Ian Summerfield, head of cyber at Pen Underwriting, explains why cyber must be viewed as the third fundamental area of business risk alongside better known property and liability perils
No reasonable, rational business owner or chief executive would contemplate trading without ensuring their biggest risks were adequately managed and their balance sheet protected via appropriate insurance.
Or would they?
The answer very much depends on whether they view cyber risk as a key business exposure in the same way they would view various property and liability risks.
In most cases, cyber is not yet viewed as a third fundamental area of business risk. Brokers thatrecommend standalone cyber protection to their SME clients are still facing purchasing resistance and questions around the need for such dedicated cover.
But research by Pen Underwriting explains why cyber cover should be taken more seriously.
The survey of 300 businesses across the UK and Ireland found evidence that firms are continuing to underestimate their vulnerability to cyber crime compared with other perils, as well as underestimating the severity of potential commercial consequences arising from cyber crime.
For example, firms are significantly more likely to have been the target of at least one cyber attack over the past five years (39%) than to have suffered flood damage (7%) or fire damage (10%). And yet fire and flood are viewed as fundamental perils that must be insured as part of any SME business insurance policy. Cyber risk, arguably, is not viewed this way.
Even the prevalence of theft (35%) – including goods, equipment or money – came in lower than the frequency of being targeted by cyber criminals.
Offline impact
Respondents’ own testimony helps make the case for why comprehensive cyber cover – incorporating risk management and breach response, as well as financial indemnification – is essential.
About 80% of all the firms surveyed by Pen Underwriting said they could not afford to be offline for a week – with 41% saying they would be in trouble commercially if offline even for a day. And yet, of those that had been targeted by cyber criminals, 26% confirmed that the impact and disruption of this had lasted more than a week.
Commercial consequences arising from cyber crime are considerable too. For example, of those respondents targeted, 81% described their cyber attack as serious or very serious in terms of threat to their business, while 74% confirmed they had suffered significant disruption and financial loss.
This increasingly pervasive picture of cyber risk and its serious commercial consequences on affected businesses lends weight to the need for cyber risk to be given equal billing to property and liability in broker-client conversations.
After all, cyber cover can effectively counter this threat on three levels. First, through helping businesses bolster their resilience and reduce the risk of a successful attack through preventative risk management.
Second, by ensuring breach response experts are on hand to reduce time spent offline, compromised or disrupted and thus minimising any lost business, increased cost of working and reputational damage.
Last, but by no means least, is the traditional financial recompense provided by insurance policies for losses sustained.
