Cyber uptake may be low, but is there more to the issue than business apathy to the risks?

By Jon Guy

New research from insurer Aviva has highlighted the growing concerns of employees across the UK over their company’s ability to protect itself from a cyber-attack.

Jon Guy

Jon Guy

The study found that with just under a third of UK businesses (32%) suffering from a cyber-attack in the last year, some 55% of UK employees were worried about the level of their employer’s cyber security.

And nearly two fifths (37%) of employees felt their employer could be doing more to ensure the cyber security of systems at work.

This came after the National Cyber Security Centre reported that cyber insurance uptake was still relatively low in its cyber security breaches survey, which was published earlier this year (19 April 2023).

It found that fewer than two fifths of businesses (37%) were insured against cyber security risks, despite the very real possibility of a cyber incident.

Stephen Ridley, head of cyber at Aviva, explained: “It’s concerning to see that over half of UK employees say they worry about cyber security at work.

”We know that employees are the first and most important line of defence against cyber security incidents, so awareness of training, confidence and engagement are vital.

“Cyber cover offers an added layer of security and peace of mind for businesses, but it’s important that training and resources for cyber preparedness are prioritised.

”Real-world scenarios that highlight the potential reputational and financial risks associated with a cyber incident can help employees understand the important role they play in protecting the business.”

’State of flux’

However, brokers and their clients may have a different take on the issue.

At both the Biba (10-11 May 2023) and Airmic (19-21 June 2023) conferences, cyber cover was a significant talking point, with the access to cover and the commitment of the primary markets to the class dominating conversation.

However, from the London market to the UK regional sector, the approach from underwriters is still in a state of flux.

The reluctance of reinsurers to commit capacity to the class has forced many insurers to reassess their appetite for the risk. It has seen brokers citing examples of having to return to clients to say the policy they had recommended to them was no longer on offer due to the insurers’ change of approach.

Meanwhile, Lloyd’s said its cautious approach to the coverage of state-backed cyber risks was down to the fact that it had no “muscle memory” of what a market-wide cyber loss looks like.

Cyber uptake may well be low, but there is more to the issue than business apathy to the risks.

Cyber is seen as an opportunity for the industry, but to make the most of the opportunity you need to be in the mindset to seize it.