Recent figures indicate that insurance claims for data breaches are being made at an increasing rate.
Lloyd’s of London’s underwriting agency, CFC Underwriting, reports that it handled over 400 claims under cyber insurance policies in 2016, an increase of some 78% on 2015.
Cyber-breach claim categories
- Privacy breach 31%
- Financial loss 22%
- Ransomware 16%
- Malware/viruses 7%
- Website attacks 5%
- Unauthorised access 5%
- Business interruptions 4%
- Other 10%
Source: CFC Underwriting
Hand-in-hand with this, CFC reports a 50% growth in UK insurance policies taken out against cyber attacks during 2016.
It seems that this uptake in insurance buying and claims is partly a reflection of the fact that one of the major exposures faced by UK businesses is privacy liability for data breaches in the event of loss of personal data or valuable confidential information of customers or other third parties. It is, therefore, critical to crisis-manage cyber incidents efficiently to prevent further damage from being caused and limit exposure.
This can be a time sensitive and complex process. Small and medium sized businesses, in particular, may not be equipped to deal with incident response or have the financial resources to absorb the related costs. The capability of insurers to assist with incident response and provide coverage against liabilities and other financial loss therefore appears to be of increasing attraction for UK businesses.
These drivers of insurance buying will, no doubt, be magnified for some businesses in view of the mandatory notification regime and increased sanctions exposure (maximum fines of up to EUR 20 million or 4% of annual worldwide turnover, whichever is the greater) under the EU General Data Protection Regulation which applies from May 2018.
The trends reported by the CFC may, therefore, represent merely the tip of the iceberg over the coming years.