Findings revealed in a new report published today based on 30 major UK cyber policies

The current cyber market is immature and has major flaws, according to new Mactavish research.

It identified in its ”Cyber Risk and Insurance Report” published today seven common flaws, after reviewing 30 major “off the shelf” UK cyber insurance policies.

The insurance governance firm warned that very few claims have been made on these new cyber policies and believes many will be disputed with settlements being much lower than client’s expectations.

Bruce Hepburn, chief executive at Mactavish said that “despite the sharp increase in cyber incidents this market is immature and, in many respects, untested.”

The seven flaws are as follows:

  1. Cover can be limited to events triggered by attacks or unauthorised activity – excluding cover for issues caused by accidental errors or omissions
  2. Data breach costs can be limited, ie: covering only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice.
  3. Systems interruption cover can be limited to only the brief period of actual network interruption, providing no cover for the more significant knock-on revenue impact in the period after IT systems are restored but the business is still disrupted
  4. Cover for systems delivered by outsourced service providers (this is many businesses’ most significant exposure) varies significantly and is often limited or excluded
  5. Exclusions for software in development or systems being rolled out are common and can be unclear or in the worst cases exclude events relating to any recently updated systems
  6. Where contractors cause issues such as a data breach, but the business is legally responsible, policies will sometimes not respond
  7. Notification requirements are often complex and onerous

Mactavish also recently launched a new Cyber Risk Consulting Practice which helps clients to understand their exposure to cyber risks and with sourcing appropriate insurance cover.

Hepburn added: “Perhaps some of these policies have been rushed to market by insurers eager to capitalise on the growing cyber risks facing organisations, and their desire to spend significant amounts of money to protect themselves against this.

“Very few claims have been made on these new cyber insurance policies, but my bet is that many will be disputed, or settlements will be much lower than clients expected. However, this can be avoided if organisations first understand the cyber risks they face, and then secure a bespoke policy to meet their needs.”

The research found that 43% respondents reported that their company had suffered at least one cyber attack in that last two years, moreover only on in five thought their company was very well prepared for cyber attacks generally. 

The highest common cyber risk concern was found to be IT systems interruption at 73%, followed by theft of commercially sensitive data (70%) and data breacj in relation to personal data (69%).

Earlier this week Biba launched its 2019 manifesto commiting to raising awareness about cyber for SMEs.

And at the beginning of the year hacking group, The Dark Overlord theatened insurers with the release of documents related to the insurers of the World Trade Centre during the 9/11 attacks.  

Last year the Marriott International encountered a data breach which saw its hotel guest database stolen affecting 500 million customers with reservations spanning the UK, US and Canada. 

Mactavish has been operating in the commercial insurance sector for over 15 years.