Premiums expected to pass $2bn this year as cyber attacks on businesses increase
The world’s leading insurance market has reported a sharp increase in companies seeking insurance cover from hackers stealing customer data and cyber terrorists shutting down websites to demand a ransom.
Geoff White, underwriting manager for cyber, technology and media at Lloyd’s syndicate Barbican, said the market for cyber insurance had “increased dramatically”, with gross written premiums rising sharply every year since 2009.
In 2012, gross written premiums totalled an estimated $850m (£500m), increasing to $1.3bn last year, and are expected to be well above $2bn in 2014, he added.
Cyber attacks on business are the driving force behind the rapid rise in the insurance market. “We saw a very quick influx of US retailers looking to increase their insurance limits by quite sizeable amounts. In some cases they were purchasing three or four times the limit, as a result of the Target data breach,” said Mr White.
US retail giant Target was the victim of one of the most sophisticated and
co-ordinated cyber attacks ever during the busiest shopping day of the year over the Black Friday holiday weekend in November last year. A criminal gang collected bank card information from about 40m Target customers as they swiped their cards at the till, in a technique known as “skimming”.
Despite the rise in insurance cover, however, many UK companies are still exposed, with nine out of 10 UK small companies suffering from a data breach, according to the Government’s 2013 Information Security Breaches Survey Report.
“A lot of companies don’t feel the cyber threat is relevant to them, they still think this is a problem for big business. However, if you use email or have a smartphone or a computer then there is a risk,” Mr White added.
Perversely, it is improved technology that is the biggest risk to business, according to Prof Peter Sommer, a cyber security expert.
“Most of the people in an organisation feel they don’t want to get left behind, but all too often they don’t think through the security implications. If you look in particular at cloud computing, some of the contracts that people are signing seem to leave businesses extremely exposed.” .
“Across the board people are taking appalling risks and they don’t know what they would do if something went wrong,” Prof Sommer warned.
Prof Sommer is concerned the insurance market may be unable to cope with claims. “When it comes to cyber there are lots of risks and they keep changing, and you have a general absence of actuarial material. The question for the underwriter is how on earth do I cover this?” he said.
The Barbican syndicate is already insuring US utility companies and there has been an increase in interest from UK utility companies, which would require cover in the billions, according to Mr White.
“I would suggest right now we haven’t got a billion of capacity as a market overall, but we are working to understand the needs of utility firms,” said Mr White. “I would look at insurance as only part of the risk management solution, really companies need better education.”
As UK business surges ahead in the race for new technology it could be undone by an age old problem.
“The human element is huge, with the greatest will in the world you can have the best firewalls and antivirus, but if a socially engineered email comes through to you and you click on the link you have been breached,” Mr White said.