James Dalton, Director of General Insurance Policy at the ABI, today addressed a room of government officials, peers and industry alongside Baroness Neville-Jones, former Chairman of the Joint Intelligence Committee – stepping up the ABI’s calls for access to anonymised breach data from the ICO.
Mr Dalton was speaking at the launch of the Digital Policy Alliance’s primer on cyber insurance, aimed at increasing awareness and take up of cyber cover amongst British businesses. He called for a redoubling of effort to enable industry’s access to the necessary data, which has been well received across Whitehall, saying:
“One of the most significant issues with cyber insurance pricing and underwriting is the lack of robust data on cyber risk. Unlike colleagues in the property insurance sector who can rely on hundreds of years of claims experience, cyber underwriters do not have such a wealth of information.
“Progress in delivering this access with the ICO has not been as swift as we would have liked… ultimately a healthier cyber insurance market is good for businesses, good for the economy and, most importantly, good for all of us as customers of businesses dealing with ever increasing amounts of our data.
“Our ask is for a refocussing of minds and a redoubling of effort to get a meaningful sharing of the ICO’s data over the line.”
Mr Dalton also reiterated his firm rebuttal to suggestions of product standardisation across the cyber market:
“There have been proposals from various stakeholders to impose product standardisation in the cyber insurance market. In our view, these must be firmly resisted.
“Cyber risk is constantly changing and evolving. As a consequence, insurers need to frequently adapt and change their policy wordings, question sets, and underwriting approaches in order to ensure that they are best serving their customers while managing their exposures prudently in line with their regulatory responsibilities.
“It is misguided… to attempt to impose standards on the cyber insurance market, especially one that is in its relative infancy and one that needs flexibility to respond to an ever-changing cyber risk landscape.”
You can see a full version of his speech here.