The cyber-insurance cover up
19 May 2017
CYBER-INSURANCE – which covers firms for losses incurred by cyber-breaches and other forms of hacking – is a relatively new type of product to the insurance market. But many companies are unclear about what this type of insurance offers in the event of a cyber-attack.
“The market in particular is quite an immature one compared to property and casualty insurance, which have been around for hundreds of years,” says Andy Thornley, who sits on the Cabinet Office’s Cyber Insurance Industry Forum. Thornley, who is also head of corporate affairs at BIBA, says there is fear in the industry of whether or not a claim will get paid if they are a victim of a successful cyber-attack.
A recent survey of European companies by Lloyds of London found that 73 per cent of business leaders had limited knowledge of cyber-insurance, with 50 per cent not even knowing that cyber-cover for data breaches was available. A common perception exists among businesses, theorises Thornley, that they must have done something wrong, therefore their claims will not get paid.
This perception is wrong, however, explains Thornley, who points out that cyber-insurance does pay out on the vast majority of claims. What firms must do when it comes to cyber-insurance, he explains, is get a standalone policy rather than one that covers a range of things which may touch upon cyber. What companies also need to do is check the wording of the policy to make sure it has the cover they need.
“There are some things like social engineering that are excluded from many policies,” he says. “That is something you specifically want to look for.”
According to Thornley, the outlook for cyber-risk is evolving all the time and the government has several different teams working in this area to combat this threat. He says: “Because these threats are evolving it is crucial that all agencies are involved and work closely together.”
Thornley also believes small firms are seen as the weak link in the chain, and are more likely to be victims of cyber-attacks because they do not have the same resources or up-to-date defences as larger organisations. He says: “Cyber-criminals will often target SMEs who are suppliers or linked in some way to those larger firms, because they can more easily break through their defences and access whatever portal or system access those small firms have got in the larger firm.”