Government report says the UK should aim to be a global centre for cyber security insurance
British companies are putting themselves at significant risk due to a lack of proper insurance protection against the effects of cyber-attacks, a government report has found.
The report, published in conjunction with insurance brokers Marsh, found that only two percent of large British firms have protection against cyber-attacks, with almost no small businesses set up in case of emergency.
This follows findings that 81 percent of large UK businesses and 60 percent of small companies suffered a cyber-security breach in the last year, with the cost of such attacks nearly doubling between 2013-2014.
In order to combat this, the report, entitled, “UK Cyber-Security, The Role of Insurance In Managing and Mitigating the Risk” lays out a new set of joint initiatives between the government and the insurance sector aimed at helping firms get to grips with cyber risk.
“The UK’s insurance market is world-renowned and we want it to be the same in relation to cyber risks. The market has extensive knowledge and experience of more established risks to help businesses manage and mitigate relatively new cyber risks,” said Cabinet Office Minister Francis Maude.
“Insurance is not a substitute for good cyber security, but is an important addition to a company’s overall risk management.”
The report, which was based on input from 13 London insurers and a number of large companies, found that, as larger firms increasingly depend on online distribution channels, they put themselves at risk to a wider range of ever more sophisticated attacks.
This includes recommendations that both sides combine their knowledge and data in order to boost awareness, with half of the business leaders interviewed for the report admitting they didn’t even know cyber insurance existed.
“While critical infrastructure in regulated sectors, such as banks and utility firms, are used to this kind of risk, most firms are not and their risk management practices are geared around lower-level, slower-moving risks,” said Marsh UK & Ireland chief executive Mark Weil.
“Companies will need to upgrade their risk management substantially to cope with the growing threat of cyber attack, including introducing disciplines such as stress-testing, and creating a joined-up recovery plan that brings together financial, operational and reputational responses”.
Among the report’s other recommendations are the promotion of the Government’s Cyber Essential Scheme, which can offer improved risk assessment and cyber security best practices, by insurers, in order to encourage greater adoption.
Marsh is planning to support this by launching a new cyber insurances product for SMEs which will deal with the cost of obtaining Cyber Essentials certification.
What do you know about famous hackers? Take our quiz!