Written by James Orme Tue 13 Aug 2019

New research from the Association of British Insurers shows an overwhelming majority of UK businesses lack cyber cover

Uptake of cyber security insurance in the UK is worringly low and placing millions of small businesses at risk, according to new research.

The Association of British Insurers (ABI) revealed that just 11 percent of businesses have a specific cyber insurance policy in place. However, 99 percent of claims made on ABI-member cyber insurance policies in 2018 were paid out.

The £3.7 billion cyber insurance market has boomed in recent years as the number of cyber attacks continues to surge. High-profile cases in the UK include the attacks that blighted British Airways and Marriott International.

Cyber insurance policies are a relatively affordable means of offsetting financial damages from cyber attacks and data breaches, such as recovery and management costs, cyber extortion cover, autopsy support and media liability. Policies also offer services to help prevent breaches from occurring in the first place.

According to IBM’s 2019 Cost of Data Breaches report, a data breach costs a UK business £3.1 million on average.

Some commentators, however, have criticised insurance companies for failing to understand cyber risk or explain what is actually covered in policies.

ABI has asked the Information Commissioners Office (ICO) to make anonymised cyber breach data publicly available so that insurers can price risk more accurately by using the data to inform their modelling. The organisation said this would enable insurers to tailor policies to specific businesses and verticals.

“Cyber insurance is a valuable product – the claims acceptance rates speak for themselves and the additional support a business receives, beyond dealing with the pure financial losses is a key attribute of most cyber insurance policies, too often overlooked,” said James Dalton, director of general insurance policy at ABI.

“Data is key to insurers’ ability to better understand and more accurately price cyber risk. We need the ICO to work with us to find what data can be shared to help insurers provide more cover to the many businesses that need it in this digital age.”