Cyber insurance is quickly becoming highly sought-after, but there remains some degree of overlap with other commercial products – creating confusion among customers and providers alike.
Most if not all SMEs engage in e-commerce in the modern era. Digital has become a way of life for the majority of business groups, and as a result the right insurance protection is needed. Cyber insurance, a product that has grown in popularity among commercial businesses, is the type of policy commonly purchased by firms looking to insure their digital assets and practice areas containing sensitive information. This may include personal customer records such as names, addresses, and financial data, for example the name of the bank and details of the account the customer holds.
According to our most recent SME Surveys, cyber insurance has grown from being held by 10.6% of all SMEs in 2015 to 13.7% in 2016. This shows that commercial businesses are increasingly turning to cyber insurance to provide the requisite means of protection. However, as this type of cover continues to grow from what was a relatively unknown product to a necessity for businesses of all sizes, there remains a degree of uncertainty over the risks covered by a cyber policy. In other words, there is an overlap with other commercial insurance products, meaning both consumers and insurers are often left confused as to where the liability of a claim may ultimately lie.
A good example is directors and officers insurance and professional indemnity (PI) cover, which have a tendency to overlap with several aspects of cyber insurance and the risks these products are designed to cover. Both product types are centered on professional conduct in the workplace and how individuals (namely customers) fare following the result of an event, business decision, or service commonly offered by the firm.
More specifically, all three of these products have an affiliation with the handling of sensitive client information, and are designed to mitigate the risks and damages the firm may suffer as a consequence of business frailties or inadequacies, which may have direct implications on the customer. Therefore, PI insurance could pick up some of the liabilities associated with cyber cover, and vice versa.
First and foremost there must be more clarity and differentiation between these types of products. Insurers must be distinctive in the coverage areas offered by these policies, especially as they share many similarities.
Secondly, with regards to markets such as PI insurance – where competition is so high that rates have been driven to an almost impossible low – insurers need to be clear on the categorization of certain risks and under which product(s) they fall. This is due to the possibility that if certain cyber-associated risks fall into the PI category, then losses could be greater in this market and insurers may struggle to pay claims, especially in the absence of adequate income received from PI premiums.
By Thomas McCourtie, UK General Insurance Analyst