The UK government has published a report on the role of insurance markets in managing and mitigating cyber risk.
UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk describes how insurance can be another mechanism for cyber risk reduction, encouraging steps to reduce risk through reduced premiums, and providing insight from claims and near misses.
The report highlights that many aspects of cyber risk, such as the risk of business interruption, the potential for large and public impact, and the need for rapid response post-event, are common to other "tail risks" (low frequency, high impact events), such as natural catastrophe and terrorism.
The information I found most worthy of particular attention was:
- More than 60% of incidents reported to insurers are the result of accidents
- The majority of the high-severity losses stem from actions designed to cause harm
- A paucity of data makes attempts to model cyber exposure difficult
- Any form of data pooling among underwriters would therefore benefit their customers
- The cost of cyber insurance relative to the limit purchased is typically three times the cost of cover for more established general liability risks
- Cyber insurance also has a much lower degree of price differentiation across individual firms... this is concerning because it undermines the value of insurance in encouraging risk reduction by firms, since they will not see a corresponding reduction in their insurance costs
- Half of firm leaders we spoke to do not realise that cyber risks can even be insured
- Less than 10% of UK companies have cyber insurance protection even though 52% of CEOs believe that their companies have some form of coverage in place.
The taxonomy of cyber risk, cyber loss categorisations and risk profiles for larger and smaller business are especially helpful, and could be used by any organisation to undertake their own comparative cyber risk assessment.
Figure 8 of the report explains the typical cyber exclusions and gaps in traditional insurance policies for property, business interruption, general liability, and errors/omissions/professional indemnity. The potential insurability, market size and opportunities for the London insurance market are discussed.
Posted on: 17 April 2015 at 07:29 hrs