Rising boardroom interest in cyber insurance cover has been sparked by a number of major data breaches; the prospect of bigger data breach penalties under new EU data protection laws, and a UK government awareness-raising campaign, an expert has said.
Earlier this month Lloyds of London said that it has seen a 50% increase in demand for cyber insurance products during the first three months of 2015 compared to the same period last year.
Those figures stand in contrast to a report published by the UK government and insurance broker Marsh in March which said that just 2% of large businesses in the UK have “explicit cyber cover”. According to the report, approximately half of the businesses the government liaised with for the report said they were not aware “that cyber risks can even be insured”.
However, cyber liability specialist Ian Birdsey of Pinsent Masons, the law firm behind Out-Law.com, said cyber security is moving up the list of UK boardroom priorities and that it is reflected in a growing cyber insurance market.
Birdsey said that companies’ raised awareness and concern as a result of impact of high-profile breaches such as Target, Home Depot and Sony is a likely factor behind the Lloyds of London figures.
“In particular, the reputational impact of these high-profile breaches has damaged the companies concerned, and directly led to senior management changes,” Birdsey said. “As a result, other organisations are taking the risks more seriously and considering various options including risk transfer solutions such as cyber insurance products.”
The proposed new EU General Data Protection Regulation looks like it will give regulators power to issue more substantial monetary penalties for data breach incidents stemming from security deficiencies, including those that can be linked back to cyber attacks.
According to a draft being considered, businesses could face fines of up to 5% of their annual turnover if they breach the new Regulation. This increase in the potential financial penalties that could be issued by data protection authorities may also be prompting UK businesses to consider how they manage cyber risk, Birdsey said.
In recent months the UK government has promoted the UK’s cyber insurance market and said it believes providers of cyber insurance cover have a role to play in helping UK businesses address cyber security issues. Birdsey said he believes this has been a factor in the increased interest in cyber insurance products.
“This has certainly raised awareness and is more likely to have promoted cyber insurance to SMEs than larger organisations,” Birdsey said. “However, this increased awareness may have encouraged senior management teams and boards to approve increased budgets for, or sanction the purchase of, cyber insurance by their companies.”
Birdsey said that whilst cyber insurance cover does not provide immunity against cyber criminals, it “offers two key elements”.
“Those elements are a financial indemnity up to potentially significant levels of indemnity or cover in the region of hundreds of millions of pounds; and access to an expert panel of vendors often at preferential rates in the event of a data breach,” Birdsey said. “The underwriting process is also likely to focus on various key aspects of risk management.”
This article was kindly sponsored by Out-Law.com