Leading information security consultants say that far greater evidence about the level and scope of cyber risks is needed before insurers can write the cover

engaged investor data cabinets

Insurance companies need a lot more facts about the level and scope of cyber incidents currently affecting businesses before they can price new cyber insurance products appropriately, according to information security experts.

BAE Systems Detica told insurers at a London briefing that while there is a significant opportunity for them to develop cyber risk insurance products, pricing these policies effectively requires them to “amass far greater evidence about the level and scope of cyber incidents currently affecting UK businesses”.

Mark Fishleigh, head of insurance at BAE Systems Detica said: “We know that companies are struggling to quantify the cyber risks that they face and the insurance industry can play a key role in helping to price this risk accurately.”

“Better risk quantification will lead to more appropriate levels of cyber defences and could drive the growth of a substantial new line of business for forward-thinking insurers,” he continued.

Better risk quantification will lead to more appropriate levels of cyber defences and could drive the growth of a substantial new line of business for forward-thinking insurers

Detica

Insurers are trying to build their evidence base in order to price products effectively but this remains hampered by the number of incidents that go unreported, said Detica.

More work needs to be done to understand the overall cost to UK businesses as a result of cyber crime. Detica estimated these costs at £21bn, largely due to industrial espionage and IP theft. But some commentators have criticised this figure as “pie in the sky”.

“Information sharing is key to combating the cyber threat, and until reporting rates increase, there will be no clear picture of the threat environment to help insurers calculate risk,” added Detica.

Topics