Brokers find it hard to understand emerging cyber risks, while US cyber experience is adding to confusion as UK market suffers different kind of claims


Brokers are reluctant to sell cyber insurance because they are worried about mis-selling it.

At a roundtable organised by StrategicRISK’s sister publication Insurance Times, cyber insurance consultant Richard Hodson said that brokers, particularly from regional firms, were finding it difficult to understand the emerging risks in cyber amid the increased use of technology.

“Brokers are not confident about selling cyber because they are either worried about mis-selling or they don’t understand the product.”

Hodson blamed the confusion on the fact that claims trends in the US cyber market were largely driving the agenda in the less mature UK cyber market.

US-UK divide

There is a difference between the types of cyber claims that are more prevalent in the US and those reported in the UK.

In the US, most reported cyber claims result from the mandatory notification of a data breach, while in the UK a significant number are related to crime, network interruption, system failure or extortion.

This has resulted in the take-up of cyber cover in the UK being low because most firms do not think the available cyber cover is relevant to them.

Managing general agency (MGA) CFC’s largest source of claims in the UK was cyber crime, broadly defined as the electronic theft of funds in various guises, chief innovation officer Graeme Newman said.

“My worry is that cyber is being misrepresented. It is largely being driven by the US agenda, which is trotted out by brokers, the underwriters, then fed out by the journalists. It is little wonder that the message it is not resonating with UK clients,” he said.

The influence of the US market also means that cyber policies in the UK may not be priced accurately, because the claims experience is different in the two countries.

Poor products

Another barrier to brokers fully getting to grips with cyber is the type of product insurers are launching into the market.

Hodson said that not all the products were fit for purpose because they excluded vital cover needed in the event of a cyber incident.

He pointed to one policy that contained a financial risk exclusion, so it excluded all crime involving financial loss for personal data breaches.

“Buyer beware is the message we also need to get to regional non-specialist brokers. Not all cyber policies are built the same.”

Other insurance products are too flexible and confusing.

To grapple with the problem the group agreed that brokers needed to have deeper conversations with clients about the type of risk they had to help find the right cover.

Rather than look for a standardised product, brokers also need to apply a more bespoke approach, such as segmenting the risk by size of business or sector.

Brokers also need to immerse themselves in trying to find out more about cyber, from underwriters or other specialist brokers, so that they can ask their clients the right questions.

Newman acknowledged that there was no silver bullet or fast-track battle plan to deal with the cyber challenge, but he added that the industry should start by trying to deal with the more generic issues that affect clients, before focusing on the more complex areas.