In Focus: Does UKGI need a cyber public-private partnership?

WE ASKED: “How beneficial would a cyber-centric public-private partnership be for UK general insurance (UKGI) and its end clients?”

Shaune Worrall, deputy head of general insurance, Biba

Biba recently submitted views to Parliament on this issue, as the cyber security and resilience bill reached its committee stage.

One of those views considers a backstop for extreme systemic cyber events. While a strong private insurance market is the key for day-to-day protection, a government backed pool covering the most extreme events, with very clear triggers, could be a solution where losses are too large for the private market alone.

The overall size of market adoption for standalone cyber insurance and low take-up among SMEs means cyber systemic risk might not be forefront of the insurance industry’s priorities.

Nonetheless, what will be needed to underpin growth and confidence in a maturing cyber insurance market is the means to cover a large systemic incident. With new covid business interruption cases still reaching the courts in 2026, we know what happens if these certainties aren’t in place.

With new ‘customer business interruption’ cyber policy extensions giving suppliers cover if their own key customers are attacked, one wonders if this will hasten the need for systemic cyber solutions.

The Cyber Monitoring Centre has a wise view, shared by Biba, on what needs to happen next – the “government should seek to begin clarifying thresholds for future intervention, definitions of critical economic sectors and related parameters”.

Tom Draper, managing director, Coalition

The current private market already covers cyber incidents to an extent. It has reacted to demand but has chosen not to cover certain risks, such as physical damage hitting critical national infrastructure – that’s not an appetite the market has.

When it comes to backstops, that is a very different proposition because that is essentially the insurance market being unable to accept systemic risk of major concern.

There are a couple of real challenges with that. One of which is that, in the UK, most of the premium that flows in for cyber is not UK premium.

Therefore, a challenge with Cyber Re existing is that the UK exposure is quite small, because most of the exposure is in US-centric policies, as it is Lloyd’s underwriters writing US deals.

Meanwhile, there is not a market gap in the need for insurance or reinsurance – syndicates and insurers can already go out and happily purchase cyber reinsurance.

Where there is a concern is areas with geopolitical risk, the government itself acts as a financial backstop anyway.

Finally, it also comes down to cyber insurance being made mandatory. As there is not an appetite to impose cost on business, we wouldn’t expect to see anything close to that.

Simon Hughes, chief commercial officer, Cowbell Cyber

A cyber-centric public-private partnership is a logical evolution for a market that demands stability over volatility.

Currently, the threat of systemic cyber events looms large, creating hesitation where the UK economy needs confidence.

A public-private partnership could act as a vital backstop – much like Pool Re provides for terrorism risk – ensuring the capital certainty insurers need to maintain capacity, even when unpredictable and high impact black swan scenarios threaten the market.

For UKGI and its end clients, the benefit of such a partnership is consistency.

A government-backed framework could remove the fear of sudden capacity withdrawals, ensuring that protection remains available and affordable.

This model would allow the private sector to focus on what it does best – using data to assess and mitigate risk – while the public element of the relationship manages the catastrophic tail risk.

This is not just about financial indemnification – it is about signalling to British businesses that the insurance sector is robust and supported by a sound approach to risk management, which will transform a complex landscape into one where businesses can operate with genuine confidence.