Cyber risks pose a threat for insurers – even for those that do not offer cyber insurance
The growth of cyber insurance is widely regarded as good news for the insurance industry. However, even insurers not offering cyber cover could find themselves being impacted by cyber-related claims thanks to ambiguous policy wording.
The UK cyber insurance market is still in its infancy, particularly when compared to the more established commercial insurance products. Yet the rate of growth is substantial. Findings from GlobalData’s 2018 UK SME Insurance Survey found that 27.2% of SMEs held a standalone cyber insurance product – an increase of 14 percentage points when compared with 2017.
The considerable growth in the uptake of cyber insurance is being driven by a combination of factors. Firms’ increased awareness about their exposure to cyber risks is playing a key role. But this awareness is not restricted to cyber insurance policyholders. As the below graph highlights, the percentage of SMEs that detected cyber breaches or attacks was greater than the percentage with cyber insurance in place across 2016–18.
This situation means commercial insurance providers may be exposed to cover the cost of cyber claims on traditional policies such as business interruption.
In response, AIG plans to ensure its exposure is clearly defined by transitioning towards affirmative cyber insurance. From 2020, all of its commercial property and casualty insurance policies will affirmatively cover or exclude both physical and non-physical cyber risks.
Clearly steps such as this will benefit providers, enabling them to exert greater influence over their exposure. Yet policyholders also stand to benefit. Moves like AIG’s will help ensure policyholders have a clear understanding of which cyber perils are covered through a commercial insurance policy that is not cyber-specific. This in turn will help them more easily identify the benefits a specialist cyber insurance product could offer their business.