• half of London Market respondents already sell cyber policies, or see this as an area of growth
• the other half do not actively pursue cyber, often believing the risk to be borderline insurable
• 38% of UK companies say they have a cyber insurance policy, down from 59% last year
• Professional liability, property and aviation lines were voted as the most likely ‘non cyber’ policies to be impacted by cyber threat
PwC interviewed over 10,000 executives from more than 133 countries, including 479 respondents in the UK, for the annual Global State of Information Security Survey 2017, produced in conjunction with CIO and CSO. PwC also interviewed 14 London Market specialist insurance companies to measure how insurers are assessing this risk, what (if any) growth strategy they have for cyber, and how they are investing in this area.
Even amongst those currently offering specific cyber cover, insurers still tread carefully and tend to limit the amount of cover offered under each policy. However, the limited protection currently available to corporates doesn’t come close to the potential losses seen from a truly damaging cyber-attack.
Domenico del Re, insurance director at PwC said: “The drop in take-up of cyber insurance shows that this is still maturing as a product. Companies do not see the cover currently on offer as targeted to their individual risks and therefore not value for money.
“The successful insurer will be one who can handle the technical detail, understand how investment in cyber security reduces the vulnerability of companies, and measure the residual risk. An increase in cyber cover sales will surely follow.”
The ‘silent risk’ is that all insurers and reinsurers, even those who choose not to write specific cyber policies, will continue to be impacted by cyber threats. Losses will continue to be made under policies that do not specifically excludecyber liability in their terms and conditions.
UK organisations are also more likely than the rest of the world to keep their cards close to their chest and not share security knowledge with others. Only 40% collaborate with others to reduce future risks, compared to over half across Europe (52%) and globally (55%).
The London Market is at the forefront of thought leadership in insuring cyber and has a real opportunity to lead the way by collaborating to understand the risk. Insurers with specialist cyber expertise have pioneered the development of this product over the last few years. It will be vital to explore possible cyber scenarios to help engage the wider economy and educate in the importance of cyber risk and cyber insurance.
Marta Abramska, associate director at PwC, commented: “Cyber risk is a new challenge for all companies, including insurers, and the understanding of claims that are likely to arise from an extreme cyber event is in its infancy. The historical data available on cyber attacks is scarce, which impacts the selection of risk modelling techniques available to the insurance industry. Furthermore, any methods are in constant threat of becoming redundant as the cyber risk landscape – and the weapons used - continuously evolves.
“In order to keep pace with society’s demands, it is vital for insurers to lead the way in offering protection for companies. It is also important to develop the right expertise and tools to manage this risk with confidence."
|