Report finds more medium and large businesses are purchasing cyber insurance, as the average cost of a breach goes up

The number of medium and large businesses with cyber insurance policies is increasing, as a new government report revealed the average cost of a cyber breach increased by a third.

The Cyber Breaches Survey 2019 found where an attack resulted in the loss of data or assets, the average cost rose by more than £1,000 since 2018 to £4,180.

The average was over £9,000 for larger organisations.

The percentage of medium-sized businesses with cyber insurance increased to 31% from 19% in 2018, while the number of large businesses with cover increased from 25% to 35%.

However, the proportion of all businesses with cyber insurance remains low at 11%.

Richard Breavington, partner at City-headquartered law firm RPC said it is “surprising and concerning” that only one in ten businesses have cyber cover.

He said: “That just one in ten businesses have cyber insurance policies is concerning considering the serious losses organisations can suffer from a data breach, particularly if it is not dealt with as efficiently as possible.

“The police just don’t have the resources to pursue anything more than the very tip of the cybercrime iceberg, so paying for a private sector fix through insurance can hold real value.

“If a business suffers a serious cyber-attack, then insurance can provide the forensic help to bring a halt to the cyber-attack and get systems up and running, as well as covering the cost of the inevitable fallout.”

Positive

The ABI’s senior policy advisor for general insurance, Joe Ahern, said the findings were a positive sign that businesses were becoming more aware of the value of cyber cover, but echoed similar concerns around take-up.

“The fall in reported cyber attacks is encouraging, but with the financial losses of these incidents continuing to rise, there can be no room for any cyber crime complacency,” he said.

“The rise in the number of large and medium sized firms having cyber insurance  reflects greater awareness of the value of this cover, as insurers  play a vital role in supporting customers to recover from an attack, and in helping  them manage the cyber threat.

“But we need to do more to promote this insurance to smaller firms, who are often the least protected against cyber criminals.”

Findings

The survey found the number of businesses experiencing cyber attacks dropped from 43% to 32% in the last year, with new data protection laws praised for improving cyber security.

However, of those businesses that did suffer attacks, the typical median number of breaches has risen from four in 2018 to six in 2019.

The most common breaches or attacks were phishing emails, followed by instances of others impersonating their organisation online, viruses or other malware including ransomware.

The report probes the reasons for buying cyber insurance, and found that access to cyber breach management teams that would help them manage the reputational damage was just as important as a financial pay-out in the event of a claim. It also stressed the importance of broker recommendation as a reason for businesses buying a cyber insurance policy.

Reaction

Commenting on the report, Eva Berg-Winters, co-founder and CEO of cyber insurance MGA Bewica said: “Nearly one third of businesses being subject to an attack shows this is a problem that can’t be ignored by anyone.

“There is a far greater risk of businesses being hit by the cyber crime pandemic than by almost any other type of insurable risk.

“Cyber protection is a business issue, not a tech issue. It is something that all brokers should be talking about as part of their general conversations about risk with all their clients.

“We welcome this comprehensive and detailed report as it lays out the scale of the problem that a good cyber insurance policy and risk assessment support can help to mitigate.

“The total number of reported attacks has fallen to 31% compared to 43% in last year’s report. This is no reason for complacency but rather indicates a shift in the nature of cyber crime.

“Attackers are becoming more targeted and sophisticated in response to growing cyber security measures taken by businesses. This means that basic anti-virus software and firewalls sadly don’t prevent as many attacks as they used to.

“We have also been encouraged that the government’s report affirms our own market research with customers that companies need holistic cyber support, from risk assessment, cyber insurance and 24/7 breach response.”