News from Miller

View our latest press information

Insurance market for cyber risks needs to come of age, say delegates at AIRMIC

Over 100 attendees at the AIRMIC conference gathered at a workshop hosted by Miller to debate the risks and potential solutions posed by cyber crime in today’s business environment – the record attendance reflecting the increasing concern felt by the risk management industry about this topic.

The workshop, used voting techniques seen on The Apprentice television show, asked participants their views on the whether or not the insurance market was currently responding well to cyber risk, and should coverage for it be integrated into a property & liability programme.

Greg Collins, from Miller, who was hosting the workshop said “Our audience engaged in a lively exchange of views on a topic that many find challenging. There was keen agreement that this is a subject of enormous complexity, and that there are few simple answers to be found. Nevertheless, risk managers felt that the insurance market could do even more to respond to buyers’ concerns and needs – and that they would like underwriters to pay more attention to this specialist area. Overwhelmingly, they felt that coverage should not be standalone – but be fully integrated into the programme that covers their other assets and liabilities.”

In 2010 it is estimated that hostile cyber attacks on companies accounted for nearly one third of all UK data breaches – up from around 22% the year before – and these incidents are becoming increasingly expensive. It is not simply the cost of detecting and fixing the security gaps, but also the expense incurred in informing potentially millions of customers whose data was compromised, and monitoring their credit ratings going forward. Nick Alston of Digital Barriers, a panellist at the workshop, discussed the changing face of cyber crime. No longer an activity carried out by a single person, it has been taken over by major organised crime. He went on to highlight the fact that, while businesses may be focussing more closely on their own IT security, the area that is much less well-understood is 'outsourced services’. Companies should be asking themselves how well do they know the companies they are working with and how are they protecting data?

Chris Maurice from BT plc spoke from first-hand experience about the issues a heavily data driven business can face, and how it is as important to value data as other physical assets. His view is the label “cyber” is meaningless, and that these risks should be treated like any other property risk. This places a responsibility on the risk manager understand both IT terminology and the role it plays within an organisation, so that they can take an informed view on what is critical to the business and decide what cover is required. In addition, the primary market should resist the urge to exclude these risks and allow specialist underwriters to come in to handle them, but rather deliver solutions themselves.
Graeme Newman from CFC Underwriting then went onto to outline the complexities of the problem from the perspective of the insurance industry. He explained that currently 90% of policies are purchased by US companies, where the market is more developed in terms of both the legislative environment and the buyers’ appetite. While attacks affecting millions of consumers, such as the recent Sony story, hit the headlines, there are many more smaller scale notifications for incidents such as laptops being left in the back of cabs that need to be considered. Nevertheless, he was confident that there is more than sufficient capacity at competitive rates for the demand.