Good Practice Guide
28 January 2020
19 February 2020
An overview of cyber insurance and how underwriters should approach it.
Cyber is one of the most commonly used terms used in insurance. However, it is also one where clients are finding themselves underserved. Cyber is concerned with the loss or damage related to data, with cyber-related incidents now one of the most common and ever-changing types of threat that insurers are faced with. Despite this, there are many people who still don’t understand what cyber is or have suitable cover.
According to the 2019 “Cyber Security Breaches Survey” by the Department for Digital, Culture & Sport, a third of businesses in England and Wales reported having cyber security breaches or attacks in the last 12 months. As in previous years, this is much higher specifically among medium businesses (60%) and large businesses (61%). The proportion identifying breaches or attacks (32%) is lower than in 2018 (when it was 43%) and 2017 (46%).
At the same time, among the 32% of businesses that did identify any breaches or attacks, the average number of incidents has increased from two attacks in 2017 to six in 2019.
With such high numbers it might be difficult to understand why more people don’t have any type of cyber cover. The reason for this is that there is still a lack of understanding of what cyber actually is, an assumption from clients that they are already covered or that cyber won’t affect them.
To better understand what cyber is, and how to serve clients better, this Good Practice Guide examines the following:
- what cyber means
- why cyber is a growing issue
- the different types of cyber threat
- what cyber insurance should cover
- other cyber concerns
This document is believed to be accurate but is not intended as a basis of knowledge upon which advice can be given. Neither the author (personal or corporate), Society of Underwriting Professionals or Chartered Insurance Institute, or any of the officers or employees of those organisations accept any responsibility for any loss occasioned to any person acting or refraining from action as a result of the data or opinions included in this material. Opinions expressed are those of the author or authors and not necessarily those of the Society or Chartered Insurance Institute.