Insurers emphasise lessons to be learned from the Dixons Carphone data breach

The Dixons Carphone data breach is evidence of why having a plan in place is so vital, according to insurers.

The company yesterday admitted a huge breach involving 5.9m payment cards and 1.2m personal data records.

CNA Hardy’s head of cyber David Legassick, who says the breach is a “clear example of why plan beats no plan”.

“Cyber threat is a boardroom risk. In our view, if the boardroom takes it seriously, then it becomes embedded within the culture.

“If the leadership are all on the same page, then Legal, HR, IT, Management and all business units are also on the same page with them and the organisation is much better enabled to withstand an attack.

“Events like this underscore how important it is we never stop learning – making sure the company can capture in detail how, when, where and why an incident occurred so there is a feedback loop that ensures each threat makes the cyber defence stronger.

“Cyber is always a case of what doesn’t kill us makes us stronger.”

Plans reflected in premiums

Cyber premiums will grow faster than any other type of insurance in the next three years, Aon research has shown.

But speaking at this week’s Airmic conference, Chris Wright, lead property underwriter at Travelers, and Charlie Matheson, who oversees kidnap and ransom underwriting and crisis response solutions for XL Catlin, both said that evidence of fully tested crisis planning would lower premium prices.

“How you handle a crisis has ramifications for people, property and reputation as well,” said Matheson. “When we are looking at any of these risks we want our clients to be prepared.”

He continued: “We want them to have thought about what could happen and have the right processes in place, but we are keen to help clients with that.”

“Then, when we come to underwriting and we are asking about what security they have around their people, their property and their cyber networks, the more that they can show us they are well prepared then that will always be reflected in the premiums,” Matheson added.

And Wright added: “If we can see that a business continuity plan in place and it is tested, because there is a big difference between having a plan and having a plan that has been tested, then it will be considered and reflected in respect of the cover expected for business interruption.”