CNA Hardy and Innovation Broking have teamed up to develop a range of specialist solutions offering comprehensive cover and pre- and post- breach services that they hope will increase take-up of cyberinsurance
Cyberinsurance has existed since the 1990s, yet far too many companies still choose to ignore it, putting themselves at a potentially enormous risk.
According to the latest figures from the Association of British Insurers (ABI), just 11pc of businesses in the UK have a specific cyberinsurance policy,* yet the Government’s Cyber Security Breaches Survey 2019 reveals that 32pc of domestic businesses have suffered cybersecurity attacks in the past 12 months.**
Businesses have struggled to understand exactly what cyberinsurance is, what their exposure is and what cover they need to buy
So why does take-up of cyberinsurance remain alarmingly low at a time when the evidence suggests that SMEs are under greater threat of a cyberattack than ever before?
Part of the problem is in understanding the complexities that exist in many cyberinsurance policies. Paul Dickson, founder and chief executive of Innovation Broking, says: “Businesses have struggled to understand exactly what cyberinsurance is, what their exposure is and what cover they need to buy.
“There are marked differences in the quality of cover available via different insurance products.”
How you are covered
As a result, CNA Hardy, a leading specialist commercial insurer, has collaborated with Innovation Broking to develop a market-leading cyberinsurance solution.
“Many smaller companies see the headlines around huge data breaches suffered by the likes of BA and Marriott and simply believe that cyberthreats don’t exist for their business,” says David Legassick, head of life science, technology and cyber at CNA Hardy.
“This mindset needs to change. They may not have the same scale of valuable data as larger businesses but they still hold data and information that cyber criminals want.
“They also have the same exposures and weaknesses as larger businesses, but not necessarily the same level of resource and in-house skills to mitigate their risks.”
However, awareness around the benefits of cyberinsurance is starting to gather pace. “We are turning the corner,” says Mr Dickson. “More executives are enquiring about cyberinsurance, and the better solutions on the market provide cover against the complex cyber-risks facing businesses, from data breach and ransomware to extortion and business interruption.”
More than just cover
The aftermath of a cyberattack can cause damage to a company’s reputation, loss of earnings from business interruption and can have financial and legal implications.
In response, Mr Legassick says: “We need to look at what services we are providing to customers to help them manage and assess their risk.
“Our wraparound service package can scan networks to assess the propensity for an attack, conduct IT system audits, offer security training and make high-level recommendations both from an organisational and a technology perspective.
“The insurance industry is starting to wake up to the fact that pre- and post-loss services, rather than just cover, are what really make the difference.”
Finally, insurance companies are offering much higher limits than before, with some policies providing up to £50m cybersecurity cover.
They are also becoming more affordable, Mr Dickson says. “Most SMEs can bolt on a very broad cyberinsurance policy, giving them £5m cover for 10pc of their current overall insurance spend.”
With cheaper policies and greater cover targeted squarely at the needs of SMEs, it must be hoped that cyberinsurance take-up will finally start to increase in the coming years.
Insurance that can help prevent cyberattacks
Whereas most insurance products are designed to cover a specific liability such as a flood or fire, cyberinsurance often comprises many additional services, both to prevent an attack from happening in the first place as well as helping businesses in the event of a breach.
For example, CNA Hardy’s cyberproduct includes access to a suite of expert post-breach partner services including a legal hotline, access to IT forensics and PR reputation management services to coordinate the response.
David Legassick of CNA says: “If a client thinks they have suffered a breach, they simply call a hotline and within minutes have access to a team of experts to investigate the breach or suspected breach.”