Last year, 40% of UK businesses suffered a cyber-attack and cyber-insurance claims went up by 5%. Despite the large number of claims, the volume of insurance pay-outs was relatively low, at under 2%. As such, the ICAEW have introduced new regulations for insurers to give businesses greater clarity over their policies. We take a look at what these changes mean for your business.
Silent cyber exposures refer to clauses in a policy that are ambiguous, so many firms are unsure on the extent of their coverage. As such, the ICAEW has introduced minimum approved wording, which took effect on 1 September 2021, to improve customer protection and clarify cyber exposures. The change aims to provide greater clarity for policyholders and effective guidance for cyber insurers in a relatively new insurance market.
This is a welcome move as the cost of a cyber-attack has risen to USD 4.24 million globally across the industry over the last few years, fuelling a greater demand for cover and driving the need for Head of Cyber Insurance roles at larger insurers. But it will take time to establish appropriate policies and associated premiums, which is currently compounded by the lack of historical data. This wording gives insurers more information to inform their premiums and the ICAEW’s requirements will improve standardisation across the sector.
Silent cyber exposures can be attributed to a significant amount of cyber-related losses for businesses. Most notably through the 2017 Petya and NotPetya attacks, which are collectively thought to have caused around £3 billion in damages. Despite this, nearly 90% of losses fell under silent cyber exposures as these attacks were classed an act of war. This brought increased awareness to silent cyber exposures and highlighted that traditional cyber policies needed further review and development.
Reflecting the rising demand for cyber insurance and the increasing cost of an attack, premiums have risen by 28% within the last year – making it more important than ever that firms fully understand their exposures. Smaller firms are potentially at greater risk as they do not have the infrastructure in place to handle a cyber-attack or the associated losses.
It's important that firms know exactly what their cyber insurance covers , and if it meets their needs – to help them understand their risk profile, set an appropriate risk appetite, and implement effective controls. This involves fully understanding emerging cyber threats and potential financial exposures in the event of a cyber-attack. As such, the ICAEW’s changes will give firms greater assurance over their financial risks and inform evaluate their risk management processes.
Firms are being given the tools to better understand the extent of their cyber coverage and make informed decisions about their risk management processes. To achieve this, it’s important to make use of what's available, including active horizon scanning for cyber risks and working closely with the brokers to find a policy that meets the unique needs of their business.
For more information on managing your risk of silent cyber exposures contact Paul Olukoya.