Taking out cyber insurance cover to become 'the norm' within 10 years, says ABI

Out-Law News | 05 May 2015 | 5:13 pm | 1 min. read

Businesses will regard having cyber insurance cover as "essential" within the next 10 years, the UK's main insurance industry trade body has said.

Ahead of its cyber insurance conference, the Association of British Insurers (ABI) said it expects cyber insurance products to become "as common a purchase for UK businesses as property insurance" by 2025.

The UK government and insurance broker Marsh reported in March that just 2% of large businesses in the UK currently have "explicit cyber cover". Approximately half of the businesses surveyed for the report said they were not aware "that cyber risks can even be insured".

However, last month Lloyds of London said that it has seen a 50% increase in demand for cyber insurance products during the first three months of 2015 compared to the same period last year. The ABI said it expects to interest in cyber insurance products to continue to grow to address the rise in cyber crime, the challenge of protecting against cyber threats, the importance of IT to business operations and the potential need to change those operations if a cyber attack is successful.

"Cyber risk is growing rapidly," Huw Evans, director general at the ABI, said. "At the moment, despite more than 80% of large businesses suffering a cyber security breach in a 12 month period, only around 10% have any form of cyber insurance. Online breaches can cost millions, and would threaten the viability of many businesses, so the stakes are high. Cyber insurance is an increasingly important way for businesses of all sizes to manage this threat."

"The UK insurance industry is already providing cover for cyber risk to customers around the world. More British firms are now taking advantage of this expertise and by 2025 this type of cover will be seen as an essential business purchase," Evans said.

According to a separate report by cyber security provider Tripwire, 100% of 'C-suite' executives believe they are "cyber security literate", but only 62% of those people thought their corporate board is too. The report found that a security breach is the most common single event to spur awareness of cyber security in the board room.