Cyber risk dividing insurers as UK companies step away from cyber cover – PwC survey

Published at 09:07 AM on 05 October 2016

  • half of London Market respondents already sell cyber policies, or see this as an area of growth
  • the other half do not actively pursue cyber, often believing the risk to be borderline insurable
  • 38% of UK companies say they have a cyber insurance policy, down from 59% last year
  • Professional liability, property and aviation lines were voted as the most likely ‘non cyber’ policies to be impacted by cyber threat

Cyber insurance is seen as one of the few areas of growth and innovation in the insurance market. That’s because it’s also one of the biggest risks facing UK business, with companies doubling their security budgets last year and now spending around £6.2m on average. Despite this, just under two thirds of respondents say they still don’t have a specific cyber insurance policy.

PwC interviewed over 10,000 executives from more than 133 countries, including 479 respondents in the UK, for the annual Global State of Information Security Survey 2017, produced in conjunction with CIO and CSO. PwC also interviewed 14 London Market specialist insurance companies to measure how insurers are assessing this risk, what (if any) growth strategy they have for cyber, and how they are investing in this area.

Even amongst those currently offering specific cyber cover, insurers still tread carefully and tend to limit the amount of cover offered under each policy. However, the limited protection currently available to corporates doesn’t come close to the potential losses seen from a truly damaging cyber-attack.

Domenico del Re, insurance director at PwC said:

“The drop in take-up of cyber insurance shows that this is still maturing as a product. Companies do not see the cover currently on offer as targeted to their individual risks and therefore not value for money.

“The successful insurer will be one who can handle the technical detail, understand how investment in cyber security reduces the vulnerability of companies, and measure the residual risk. An increase in cyber cover sales will surely follow.”

The ‘silent risk’ is that all insurers and reinsurers, even those who choose not to write specific cyber policies, will continue to be impacted by cyber threats. Losses will continue to be made under policies that do not specifically exclude cyber liability in their terms and conditions.

UK organisations are also more likely than the rest of the world to keep their cards close to their chest and not share security knowledge with others. Only 40% collaborate with others to reduce future risks, compared to over half across Europe (52%) and globally (55%).

The London Market is at the forefront of thought leadership in insuring cyber and has a real opportunity to lead the way by collaborating to understand the risk. Insurers with specialist cyber expertise have pioneered the development of this product over the last few years. It will be vital to explore possible cyber scenarios to help engage the wider economy and educate in the importance of cyber risk and cyber insurance.

Marta Abramska, associate director at PwC, commented:

“Cyber risk is a new challenge for all companies, including insurers, and the understanding of claims that are likely to arise from an extreme cyber event is in its infancy. The historical data available on cyber attacks is scarce, which impacts the selection of risk modelling techniques available to the insurance industry. Furthermore, any methods are in constant threat of becoming redundant as the cyber risk landscape – and the weapons used - continuously evolves.

“In order to keep pace with society’s demands, it is vital for insurers to lead the way in offering protection for companies. It is also important to develop the right expertise and tools to manage this risk with confidence."

Ends.

Notes for editors.

  1. Domenico del Re and Marta Abramska are available for comment. Please contact Ellie Raven at [email protected] or +44 (0) 207 804 3663
  2. The Global State of Information Security® Survey 2017 is a worldwide study by PwC, CIO and CSO. It was conducted online from April 4, 2016, to June 3, 2016. Readers of CIO and CSO and clients of PwC from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 10,000 executives including CEOs, CFOs, CISOs, CIOs, CSOs, vice presidents, and directors of IT and information security from more than 133 countries. Thirty-four percent (34%) of respondents were from North America, 31% from Europe, 20% from Asia Pacific, 13% from South America, and 3% from the Middle East and Africa. The margin of error is less than 1%. There were 479 UK responses.

About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

©2016 PwC. All rights reserved.

Ends.


Twitter
LinkedIn
Facebook
Google+

About PwC

At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.

PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. © 2016 PwC. All rights reserved

« UK organisations double cyber security spend but aren’t seeing the return | Homepage | UK tech awards 2016 – shortlist announced »

  • Contact us
  • +44 (0) 20 7213 1768

Specific and out of hours contacts