Uncertainty plagues cyber cover
Brokers are hiring lawyers to fend off potential mis-selling claims
The lack of understanding around cyber insurance is causing brokers to bring in lawyers to fend off any potential accusations that they may have mis-sold cyber policies, it is claimed.
At the 2016 Insurance Times Cyber Insight conference delegates heard about the actions that brokers can take to protect themselves and their customers amid the growing demand for cyber cover.
The audience also heard about what insurers can do to help broking firms.
The UK cyber market is young compared to America when it comes to the amount of historical claims data that exists.
However, the UK is seeing an uptick in the number of cyber policies that customers are buying as they begin to understand their level of exposure and the industry becomes more familiar with how to sell the products.
A big part of the conference focused on the actions that brokers should take to help their customers forestall any possible attack, and to manage an attack if and when it happens.
As the demand for cyber cover grows, brokers need to engage more with insurers and take advantage of the cyber specialists that work with their insurer partners.
A lot of mid-corporate businesses still think that cyber-attacks are all about liability, but in the UK the majority of claims are first party, involving crime or property damage.
This means that brokers should consider crime and property damage cover when buying cyber cover for a client.
In the event of an attack brokers were also advised to adopt a triage response, by making sure their client’s cover includes a wide range of support, including; public relations, forensic and legal advice.
More help needed
On the insurer side, carriers were told they need to do more to encourage brokers to understand their products and also help their own clients understand cyber insurance.
During a discussion session brokers listed their biggest challenges when it came to purchasing cyber insurance.
These included: insurers having a different take on wording, not enough policies covering criminal action and not enough insurers educating clients about cyber insurance.
HSB Engineering product development manager Paul Cullum spoke to the audience about the insurer’s transatlantic experience of cyber insurance and the lessons it has learnt that could be applied to the UK.
He said small to medium sized businesses who were the most vulnerable types of companies in the UK, needed quality cover at a realistic price and simpler language in their policies.
According to Cullum 50% of SME cyber losses come from theft or loss of hardware, 20% are inside jobs, 21% is from malware, 7% is as a result of hacking or a distributed denial of service (DDoS) attack, while 2% comes from phishing emails.
Cullum added: “A lot of cyber cover has been created using a top down approach; with many types of cover having a lot of technical language and policy documents having many pages.
“We need to create a much more SME-friendly approach to providing cyber risk, but I am not saying we should dumb down the type of cover we offer.”
Cyber experts said the average SME businesses with 50 employees could experience losses ranging from the low 1000s to the high tens of thousands of pounds,
However, this could still be higher depending on the type of SME business affected.
As a result, Richard Hodson, director of UKGlobal Broking Group cautioned brokers against recommending limits that were less than £100,000 for first party cyber cover.
Next big target
Delegates were also told the Internet of Things (IOT) would be the next big area for hackers to target. During one of the sessions ethical hacker Ken Munro showed the audience how susceptible connected gadgets are to hacking.
He illustrated his point using a smart kettle and doorbells to show how easy it was for hackers to access codes and take control of a gadget.
Munro said: “I am worried about some of the claims we are going to see in the future. I have seen cases where you can turn devices into weapons.
“The big game changer with IOT is that we are putting the technology into the hands of the hacker. We are also seeing a lot of IOT devices able to do e-commerce. This is going to be a risk in the future.”
This article was first published by Insurance Times, StrategicRISK’s sister publication