One of the most significant issues with cyber insurance pricing and underwriting is the lack of robust data on cyber risk – and the UK trade body for the insurance sector wants the data protection regulator the ICO to release anonymised breach data.
Unlike colleagues in the property insurance sector who can rely on hundreds of years of claims experience, cyber underwriters do not have such a wealth of information, James Dalton, Director of General Insurance Policy at the (ABI), told a launch event for the Digital Policy Alliance’s primer on cyber insurance.
The document stresses the need to encourage much greater and rapid take-up of cyber insurance, given the need to protect data under the GDPR, and how ‘even the most robust strategies around governance, training, processes, and technical IT security cannot eliminate cyber risk – it can only ever be prepared for and mitigated’.
Dalton said: “Progress in delivering this access with the ICO has not been as swift as we would have liked … ultimately a healthier cyber insurance market is good for businesses, good for the economy and, most importantly, good for all of us as customers of businesses dealing with ever increasing amounts of our data. Our ask is for a refocussing of minds and a redoubling of effort to get a meaningful sharing of the ICO’s data over the line.”
On various proposals to impose product standardisation in the cyber insurance market, these must be firmly resisted, he added. “Cyber risk is constantly changing and evolving. As a consequence, insurers need to frequently adapt and change their policy wordings, question sets, and underwriting approaches in order to ensure that they are best serving their customers while managing their exposures prudently in line with their regulatory responsibilities. It is misguided … to attempt to impose standards on the cyber insurance market, especially one that is in its relative infancy and one that needs flexibility to respond to an ever-changing cyber risk landscape.”
For the full speech visit the ABI website.
About the primer
Briefly, it states that due to a confluence of factors, the cyber insurance market is now sufficiently mature that it would now be an appropriate moment for the Government to highlight, as part of its ongoing cyber awareness and prevention efforts, the useful role of insurance in a constantly changing cyber threat landscape. This would feed into two key objectives identified by the Government: making the UK ‘the best place to start and grow a digital business’ and generally to make the UK ‘the safest place online’ and emulating the Home Office’s cyber aware campaign. View the primer on the DPA website.
