While the number of high-profile data breaches at big companies continues to grow, smaller businesses have yet to wake up to the threat. Meanwhile, insurers are starting to provide physical damage cover
Anthem, Sony, Target, Ebay to name just a few: not a day goes by without a high-profile cyber incident hitting the headlines.
With the cost of breaches rising, stricter rules surrounding data protection being introduced and companies’ growing reliance on technology, it is easy to see why risk management and chief executive surveys consistently identify cyber as a big concern.
As the FBI famously said: “There are only two types of companies: those that have been hacked and those that will be.” Cyber security was also high on the agenda at the recent World Economic Forum in Davos, Switzerland.
Bluefin Bath branch director Ian Sandham says: “Cyber has become a much bigger issue and there are two drivers for that: all the constant talk in the press about people being hacked, and the new data protection act coming into force in the next 12-18 months, which will be a game changer.
“That’s what will then drive demand for cyber insurance, because people will see there are penalties if they are hacked.”
In the UK the cost of a data breach nearly doubled between 2013 and 2014, according to a PwC survey for the government.
The race is on In the London market there is a race to develop the cyber insurance market. A growing number of insurers offer cover for first and third-party cyber risks, such as the cost of business interruption or notifying customers that their sensitive information has been compromised.
As well as indemnification, most policies include bringing in third-party experts such as crisis management, forensic IT and legal consultants to help insureds through a cyber crisis.
But because cyber is an emerging risk and claims are low in frequency and high in severity, underwriters have to date been reluctant to put down meaningful line sizes.
This is slowly changing, with UK capacity now more than £300m. Lloyd’s research shows that the amount of insurance premium spent on cyber insurance grew from £556m in 2012 to £1.63bn last year.
“We foresee significant UK growth,” Arthur J Gallagher technology and cyber practice leader Tom Draper says.
“At a larger client level, we’re seeing interest flow from the big US data breaches and changes in EU data protection legislation, while the UK’s push of its Cyber Essentials and security awareness scheme will encourage SMEs to explore insurance as a risk transfer option.”
Products are coming online for the SME and mid-market, but it is uncertain whether there will be much take-up in the near-term.
Simply Business commercial director Deborah Holland says: “Cyber has been a difficult product to explain and sell to smaller businesses.
They have tight budgets for things like public liability, employers liability and professional indemnity are more tangible.”