the transmission of digital data via email, a website, or a large social media presence.
- Cyber forensic support: This aspect of cover provides for near-immediate 24/7 support from cyber specialists recommended by the insurer in the period following a hack or data breach. These specialists can assess systems, identify the source of any breach and suggest future preventative measures.