Insurers need more data, policy and legal clarity to safely provide cyber insurance – Deloitte

Insurers looking to provide cover in the evolving cyber insurance arena need more data, policy and legal clarity, according to Kareline Daguer, insurance director within Deloitte’s EMEA Centre for Regulatory Strategy.

Speaking exclusively to Insurance Times following the publication of the professional services firm’s Financial markets regulatory outlook 2024 report on 9 January 2024, Daguer said there is a “very significant cyber insurance gap”. 

She continued: “A lot of firms think that they [have more cover] than they really [do], so there is a big market here that could be exploited.

“The question here is: what is needed from insurers to be able to enter that market safely?”

For her, insurers need more data, policy and legal clarity to effectively provide cyber cover - although she added that the UK regulator could start looking at this evolving line of business more closely moving forward.

Growing risk

State sponsored cyber attacks pose an increased risk to the financial services market across Europe, the Middle East and Africa (EMEA) in 2024, according to Deloitte’s report.

The research additionally highlighted that emerging technologies are also heightening the risk of cyber attacks.

Daguer told Insurance Times: “We are seeing a definite increase in cyber attacks, many of [which] are state sponsored.”

State sponsored cyber attacks have become more visible as a result of action taken during the ongoing war between Russia and Ukraine. State sponsored activities refer to those that are supported or paid for by a government. 

Data from IT company SecurityScorecard agreed with Deloitte’s conclusion.

Its Cyber conflict and the erosion of trust report, published on 15 January 2024, highlighted that 24% of global cyber attacks originate from China, while the Russian Federation was the source of 15% of the world’s cyber attacks.

Deloitte’s report continued: “Geopolitical risks could also act as drivers of other prudential risks for both cross-border and purely domestic firms - for example, affecting market risk through increased market volatility, operational risk through increased risk of direct or indirect cyber attacks, strategic risks where firms have to exit a market quickly, or credit risks to the extent that any of those risks affect clients’ ability to service debt.”

It additionally noted that the Bank of England’s decision “to base the scenario for its System Wide Exploratory Scenario (SWES) on a geopolitical shock to global financial markets” could lead to inflation and interest rates “staying high” or increasing.