General Insurance Analyst Danielle Cripps has been working on our “UK Cyber Insurance 2017” report. Here, we ask her about the key findings of her research, new and emerging trends, and how she expects the market to develop over the coming years.
How is the need for cyber insurance changing?
The UK cyber insurance market is growing over time. Product penetration is increasing as businesses are becoming more aware of the need for cyber insurance, in a world where they are dependent on the digital space and crime is moving online. Any business that holds personal information that can be sold on or used for identify fraud is vulnerable. Small businesses are increasingly being targeted by cyber criminals, and businesses can also be impacted by system failures and risks outside of cybercrime that a cyber insurance policy would help with. Many of the main concerns of UK businesses are cyber-related, and so it is expected the market will continue to grow.
How is cyber insurance evolving as a product?
Cyber insurance is still developing its place within commercial insurance portfolios. The key question is how the market addresses cyber as a peril, as it overlaps with many risks associated with other commercial products. The current debate is whether cyber risks are best placed as a standalone product or as an add-on feature to other commercial policies. Some believe that cyber insurance needs to be underwritten by experts who understand cyber risks in a standalone product. On the other hand, others think it is better placed as an add-on product or an additional peril to other commercial lines products. The problem is that writers of other commercial products do not possess expertise in cyber risk.
What is the future of the market?
Businesses should be focusing on improving their cyber security, aiming to prevent breaches to protect customer data. While cyber insurance itself cannot prevent breaches, it has become an important tool in helping organizations recover from attacks and mitigating the impact on business continuity in all aspects of trade and reputation. Providers should promote cyber security, as increasing claims frequency and severity would put pressure on market profitability. Insurers should collaborate with other cyber-invested firms to keep pace with cybercrime.
Cyber security will improve considerably in the UK as a result of the government’s new National Cyber Security Strategy and the EU’s General Data Protection Regulation (GDPR). The GDPR is expected to increase the number of companies that hold cover, due to the requirement to report data breaches and investigate and deal with issues with undue delay. Insurance will help by providing financial support to do this, and may additionally give access to extra technical support from experts called out to help with a claim. Businesses will also have more accountability and conditions to comply with, making them more liable under the new regulation. The additional risk this creates means businesses are more likely to seek cover, which will grow the market.
Cyber risk for individuals is also growing, which is likely to see cyber insurance expand into personal lines insurance in the future.
By Danielle Cripps, General Insurance Analyst