Despite increasing dependence on e-mail and the internet, only a small percentage of businesses have cyber-liability cover. David Walsh examines why this insurance market has fallen short of predictions for growth
According to the Department of Trade and Industry's biennial surveys into information security breaches - the 2004 report having been published this week - the proportion of UK businesses suffering from actual virus infection, or denial of service attack, continues to rise, despite widespread adoption of antivirus software. As businesses become increasingly dependent on e-mail and internet connectivity, can they really afford to exclude cyber-cover from their packages of insurance?
There are almost two million registered companies throughout the UK.
The DTI's 2002 survey claimed that 8% of companies involved in the research had specific cyber-coverage and the adoption of such policies was rapidly growing. But overall, the number of UK-registered companies that currently have specific cyber-liability cover in place is probably less than 1%.
In 2002, Conning & Company and other commentators were forecasting that the global cyber-insurance market would grow to a value of up to $6bn (£3.4bn) by 2006. Unfortunately, the market still has a long way to go to achieving that level of growth - latest estimates value the cyber-liability market at around $0.5bn.
What has gone wrong?
The market has failed to take off despite the very real threats posed.
The main reason for the cyber-liability market falling short of the original predictions is simple - it has fallen foul of the hard market that has been experienced since 2001. Spiralling insurance premiums during the past three years have made it difficult for the majority of UK businesses to source appropriate cover at a price they can afford. It is not surprising that most have been reluctant to move new insurance coverages, such as cyber-cover, up the agenda. Faced with dramatic hikes in premiums, there is usually little or no budget available for anything other than core insurance coverage.
It should not be forgotten that insurance is something that needs to be sold - it is not normally proactively bought - and there is a distinct lack of awareness among the majority of businesses as to the extent of coverage provided by their existing liability policies. Most businesses, especially small and medium-sized companies, are entirely reliant on their brokers to advise them of any coverage shortfalls. Yet, most brokers have made little effort to educate their clients about the lack of cyber-cover that is currently available under conventional policies or help them to analyse their cyber-risks. Again, the main reason is simple enough - brokers have had their work cut out just with renewing their clients' existing policies at less-than-exorbitant premium hikes. Despite the affordability of many of the cyber-liability policies in the market, who wants to discuss another level of cover with a client whose renewal premiums have just shot up by 100%?
New revenue stream
An attractive cyber-risk transfer can be presented to well-managed clients, particularly as there is a softening in general market conditions. There is opportunity for brokers to create a profitable new revenue stream, selling a product that adds real value to a client's insurance portfolio.
The Turnbull Report, published in 1999, addressed the fundamental business need for risk management and increased the burden on the boards of public companies to ensure that all risks are identified, risk management controls put in place and informed decisions made with regard to risk transfer.
The London Stock Exchange now insists on disclosure of internal audits and approach to risk management within annual reports. This trend towards good practice can be seized upon by brokers offering any risk management services and should ultimately trickle down to smaller businesses.
The media coverage of the outbreaks of the Sobig and MyDoom worms and their impact on organisations have gone some way to alerting businesses about the threats they face. But the risks do not end there. Security breaches caused by weaknesses in management policies and procedures can result in severe liability issues for organisations. Interruption to business as a result of data loss can impact not only a company's bottom line but also its ability to support its customers - potentially leading to claims for compensation.
Lack of awareness of the risks and limitations of traditional liability policies, combined with the hard market, may have resulted in slower-than-predicted growth in demand for cyber-liability insurance. Brokers should take advantage of the softening market to introduce the availability of cyber-cover now. Selling the product is not as complicated as many brokers may initially think. In any case, brokers pick up fundamental issues quickly and have excellent instincts when it comes to knowing which of their clients will be most likely to seek cover and why.
There has only been a small group of specialist underwriters providing cyber-risk cover to date. However, as the market softens and more brokers seek to offer appropriate levels of cyber-cover for their clients, new entrants can be expected in this sector. This will result in a greater range of options for brokers to offer their clients.
The combination of the softening insurance market; the increasing dependence of the majority of businesses on e-mail and internet connectivity; the growing frequency and virulence of hacking attacks and cyber-crime; and the increasing board awareness of these risks all serve to support the growth of the cyber-liability market. Within the next two to three years, it will feature more significantly as a required element of an overall liability package for brokers to extend to their clients. Within the next five years, it will become a firmly established part of that package.
- Roundtable: Is a single customer view taking off in insurance?
- O’Connor replaces Fairchild at the helm of Broker Network
- Home insurance insurtech Buzzvault launches
- Stackhouse Poland makes fourth acquisition of the year
- Aviva promises to 'reinvent' insurance and end dual pricing
- Ed unveils CEO Hearn’s replacement and plots Bermuda office
- CBL Corporation expected to be placed in liquidation, sees further delays to watershed meeting