The Great Fire of London was finally extinguished 350 years ago today. New insurance structures emerged in the aftermath of the Great Fire – which bear striking resemblance to some of ...05 September 2016
UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk
This paper follows the 'Cyber Essentials' initiative, which provided guidelines for best practice and a two-tier accreditation for organisations fulfilling the scheme’s requirements. The London market already writes more than 10% of global cyber insurance, the majority coming from the US, representing around £160m in premiums. The government, in partnership with the London market, wants to build on these foundations.
According to the FBI there are two kinds of companies: those that have been hacked, and those that will be. It is clear that helping businesses manage and mitigate relatively new cyber risks is becoming ever more a priority. There have been numerous high-profile cyber incidents in the press, but smaller businesses are also becoming aware of the threats. Indeed, estimates put the average cost of a data breach in the UK in 2014 in excess of £2 million.
It is not just the high profile hacking cases that has companies keen to get coverage. New UK data protection law will include strict penalties for companies that are hacked. The General Data Protection Regulation from the European Commission will also require companies to notify their stakeholders about data breaches, and increases the fines that can be imposed by national data protection regulators. Changing legislation and a growing number of high profile attacks are both driving demand for indemnity solutions.
The government has set out to make London the centre of cyber insurance and risk management in launching their report "UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk".
It is hoped that the London insurance market can:
- increase its share of the US data-breach market
- expand cyber cover to other forms of loss from cyber attacks
- promote the London market around the world, notably in Europe which is expected to respond to EU legislation on data breaches
The recommendations contained in the UK Cyber Security report include:
- Lloyd's, the ABI and the government are to publish a guide on cyber insurance
- Policies should now including clear statements assuring policyholders that they are covered for cyber risks
- The government’s Cyber Essentials certification should be included as part of the risk assessment for cyber insurance
- Launching a forum to share data on cyber risks
- Lloyd's and UKTI will promote the cyber capabilities of the London insurance market to key countries
The second recommendation above is critical. The government has recognised what the industry has been talking about for some time - at present, policyholders often find themselves in a netherworld - unsure as to whether their existing cover includes cyber risk or whether they need to purchase separate, stand-alone cyber insurance. This drive for certainty of cover, by way of clear statements in policies assuring policyholders that they are covered for cyber risks should be an absolute priority.
In the meantime, the insurance sector itself is champing at the bit to market its capabilities and expertise in this area to the rest of the world. As always, with risk comes opportunity.
The Insurance Act 2015 (the "Act") comes into force tomorrow. It represents a fundamental departure from existing insurance law. The changes impact on a number of key areas which are...11 August 2016
The Supreme Court published two judgments on how dishonesty affects insurance claims before the end of the most recent Trinity term:10 August 2016