The UK’s cyber insurance market is one of the most innovative and rapidly growing areas of general insurance. For any business, no matter the size of the organisation, the cost of dealing with even unsophisticated cyber-attacks could easily overwhelm it. Insurance provides greater certainty to business by helping them to protect against potentially catastrophic costs and cyber insurance is specially designed to support businesses manage digital threats.
Cyber insurance will provide cover for losses to your business following a cyber-attack, such as loss of income due to business interruption, costs of dealing with a privacy breach and repairing IT systems.
Insurance will also provide access to IT forensic and incident response specialists, legal counsel and PR advice to help manage the response to any attack.
As well as providing support in the event of a cyber-attack, cyber insurance will provide businesses with advice on steps they can take to reduce their cyber risk, such as access to cyber security experts, threat intelligence services, conducting IT vulnerability assessments, providing staff training and help with password management.
For the ABI, we’re working closely with members to support the healthy and sustainable growth of the UK cyber insurance market, to help businesses understand the risks posed by the increased reliance on digital infrastructure and to improve the levels of cyber resilience across the UK.
As ever though, data is key. Given cyber insurance is less mature than other insurance lines, it means less historical claims data. Cyber risk is also an unpredictable risk in terms of both frequency and severity.
That’s why a significant part of the ABI’s work in this area has been to engage with the Information Commissioner’s Office (ICO) – the UK's independent body set up to uphold information rights – on understanding the insight that could be gained from the data they capture as part of personal data breach reporting requirements.
And that’s why we strongly welcome the ICO’s new data security incidents dashboard. We know from speaking with our members in the cyber insurance sector that there is a desire for easy access to this level of data and insight.
With quarterly updates, interactive filters and charts, the dashboard will provide new and useful insights into data security incidents and trends. For example, users of the dashboard will be able to see the proportions of incidents reported over time across types of incident, types of data subject, types of data and decisions taken. There are also interactive time series charts that show incident trends over time. Importantly for insurers there is also a raw data file with anonymised information on each reported breach.
Over time, this will help cyber insurers to understand the evolving profile of cyber and data risk. The datasets will improve the ability to understand the changing nature of cyber threats to UK organisations and allow insurers to provide more tailored products, tools and expertise to businesses.
For cyber insurance customers themselves, higher levels of cyber coverage help to improve the baseline level of cyber security. Cyber insured businesses tend to be more aware of the digital risks their business faces, better protected against these risks, have greater access to experts quickly to deal with problems and have the support to get back up and running as soon as possible.
Gemal Mekki, ICO economist, comments: “We’re proud to bring a new level of transparency to our breach data with the launch of the data security insights dashboard. It supports the ICO’s work to empower organisations and businesses to grow responsibly, enabling them to bring products and services to market more quickly whilst also protecting people’s personal information.
“Helping organisations to increase the resilience of their cyber security has never been more important and we have listened to the ABI and other industry stakeholders to gain a clear understanding of how they can benefit from using breach data. We want to deliver something valuable for the sectors we’re working with and our engagement with the ABI has played an important role in developing the dashboard.”
The concentration of expertise, capital and infrastructure in the London insurance market means the UK is well suited to service the country’s growing cyber security requirements. As the first regulator in Europe to bring this level of transparency to breach data, access to the new ICO data security insights dashboard will further strengthen the UK and London’s global reputation as a centre of cyber underwriting expertise and will help to facilitate more discussions with businesses about good cyber and data security practices.