Broker says too many companies are taking out cyber insurance as an add-on to professional indemnity policies

SMEs are being left underinsured against cyber threats due to inadequate cover, a commercial broker has told Insurance Times.

Many companies are taking out cyber insurance as add-ons to professional indemnity policies, rather than as stand-alone products, SJL Insurance chief executive Simon Lancaster said.

Customers are assuming they have a comprehensive cyber policy [when they buy as add-ons]. But most of the time they are third-party liability covers. For example, if a business has been sued after a cyber event, that’s covered. But it doesn’t cover their own losses, Lancaster pointed out.

He cited Biba data estimating that 95% of cyber claims are first party, and only 5% third party, rendering most add-on policies useless. The equivalence would be a third-party motor policy versus a comprehensive one. 

“The way businesses hold data and the way they operate, businesses are often completely reliant on digital and cyber, yet the vast majority take out no cover against it whatsoever,” Lancaster said.

Spreading the message

SJL is therefore trying to get the message out to customers. 

An Ecclesiastical survey recently found 38% of brokers have never sold a cyber policy, with 64% saying they need more training to understand cyber.

SJL recently commissioned its own survey from YouGov, which hinted at alarming gaps in cyber cover among UK businesses. Of 1,051 companies surveyed, ranging from sole traders to large corporates, 53% of those attacked did not have cyber cover at the time.

In addition, 22% of the survey sample had suffered a cyber attack which had led to financial loss. Of those, 65% had suffered between £100-£99,999 worth of damage, which can include the cost of attack itself, remediation and repair, time taken to deal with it, and repairing public trust.

“Those type of figures above can send many firms out of business which is why there is an ever increasing need to take out cyber insurance with a broker who can go through a company’s individual needs to help ensure their claim is more likely to be accepted, as opposed to just clicking an add-on policy as no add-on fits all companies,” SJL said.

Founder and chief executive of cyber MGA Bewica, Eva Berg-Winters told Insurance Times that a key challenge in the take-up of cyber insurance is awareness. ”The UK government’s 2019 breaches survey found that for 23% of the businesses that had not taken up cyber insurance, the reason was lack of awareness of cyber insurance. That’s almost a quarter and higher than the 22% who did not take up cyber insurance as they considered themselves too low at risk.”

Growth opportunity

But Lancaster admitted that clients are typically not coming to the broker asking for cyber cover. And as well as educating the business community, there is also a massive growth opportunity for brokers like SJL. ”A year ago we did not do cyber. Now it’s 2% of business. We want that to be 15-20% of our business. It’s a growing sector for us and the industry,” Lancaster said.

Comprehensive policies can start for as little as £75 for a small business, Lancaster said, with several insurers offering cover today where five years only professional indemnity add-ons were available. 

According to Lancaster, a cyber policy should cover companies for: business interruption; ‘third party supplier’ where the business is protected when the cyber breach is caused by a third party, and accidental cover, where the insured is covered in the event that the attack was inadvertently caused by a member of staff.

“Cyber insurance offers affordable protection for many businesses, but it can be hard to weigh up benefits against cost and effort. This is where we can help as an industry: with advice and information so companies can more easily determine whether cyber insurance is right for them and which product best fits their needs,” Berg-Winters added. 

Alastair Blundell, head of general insurance at Biba told Insurance Times that in the SME market ”we know that the uptake of cyber is still very low, but the risk is being perceived as one that is real and people are beginning to buy.”