In 2015 the Lloyds market wrote £322m worth of cyber
policies. In 2016 this is expected to rise to £500m. Yet take
up of cyber insurance in the UK is lagging far behind that of the
US; despite numerous warnings from GCHQ about the threat posed to
British businesses by cyber-attacks.
So where to start? If you are a CEO, Board member or CIO
considering purchasing cyber insurance, here are a few useful
Value at risk
– have you worked through a plausible worst case scenario for
data loss? What is the potential financial impact? By the time you
have added up notification costs, business interruption costs, the
cost of IT forensics, remediation work, contractual claims,
regulatory penalties and PR costs the figures can start to look
quite scary, that is before you even start to think about the
reputational damage that might accrue. You don't have to be a
large business to have a lot of value at risk.
Treat before you
transfer – cyber insurance is about transferring
residual risk. Before you seek to transfer that risk, you should
make sure it is as low as possible. Do you have a cyber security
programme in place? In the event of a cyber-attack or other data
loss incident you will need to be able to re-assure your clients
that you have taken reasonable and proportionate steps to defend
your business from cyber risks. If you do decide to take up cyber
insurance the underwriters will look at your cyber defences in
order to price the risk.
– what does your existing Professional Indemnity provide for?
It may be that your existing policies indemnify you against certain
claims from third parties arising from the loss of data. However,
the policies themselves are unlikely to cover you for first party
losses of the kind that can quickly accrue from a cyber incident.
It is worth talking to your broker to check the current
Mind the gap –
if you wish to purchase specific cyber cover, make sure you have an
in depth conversation with your broker and you feel really
comfortable with the extent of the cover you are buying. The cover
needs to be specifically tailored to your firm. A recent example in
the US – PF Chang's China Bistro v Federal Insurance Co
– highlights some of the key issues in the limits of cyber
cover. In that case the insured, a Chinese restaurant operator,
discovered too late that they were not indemnified for claims
against them from MasterCard, associated with the theft of credit
card data. There have been various examples in recent times when
hackers have targeted third parties, which may have been outside
the scope of the insurance cover. This is worth checking.
we know from leading forensic investigations into cyber attacks
that it is often possible to find internal weaknesses that could
have inadvertently enabled the attacker. It is important to make
sure that this would not be deemed negligent by the insurer and
therefore impact the quantum of any pay out in the event of a
In 2012, Robert Mueller, the then Director of the FBI, said that
there were only two types of company; "Those that have
been hacked, and those that will be." Also in 2012, the
new British Prime Minister, Theresa May, stated while then Home
Secretary that "Cyber-crime is a serious problem which
affects businesses of all sizes and can have devastating
consequences". While US businesses appear to have taken
heed, UK businesses have been slower to the uptake.
Of course, cyber insurance in itself will not protect a business
against a cyber-attack, but what it will ensure is a degree of
financial cover for when it does happen. As Martin Camp, Divisional
Director at Lark Insurance comments, "After a system is
breached, things can get really bad... (because) organisations are
to failing to ensure they have sufficient insurance in place to
protect themselves for after the worst has happened".
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Deloitte is once again partnering with the Global FinTech Hubs Federation, an initiative founded by Innovate Finance and SWIFT Innotribe, to publish a special interim review for the 2017 Innovate Finance Global Summit.
Last year proved a turbulent year for the FinTech sector. Although the industry continued to boom, the Brexit vote and the election of Donald Trump seem to have caused many investors to pause and reconsider investing in Europe and North America.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).