Brokers have been pivotal in the turn of the market but ‘much more work’ remains

The UK has seen “strong growth” for SME businesses buying cyber cover for the first time, but their purchasing habits have “changed”, according to CFC’s cyber product leader Philippa Berry.

Speaking exclusively to Insurance Times, Berry said the insurance market had now “got over that hurdle” of cyber being considered a “luxury” cover by consumers who had “surplus spend”.

A major reason for overcoming hat hurdle and bringing new buyers to the market is brokers, as “the education they’ve been able to do with their clients [in] helping them articulate or address and assess their cyber risk and exposure” has provided consumers with solutions.

However, although CFC’s data reflects an upward trajectory in cyber cover uptake, consumers are now “buying lower limits”, she added.

“[So], as the economy starts to stabilise hopefully that will increase their purchasing further.”

CFC estimated that the overall penetration for SME businesses buying cyber insurance was only 15% in the UK.

The Cyber Security Breaches survey 2023, published by the Department for Science, Innovation and Technology in April 2023, meanwhile, highlighted only 6% of micro-businesses and 11% of small businesses had cyber cover.

The survey also showed that 29% of micro businesses and 33% of small businesses believed they had cyber cover as part of a wider policy, despite blanket exclusions now being standard in many commercial policies.

Furthermore, a poll carried out by Opinium on behalf of Biba during the first week of November 2023 highlighted that 25% of SMEs were not confident about buying cyber cover. A total of 500 senior decision makers from SMEs took part. 

Those statistics do reflect a suggested improvement on the 38% out of 819 small businesses that had cyber cover in January 2022, however, and did not know what their policy included – according to the Federation of Small Businesses (FSB)’s Paying a Premium? Reforming the insurance market to work for small firms report published in July that year.

Collaboration on the cards

Considering cost, Berry said the insurance industry had recovered from “two years of compound rate increases and we’re now at a point of stability where the price fairly reflects the threat landscape”.

And as a further nod to the broking community, she added that brokers improving clients’ cybersecurity maturity had made them “more palatable to the to the insurer to underwrite”.

But, to address the low penetration that remains among small businesses and cyber, Biba’s chief executive Graeme Trudgill told Insurance Times that there was “so much more work to do”.

Therefore, as one of its commitments in its latest Manifesto: Managing risk for growth and economic security, published 10 January 2024, Biba said it would “consider the reach of insurance in Cyber Essentials so more businesses might benefit from the full range of products and ‘Cyber Insurance as a Service’ offered by the market”.

UK government scheme Cyber Essentials, launched by the National Cyber Security Centre in June 2014, aims to protect organisations of all sizes against a wide range of common cyber attacks.

The chief executive of the National Cyber Security Centre said that “cyber insurance as a service and the Cyber Essentials scheme are proactive levers to help organisations, in particular SMEs, to implement security controls and financial resilience to a cyber attack”.

Biba has also committed to “work with specialist members and other stakeholder to improve understanding of common heads of cover that may be included in a cyber policy” and issued a call to action for the establishment of an independent body to clarify cyber losses.

CFC’s “key priority”, on the other hand, is “broker engagement and education”.

Berry said: “A really key part that insurers have to play in this is being transparent with brokers [and] providing them sufficient information on losses [in] the threat environment [and] the new risks that we’re seeing – to be able to give them enough information to then articulate back to clients what the true risk is they’re facing and why the insurance would help or how it would respond in those scenarios.”