Premium content: Cyber insurance presents a massive opportunity for brokers
This year is a big year for cyber insurance. Changing regulatory landscapes and damaging high-profile cyber attacks have come together to focus the minds of business leaders on the looming risk of cyber events.
For brokers looking to sell cyber insurance this presents a big opportunity.
According to the Marsh UK Cyber Risk Survey Report: 2016, almost two in five companies (38.5%) have identified a cyber attack in the past 12 months; but, with it being so difficult to actually detect a hack has occurred, the real figure for how many companies have suffered an attack could be much higher.
And these attacks can have a big impact on a company’s balance sheet.
The Marsh report found that for just over half of all affected companies the worst loss from a cyber attack tops £1m and exceeds £5m for one in five.
But the risks of a cyber attack are not just limited to larger companies. The government’s Cyber Security Breaches Survey 2017 found that 45% of micro or small businesses have experienced a cyber attack in the past 12 months, compared to 66% for medium-sized businesses.
This article is an excerpt from the Insurance Times Cyber Product Report 2017. A full version of the report is available free to subscribers here.
Worryingly, more than a quarter (26%) of small and micro-businesses have no cyber security governance or risk management procedures in place, of which 39% believe they are too small or insignificant for cyber security.
For the wider market, one in five businesses have already bought cyber insurance cover in one form or another, with a further third either seeking quotes or already in the process of taking out cover.
Cyber hits the headlines
High profile attacks such as Petya and WannaCry, which famously brought the NHS to a near halt, have also helped drive up interest in cyber insurance, and Aon global cyber expert Kevin Kalinich says these cyber attacks have helped kick-start the market for smaller companies, not just fuel interest from the larger corporations.
“The market in the UK has seen a great deal of increase in interest, and we are engaged in a number of placements now,” he says. “Large companies had been interested before, but now we are seeing large, medium and small companies interested in cyber insurance.
“The first event was WannaCry, and that is still resonating around the world and many large corporations started exploring the potential financial statement impact and what could be done to model their risk compared to their peers. The second big event was Petya, and there are at least four different companies that have already disclosed that a Petya attack will have a material cyber impact.”
These companies include Netherlands-based delivery company TNT Express, pharmaceutical manufacturer Reckitt Benckiser (which has already declared losses of at least £100m), shipping company Maersk (conservative estimates put losses from Petya at at least £67m) and Cadbury’s owner Mondolez.
As well as the increased threat of suffering a hack, incoming regulatory changes from Europe are also set to have an impact on the cyber risks facing businesses in the UK.
The European Union’s General Data Protection Regulations (GDPR) come into force in May 2018, leaving companies potentially facing a fine of up to 4% of worldwide revenue in the event of a cyber breach.
But while the increased threat of regulatory action should help drive up sales of cyber liability cover, Aon’s Kalinich says his company’s approach to pushing the threat from GDPR did not have the effect they thought it would in the UK.
“The companies realise that there is not as much litigation compared to the US, so they want data – and that is our sales tactic now, using objective facts to show what some of the losses have been to allow them to benchmark against their peers,” he says.
“What we did wrong was using the same sales process from the US, demonstrating all of the third party losses for personal identifiable information, but what is resonating more in the UK and EMEA is business interruption, lost income and the extra costs of forensics.
“That is resonating much better [in the UK] because they are real losses [that apply in this market].
“Any company can identify with examples of losses from a business interruption standpoint, instead of just looking at personal identifiable information breaches and losses.”
A lack of understanding
Despite the increased awareness of the risks of cyber insurance, 75% of organisations still do not have a complete understanding of their cyber risk exposure, meaning brokers have the opportunity to educate brokers as to the risks they are facing and the solutions that are out there in the insurance market
And Safeonline head of technology and cyber David Dickson says that, while the relative infancy of the market may mean it is not fully understood, it also means that premiums are still favourable for consumers, making cyber insurance products great value for money and constantly improving.
“It is a very good time for clients to be buying cover at the moment because the market is so soft,” he says. “For a new type of cover like cyber, capacity providers are flocking towards it because they see it as the new sexy thing for insurance.
“The cover SMEs can buy in the UK is getting better every six months and it is very, very cheap. There are providers in the market where you can get cover for as little as £500 for a £1m limit.”
No comments yet