How do you insure the intangible?

Cyber liability insurance is a newly-established insurance category in the UK, estimated by the industry to represent GBP3–4 million, or just 0.01 per cent of the country’s non-life gross written premiums. However, this belies the market potential, with an estimated 4.8 million private businesses registered in the UK and growing use of the internet among these firms.

Indeed, it is developments in the use of information technology for business that have highlighted the issue of liability in cyberspace. Firms collect, manage and store data electronically, social media interaction has increased and portable computing devices are growing in popularity. This technological evolution means UK firms are increasing their exposure to cyber threats such as hacking, extortion, data leaks and business downtime, all of which could result in an onerous financial burden to resolve.

A number of high-profile data leaks during 2011 and 2012 highlighted the costs involved when personal data is exposed. Beyond the obvious monetary costs of launching an investigation and settling compensation payouts comes the costs which are more difficult for underwriters and businesses to quantify: damage to reputation, business disruption and lost business all have to be taken into consideration. A joint industry and government report, the Information Security Breaches Survey for 2013, calculated that in the aftermath of its most serious data breach, the highest cost to a large firm (more than 250 employees) stemmed from damage to reputation, followed by response costs and business disruption (see chart, below). For smaller businesses the cost of business disruption is, on average, eight times higher than any other resulting cost.

Average cost of a large organisation’s worst cyber incident (GBP, 2012)

Subscribe to the Saturday Read View all newsletters

Your new guide to the best writing on ideas, politics, books and culture each weekend – from the New Statesman. Sign up here

Select and enter your email address

The Saturday Read

Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com

Morning Call

The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com

Your email address

First Name

Last Name

Sign up

Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

THANK YOU

Close

Industry surveys suggest a low awareness of cyber liability products among UK businesses. In all likelihood, managers believe these intangible risks are covered by their existing commercial liability insurance policies, yet traditional policies do not tend to address issues related to the internet or electronic data.

If the growing risk in the impalpable world of cyber data does not provide the catalyst for uptake of cyber liability insurance, regulatory changes will likely prove the strongest incentive for British businesses. The European Commission (EC) aims to harmonize laws on the protection of personal data across the EU. In the event of personal data being exposed, firms will be mandated to notify national authorities – the Information Commissioner’s Office in the UK – and will face fines for non-compliance. The new law is slated for introduction in 2014 and is expected to be the primary growth driver of cyber liability insurance over the next five years.