UK Cyber Insurance 2017
March 2017
44
About the Report
About the Report
UK Cyber Insurance 2017
Summary
"UK Cyber Insurance 2017" discusses the growing need for cyber insurance and highlights product uptake among UK businesses. It explores how cyber insurance fits within a commercial insurance portfolio and examines the products offered by key market players. It demonstrates how the insurance sector can help improve understanding of cyber insurance, and how insurers and brokers can help promote the adoption of good practice to reduce the frequency and cost of breaches. This report will also discuss the most significant market developments over the past 12 months and how the sector is likely to develop in the future in reference to new initiatives and regulation.
The UK cyber insurance market is growing over time. Product penetration is increasing as businesses are becoming more aware of the need for cyber insurance in a world where they are dependent on the digital space and crime is moving online. All businesses are vulnerable and require cyber insurance, regardless of size or industry. While there is a large opportunity for insurance providers to increase product penetration and grow their commercial books, they must be cautious due to the unknown exposure and scale of cyber risk. Ultimately cyber insurance is still developing its place within commercial insurance portfolios.
Scope
It is estimated that fraud and cyber offenses make up 47.3% of all crime according to the Crime Survey of England and Wales conducted by the Office for National Statistics.
Cyber insurance penetration is increasing. 13.7% of UK SMEs held cyber insurance in 2016, compared to 2.1% in 2014.
The average total organizational cost of a data breach is also increasing. In the UK it rose by 14.5% from $3.45m in 2014 to $3.95m in 2016 according to the Ponemon Institute.
Reasons to Buy
Gain a better understanding of the need for cyber insurance among UK businesses.
Understand how cyber insurance fits within the commercial insurance space and how it is likely to evolve over time.
Discover how regulation and new government initiatives will impact the market.
Products
Companies
AIG, Zurich, Aviva, Hiscox
Table of Contents
Table of Contents
Table of Contents
1. EXECUTIVE SUMMARY 2
1.1. The UK cyber insurance market is still evolving 2
1.2. Key findings 2
1.3. Critical success factors 2
2. THE GROWING NEED FOR CYBER INSURANCE 7
2.1. Introduction 7
2.2. Cybercrime is becoming an increasing risk for businesses 7
2.2.1. The rise of digital for businesses has grown the opportunity for cyber-criminals 7
2.2.2. Crime is moving online 8
2.2.3. The full extent of cybercrime is hard to assess 10
2.2.4. There are a broad range of cyber risk characteristics 10
2.3. All businesses are vulnerable to cybercrime 11
2.3.1. Cybercriminals are targeting large businesses and SMEs 11
2.3.2. Cyber insurance penetration is increasing over time 12
2.3.3. Cyber insurance uptake is low for small businesses, despite them being vulnerable 14
2.3.4. All industries that hold valuable customer information are at risk 15
2.3.5. Cyber insurance penetration varies by industry 15
2.3.6. Businesses are at risk no matter how sophisticated their cyber security system 16
2.3.7. Many of the main business concerns for SMEs are cyber-related 17
2.4. There have been many recent high-profile cyber-attacks 18
2.4.1. TalkTalk was fined GBP400,000 by the ICO for failing to protect customer data 18
2.4.2. Yahoo disclosed two large-scale breaches at the end of 2016 19
2.4.3. The largest NHS trust was targeted by a ransomware attack in early 2017 19
3. CYBER INSURANCE WITHIN THE COMMERCIAL MARKET 20
3.1. Cyber insurance is still evolving as a product 20
3.1.1. Cyber insurance is still finding its place in the commercial insurance market 20
3.1.2. The debate between standalone and add-on cyber insurance products 20
3.1.3. The risk of add-on cyber insurance products leaving businesses with gaps in cover 20
3.1.4. Understanding of cyber insurance is increasing 21
3.1.5. Brokers play an important role in the distribution of cyber insurance 22
3.2. A number of insurers provide cyber insurance 24
3.2.1. AIG's CyberEdge PC policy is flexible and designed to complement existing cover 24
3.2.2. Aviva targets the small and mid-market with a bolt-on cyber product 25
3.2.3. Hiscox offers a standalone cyber and data risk insruance policy directly online 25
3.2.4. Zurich has a global focus for its product and associated breach response service 27
3.3. The claims landscape is constantly evolving with cyberspace 28
3.3.1. Hackers are exploiting the human element when targeting businesses 28
3.3.2. There has been a rise in ransomware attacks 28
3.3.3. Cyber risk is moving beyond data privacy issues 29
3.3.4. The organizational costs of data breaches are on an upward trend 29
3.3.5. Healthcare experiences the highest severity of claims 31
3.3.6. Third-party involvement is the largest factor that increases per capita cost 31
4. THE FUTURE OF CYBER INSURANCE AND SECURITY 33
4.1. The cyber insurance market will continue to grow 33
4.1.1. Preventing attacks should be a focus for businesses, but cyber cover is still essential 33
4.1.2. Insurers have an opportunity to help businesses reduce their cyber risk 33
4.2. The UK government is committed to tackling cybercrime 33
4.2.1. Cyber Essentials allows businesses to certify they are cybersecurity conscious 33
4.2.2. GCHQ has published a 10-step guide to help businesses protect themselves 34
4.2.3. The UK government is investing GBP1.9bn in a new National Cyber Security Strategy 36
4.3. The EU's GDPR will come into force in 2018, and will modernize data protection 37
4.3.1. The definition of what constitutes personal data has expanded 37
4.3.2. The directive will apply to anyone handling the data of EU citizens 37
4.3.3. Data processors will be subject to regulation 37
4.3.4. Those subject to regulation will need to show accountability 38
4.3.5. Customers have stronger rights when it comes to consent 38
4.3.6. Data breaches must be notified 38
4.3.7. Businesses may need to appoint a DPO 39
4.3.8. Regulation will be heavily enforced by large fines and frequent audits 39
4.3.9. The GDPR is expected to grow the cyber insurance market 39
4.3.10. The GDPR will drive better cyber security and help insurers model cyber risk 39
4.4. Cyber insurance will expand into personal lines 40
4.4.1. Cyber exposure for individuals has grown with the Internet of Things 40
4.4.2. Individuals are vulnerable to being targeted with cybercrime 40
4.4.3. AXA offers personal cyber insurance in France 40
5. APPENDIX 41
5.1. Abbreviations and acronyms 41
5.2. Methodology 41
5.2.1. Primary and secondary research 41
5.2.2. GlobalData's UK SME Insurance Survey 41
5.2.3. GlobalData's UK Commercial Broker Survey 41
5.3. Bibliography 42
5.4. Further reading 42
List of Figure
List of Figures
Figure 1: Fraud and cyber offenses make up nearly half of crime in England and Wales 9
Figure 2: Bank and credit account fraud is the most common type of online crime 9
Figure 3: The taxonomy of cyber risk for businesses 11
Figure 4: The percentage of UK SMEs holding cyber insurance has risen significantly in recent years 13
Figure 5: Cyber insurance has the lowest uptake of all commercial products among UK SMEs 13
Figure 6: Uptake of cyber insurance increases with business size 14
Figure 7: Mining, electricity, gas and water supply services have the highest uptake of cyber insurance 16
Figure 8: Cyber risks are a key concern for UK SMEs 17
Figure 9: Cyber risks are a key concern for UK SMEs 18
Figure 10: Over half of UK SMEs now think cyber insurance is easy to understand 22
Figure 11: Almost half of UK SMEs purchasing cyber insurance did so through a broker 23
Figure 12: Nearly 50% of UK brokers trade cyber insurance 23
Figure 13: AIG's CyberEdge PC fills gaps in other commercial cover 25
Figure 14: Hiscox allows SMEs to build their own insurance portfolio directly online 27
Figure 15: The average per capita cost of a data breach remained steady between 2014 to 2016 30
Figure 16: The total cost from data breaches is increasing over time for organizations 30
Figure 17: The per capita cost of a data breach is highest in the healthcare industry 31
Figure 18: Third-party involvement and use of the cloud adds the largest costs to data breaches 32
Figure 19: The CESG has developed a 10-step guide to help businesses establish cyber security 35
Figure 20: The CESG has developed a guide to help businesses understand common cyber attacks 36
Why Buy From US?
What makes us stand out is that our consultants follows Robust, Refine and Result (RRR) methodology. i.e. Robust for clear definitions, approaches and sanity checking, Refine for differentiating respondents facts and opinions and Result for presenting data with story
We have set a benchmark in the industry by offering our clients with syndicated and customized market research reports featuring coverage of entire market as well as meticulous research and analyst insights.
While we don't replace traditional research, we flip the method upside down. Our dual approach of Top Bottom & Bottom Top ensures quality deliverable by not just verifying company fundamentals but also looking at the sector and macroeconomic factors.
With one step in the future, our research team constantly tries to show you the bigger picture. We help with some of the tough questions you may encounter along the way: How is the industry positioned? Best marketing channel? KPI's of competitors? By aligning every element, we help maximize success.
Our report gives you instant access to the answers and sources that other companies might choose to hide. We elaborate each steps of research methodology we have used and showcase you the sample size to earn your trust.
If you need any support, we are here! We pride ourselves on universe strength, data quality, and quick, friendly, and professional service.