The lack of cyber data, however, hinders the growth of the insurance industry and to the UK’s becoming a world leader in cyber insurance. The solution? A national, not-for-profit, anonymised database for recording cyber breach cases in businesses, according to the Association of British Iinsurers (ABI) website.
The database will cover cyber incidents including business interruption losses, ransom demands, loss of confidential data, and damage to IT systems. Building on the requirement in the European Network Information Security Directive for certain firms to notify of data breaches from 2018, the data could be anonymised and made available to insurers to improve pricing and products. If actualized, this national database accessible to insurers would be a world first.
“Cyber losses are the biggest threat to Britain’s world leading digital economy, and we need to capture more data to get on top of the problem,” said Huw Evans, ABI’s Director General, adding that “Cyber [loss] is the biggest insurable risk that the industry will have to meet, and it is critical to the economy.”
ABI highlights the importance of cyber data for growing the insurance industry, the lack of which data, Evans said is a huge inhibitor to the UK being at the core of the cyber market.” He explained that more data “can stimulate the cyber insurance market, giving greater choice to businesses in insuring against cyber losses.”
Matt Cullen, ABI’s Assistant Director, Head of Strategy stressed the crucial role of the insurance industry in helping firms of all shapes and sizes improve their resilience to cyber attacks, and help them recover from cyber incidents.
Cullen said that small and medium-sized businesses (SME) are also being targeted by cyber criminals, since these firms “have lower levels of data protection in place than larger organisations.”
“A cyber attack will often be very disruptive and costly, and in some cases, could even threaten a smaller firm’s existence,” said Mike Cherry, National Chairman at the Federation of Small Businesses.
“Smaller businesses are struggling with the increasing volume and sophistication of cyber attacks. While 93 per cent have taken steps to protect their business from cyber crime, the growing number of businesses still falling victim is a worrying trend.”
Cherry also shared that according to a FSB research, the types of cyber crime most commonly affecting small businesses are emails, 49 per cent; spear phishing emails, 37 per cent; and malware attacks, 29 per cent.
ABI, an organisation that speaks on behalf of UK insurers and promotes best practice, transparency, and high standards within the industry, released a guide entitled, “Making Sense of Cyber Insurance,” which explains the key types of protection to look out for in cyber insurance policies – business interruption losses, privacy breach costs, cyber extortion, and cyber specialist support.
Cyber is one of the biggest insurable risks that the insurance industry will have to meet.