Cyber has come a long way in the past 70 years, yet its meaning has essentially remained the same: it still encompasses the notions of control and communication. Post, in association with Cyberscout, surveyed the insurance market and consumers to find out how well cyber insurance is working
During December 2017 and January 2018, insurers [which for our research purposes also includes managing general agents] and brokers within the insurance industry were invited to participate in an online survey relating to cyber.
In total, 187 members of the insurance industry attempted to answer this survey, with 115 of these completing all the questions. All responses, complete and partial, have been included in the results.
Concurrently, a separate survey of the general public was carried out in December 2017 with the help of Consumer Intelligence. Over 1000 members of the public across the UK responded to the questions, the findings of which are presented in this report alongside results of the industry survey.
The data collected from the two surveys has been anonymised.
Brokers on insurers
From an array of insurance companies [which for the purposes of this research includes MGAs], brokers were asked to list the ones their customers had used for their cyber cover in the past 24 months, their key drivers for choosing their insurers, and to rank the firms for their offerings. CFC Underwriting, AIG and Hiscox were the top three insurance companies brokers turned to for cyber insurance purchases.
BROKERS’ RANKING OF INSURERS FOR CYBER SECURITY COVERAGE*
* Insurers were scored by a weighted calculation. Items ranked first were valued higher than the following ranks, the score is the sum of all weighted rank counts.
REASONS WHY BROKER PLACED CYBER BUSINESS WITH INSURERS
BROKERS’ RANKING OF INSURERS FOR CYBER CLAIMS SERVICE
How the brokers did
Insurers were given the same task of naming the brokers whose customers have bought their cyber cover from them in the past 24 months, the reasons they worked with the broker, and to rank them based on their knowledge of the cyber market. Aon, Marsh and Lockton came out best.
RANKING OF BROKERS BASED ON WHAT INSURERS HAVE SEEN AND KNOW IN TERMS OF CYBER SECURITY*
* Brokers were scored by a weighted calculation. Items ranked first were valued higher than the following ranks, the score is the sum of all weighted rank counts.
REASONS WHY INSURERS CHOSE BROKER FOR CYBER BUSINESS
Insurance under attack
ATTACKS AGAINST INSURERS AND BROKERS WERE DETAILED AS:
“The internet has revolutionised our lives but cyber crime is the dirty little secret that won’t go away. What puzzles me is that this is still a class of cover that has to be sold. Why are clients not beating down our doors to buy the cover? How many more losses before this becomes a universal cover?” Howard Lickens, CEO, Clear Insurance Management
THE MOST IMPORTANT FACTORS FOR A CYBER POLICY
“While the threat of cyber attack is daunting and attacks ever-changing, cyber insurance needn’t be complicated or confusing. The principles of cyber insurance should be familiar to business – it’s primarily about insuring against a crime, most often theft of an asset. Well-written cyber policies will reflect this.” James Burns, cyber product leader, CFC Underwriting
“Data risk management is crucial, not only to prevent the loss of data in the first place, but also for business continuity, resilience and protecting reputational risk. Businesses should constantly review and update their data security safeguards and practices to ensure that the risk of a breach is minimised. Insurers and brokers also have a very important role to play in helping clients manage cyber risks by providing advice on preventative measures, which could help protect them.” Andy Miller, technical risk control manager, Allianz
THE MOST IMPORTANT FACTORS FOR CUSTOMERS WHEN CHOOSING A CYBER POLICY
General Data Protection Regulation
Media reports of cyber attacks
Fear of ransomware
TO WHAT EXTENT DO YOU FEEL COMPANIES’ RISK MANAGEMENT DEPARTMENTS ARE PREPARED FOR A CYBER ATTACK?
“These are real ‘live’ risks facing businesses today. These latest results mirror comments made by risk managers at events such as the Association of Insurance and Risk Managers conference, where cyber risk has consistently been towards the very top of the threat list, and with the implementation of the GDPR now just a few months away, the need for further focus of attention seems unlikely to change in the near future.” Peter Hawley, cyber underwriter, HDI Global – SE
“Staff error including the loss of laptops and memory sticks as well as opening phishing emails are major causes of cyber breaches, as well as hackers opportunistically exploiting security holes that appear in outdated legacy systems and/or a lack of patching. Insurers and businesses need to work together to identify and manage risks more holistically: focus on company culture – from continual training and education of all staff – to raising cyber risk management from the IT department to the boardroom.” David Legassick, head of life sciences, technology and cyber, CNA Hardy
“It’s good to see that preparation for GDPR implementation is driving an uptake of cyber cover, but there needs to be a broader cultural change in order to reach all businesses. We must not sit and wait for a major nationwide attack to occur before cyber cover becomes the norm.” Joe Ahern, policy adviser, general insurance, Association of British Insurers
Preparing for claims
WHICH OF THE FOLLOWING SECTORS ARE MOST VULNERABLE TO A CYBER ATTACK?
BASED ON EXPERIENCE, WHICH SECTORS HAVE BOUGHT THE MOST CYBER COVER?
“The sectors purchasing cyber cover seem to have cyber risk because they hold financial information (retail), sensitive information (healthcare) or have a higher legal regulation (financial institutions).” Hans Allnutt, head of cyber and data risk, DAC Beachcroft
“Our claims experience shows that hacking, email phishing and social engineering are the most common losses. As opposed to ransomware attacks where generally the ransom is in the hundreds of pounds, cyber-crime incidents can see SMEs lose many thousands of pounds, which for a small business can be devastating.” Andy Bazley, underwriting manager, HSB Engineering Insurance
“We are seeing a pronounced increase in cyber cover enquiries and the percentage of those converted into policies. We note a particular awareness of cyber cover from the professional services sector, which is a key buyer of cover.” Andrew Lewis, cyber expert, QBE European Operations
“What is key is that insurance buyers obtain policies that respond in the correct way, particularly being aware of the different language used and the nuances of triggers such as ‘targeted attacks’ – particularly if events such as 2017’s Wanna Cry incident are a driver for purchasing cyber insurance.” Peter Hawley, underwriter, cyber, HDI Global – SE
Personal lines cyber policies
INSURERS WERE ASKED ABOUT THEIR PLANS TO OFFER PERSONAL LINES CYBER COVER IN THE FUTURE
“I am surprised that 40% of insurers do not have any plans to offer cyber cover at some stage. While the general public may not see themselves as vulnerable to cyber attack or data breach in the same way as commercial entities, online fraud is becoming increasingly sophisticated, and access to protection against this (which in the case of bank transfer payments, is not provided by their bank) is increasingly relevant.” Niall Madders, head of private client underwriting, Plum Underwriting
“As this fascinating survey demonstrates, cyber crime is not a theoretical threat or a ‘panic story’. For many millions of people, it is already an unpleasant and unwelcome reality. Getting the terms of the policies just right will never be easy, but, for both insurers and brokers, a new risk invariably creates a new opportunity.” Lord Hunt of Wirral, chairman, British Insurance Brokers’ Association
“Shifting consumer behaviour is always difficult, and this research suggests further investigation is necessary to really understand what cyber means to people, what the risks are, and to take that forward to build a proposition that is customer-facing, rather than shoe-horning in additional cover into existing products. That runs the risk of not only being confusing, but doesn’t necessarily provide the peace of mind that is required.” Stuart Peters, head of consumer research, Consumer Intelligence
Full research report
Attendees of our Cyber Insurer and Broker Assembly on 22 March will receive a copy of the full report. Register for the event at www.postevents.co.uk/ciba or premium subscribers can contact [email protected] after that date to receive their copy.
- Swinton left with only 20 branches after latest closures
- Ex-Allianz and Axa pair launch 'open source' insurtech
- British Steel pursues disputed claim and damages against Zurich and others
- Keoghs expands into Northern Ireland
- Aviva reveals adoption rates of repair portal
- Analysis: Are AI solutions being used to mitigate risks?
- Blog: How digital can help the pet insurance sector reach its full potential