A recent report, co-authored by the government and insurance broker Marsh, found that just two percent of UK firms have cyber-insurance, despite 81 percent of firms admitting that they've suffered a breach in the last 12 months.The same report, which was based on input from 13 London insurers and various large companies, found that while the London cyber-insurance market is worth some £160 million, more than 10 percent of the global market, policies for UK companies only account for around £20 million to £25 million.
The UK government is subsequently trying to up the ante in the UK and announced in late March that it was teaming up with Royal Bank of Scotland and insurance broker Marsh to help develop the local cyber-insurance market.There will be a series of joint initiatives with the private sector, and plenty of communication too; the government is requiring all participating insurers to include the Cyber Essentials certificate as part of their cyber-risk assessment for SMEs, when backed by a suitable insurance policy to improve their supply chain resilience. Marsh will launch a new cyber-insurance product for SMEs which will absorb the cost of Cyber Essentials certification for the majority of firms, and the government is encouraging other brokers to follow suit.
Lloyds, meanwhile, will work with the UK department of Trade & Investment to market the cyber-capabilities of the London insurance market globally.Maude said in a statement: “It is part of this government's long-term economic plan to make the UK one of the safest places in the world to do business online. “The UK's insurance market is world renowned and we want it to be the same in relation to cyber-risks. The market has extensive knowledge and experience of more established risks to help businesses manage and mitigate relatively new cyber-risks.
“Insurance is not a substitute for good cyber-security but is an important addition to a company's overall risk management. Insurers can help guide and incentivise significant improvements in cyber-security practice across industry by asking the right questions of their customers on how they handle cyber-threats.”Mark Weil, CEO of Marsh UK & Ireland, added: “While critical infrastructure in regulated sectors, such as banks and utility firms, are used to this kind of risk, most firms are not and their risk management practices are geared around lower-level, slower moving risks. Companies will need to upgrade their risk management substantially to cope with the growing threat of cyber-attack, including introducing disciplines such as stress-testing, and creating a joined-up recovery plan that brings together financial, operational, and reputational responses.”
Cyber-insurance policies currently fluctuate wildly, with coverage typically six times more expensive than property cover. One source told SC Magazine UK that some premiums rose by as much as 35 percent in the days after the Anthem hack, despite the claimant having no other change in circumstances.