Blog: Making cyber relevant

- By Neil Ross and Delvin Tillett
- 14 Sep 2017
- Indicative reading time: 2 minutes

Need to know

Clarifying wordings will help make cyber insurance more accessible
Insurers need expertise to accompany their clients after a data breach
Insurers and brokers must make the business case for cyber cover

Neil Ross and Delvin Tillett, senior vice-president and assistant vice-president for underwriting at Axis Pro Europe, explain how insurers and underwriters can make cyber policies relevant in today's fast-moving business environment.

It’s now difficult to go a couple of weeks without hearing of a new cyber attack. Companies of all sizes are waking up to a new reality: cyber crime is now a constant threat. This new reality involves cyber risks – both complex and seeming mundane – that most businesses struggle to comprehend, let alone insure against.

Indeed, while awareness grows, adoption rates for cyber insurance have remained alarmingly low. According to recent findings by research firm Ovum, 72% of UK firms aren’t fully covered for cyber risks.

In 2016 alone, 60% of SMEs suffered a cyber security breach or attack. It’s easy to think that bigger businesses are the main targets. But SMEs are among the most vulnerable. More needs to be done by insurers and brokers to help firms adapt to this new reality.

Removing the jargon

First, the industry must make cyber insurance more accessible. Removing the jargon is an important first step. Security event, network event, cyber attack, information breach – these expressions often refer to the same occurrence. It just leads to confusion for the end-client. If insurers want to make cyber risk relevant to their clients, and thus increase cyber coverage demand, more clarity and market education is needed.

Increasing client take-up of cyber insurance will require a rethink of terminology. Features of cyber insurance policies must be standardised, and insurers and brokers must employ people who are technologically savvy enough to break this down for businesses in simple and meaningful terms.

Improving adoption rates will also require an effort on the insurers’ end to create comprehensive policies. The nature of the risk has become increasingly unpredictable, with new threats emerging on a daily basis.

The industry needs specialist cyber expertise to be as ready as possible to accompany its clients in the challenges they’re facing. This will not only improve clients’ trust in the industry but also benefit them. In the face of uncertainty, talent and innovation will be the industry’s best ally.

The budget challenge

For clients, one of the obstacles to overcome is budget. Firms of all sizes now need to attribute new and unplanned budgets to cyber insurance, which has also contributed to a delay in policy adoption. Insurers and brokers must work with companies to help them make the business case. While increasing awareness will help, new budgets will always be difficult to open up.

The other main challenge revolves around increasing internal awareness and understanding of the risks: 95% of all cyber security incidents in 2016 have involved human error. IT training programmes, internal awareness campaigns and of course better IT protocols and infrastructures are just a few ways for firms of all sizes to avoid being the target of cyber attackers who prey on this lack of precaution.

Despite the uncertainty, increased awareness and better risk coverage represent excellent business opportunities for insurers to raise cyber insurance to the rank of a necessary risk management tool. The market has already grown exponentially – +35% in the US in the past year, according to a recent Fitch Ratings report.

Tomorrow’s technology is being developed as we speak, and insurers will be key players in enabling innovation and its adoption. Now is the time for the industry to step up to ensure cyber policies’ relevancy in a fast-moving business environment.